Software `/` code `/` prosody

Annotate

plugins/mod_s2s.lua @ 13684:026a75a443de 13.0

mod_admin_shell: Hide secondary role commands, focus on primary roles Secondary roles are an advanced feature without any strong use cases currently. Having multiple ways to manage roles is confusing. Now the 'user:role' command will just show the primary role if that is all there is, but will list secondary roles too if there are any (which in 99.9% of cases there won't be).

author	Matthew Wild <mwild1@gmail.com>
date	Thu, 13 Feb 2025 16:18:59 +0000
parent	13575:750ff9f579e2
child	13703:99d2100d2918

rev	line source
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 -- Prosody IM
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	2 -- Copyright (C) 2008-2010 Matthew Wild
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 -- Copyright (C) 2008-2010 Waqas Hussain
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	4 --
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 -- This project is MIT/X11 licensed. Please see the
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 -- COPYING file in the source package for more information.
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 --
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	8
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	9 module:set_global();
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	10
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	11 local prosody = prosody;
844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	12 local hosts = prosody.hosts;
5013 ab693eea0869 mod_admin_adhoc, mod_admin_telnet, mod_bosh, mod_c2s, mod_component, mod_pep, mod_presence, mod_roster, mod_s2s: Import core_post_stanza from the global prosody table. Kim Alvefur <zash@zash.se> parents: 4997 diff changeset	13 local core_process_stanza = prosody.core_process_stanza;
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	14
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	15 local tostring, type = tostring, type;
8461 0f05d6535dfa mod_s2s: Remove unused local [luacheck] Kim Alvefur <zash@zash.se> parents: 8268 diff changeset	16 local traceback = debug.traceback;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	17
12977 74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	18 local add_task = require "prosody.util.timer".add_task;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	19 local stop_timer = require "prosody.util.timer".stop;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	20 local st = require "prosody.util.stanza";
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	21 local initialize_filters = require "prosody.util.filters".initialize;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	22 local nameprep = require "prosody.util.encodings".stringprep.nameprep;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	23 local new_xmpp_stream = require "prosody.util.xmppstream".new;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	24 local s2s_new_incoming = require "prosody.core.s2smanager".new_incoming;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	25 local s2s_new_outgoing = require "prosody.core.s2smanager".new_outgoing;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	26 local s2s_destroy_session = require "prosody.core.s2smanager".destroy_session;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	27 local uuid_gen = require "prosody.util.uuid".generate;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	28 local async = require "prosody.util.async";
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	29 local runner = async.runner;
12977 74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	30 local connect = require "prosody.net.connect".connect;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	31 local service = require "prosody.net.resolvers.service";
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	32 local resolver_chain = require "prosody.net.resolvers.chain";
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	33 local errors = require "prosody.util.error";
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	34 local set = require "prosody.util.set";
13554 902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	35 local queue = require "prosody.util.queue";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	36
13209 c8d949cf6b09 plugins: Switch to :get_option_period() for time range options Kim Alvefur <zash@zash.se> parents: 13111 diff changeset	37 local connect_timeout = module:get_option_period("s2s_timeout", 90);
c8d949cf6b09 plugins: Switch to :get_option_period() for time range options Kim Alvefur <zash@zash.se> parents: 13111 diff changeset	38 local stream_close_timeout = module:get_option_period("s2s_close_timeout", 5);
5522 3912c9264ef0 mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually configurable through s2s_tcp_keepalives (thanks yeled) Matthew Wild <mwild1@gmail.com> parents: 5505 diff changeset	39 local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true));
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	40 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day...
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	41 local secure_domains, insecure_domains =
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	42 module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items;
12330 38b5b05407be various: Require encryption by default for real Kim Alvefur <zash@zash.se> parents: 12301 diff changeset	43 local require_encryption = module:get_option_boolean("s2s_require_encryption", true);
13213 50324f66ca2a plugins: Use integer config API with interval specification where sensible Kim Alvefur <zash@zash.se> parents: 13209 diff changeset	44 local stanza_size_limit = module:get_option_integer("s2s_stanza_size_limit", 1024*512, 10000);
13554 902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	45 local sendq_size = module:get_option_integer("s2s_send_queue_size", 1024*32, 1);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	46
13504 2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	47 local advertised_idle_timeout = 14*60; -- default in all net.server implementations
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	48 local network_settings = module:get_option("network_settings");
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	49 if type(network_settings) == "table" and type(network_settings.read_timeout) == "number" then
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	50 advertised_idle_timeout = network_settings.read_timeout;
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	51 end
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	52
11525 5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	53 local measure_connections_inbound = module:metric(
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	54 "gauge", "connections_inbound", "",
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	55 "Established incoming s2s connections",
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	56 {"host", "type", "ip_family"}
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	57 );
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	58 local measure_connections_outbound = module:metric(
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	59 "gauge", "connections_outbound", "",
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	60 "Established outgoing s2s connections",
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	61 {"host", "type", "ip_family"}
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	62 );
6630 6735e2d735d6 mod_c2s, mod_s2s: Collect statistics on number of connections Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	63
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	64 local m_accepted_tcp_connections = module:metric(
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	65 "counter", "accepted_tcp", "",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	66 "Accepted incoming connections on the TCP layer"
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	67 );
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	68 local m_authn_connections = module:metric(
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	69 "counter", "authenticated", "",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	70 "Authenticated incoming connections",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	71 {"host", "direction", "mechanism"}
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	72 );
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	73 local m_initiated_connections = module:metric(
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	74 "counter", "initiated", "",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	75 "Initiated outbound connections",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	76 {"host"}
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	77 );
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	78 local m_closed_connections = module:metric(
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	79 "counter", "closed", "",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	80 "Closed connections",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	81 {"host", "direction", "error"}
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	82 );
11608 b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	83 local m_tls_params = module:metric(
b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	84 "counter", "encrypted", "",
b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	85 "Encrypted connections",
b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	86 {"protocol"; "cipher"}
b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	87 );
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	88
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	89 local sessions = module:shared("sessions");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	90
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	91 local runner_callbacks = {};
13575 750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	92 local session_events = {};
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	93
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	94 local listener = {};
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	95
4752 27b724a698f8 mod_s2s: Add log() import Matthew Wild <mwild1@gmail.com> parents: 4630 diff changeset	96 local log = module._log;
27b724a698f8 mod_s2s: Add log() import Matthew Wild <mwild1@gmail.com> parents: 4630 diff changeset	97
10625 3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	98 local s2s_service_options = {
3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	99 default_port = 5269;
3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	100 use_ipv4 = module:get_option_boolean("use_ipv4", true);
3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	101 use_ipv6 = module:get_option_boolean("use_ipv6", true);
11415 a38f9e09ca31 mod_s2s: Add config setting to enable DANE Kim Alvefur <zash@zash.se> parents: 11367 diff changeset	102 use_dane = module:get_option_boolean("use_dane", false);
10625 3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	103 };
11707 61759372be26 mod_s2s: Clone 'extra' data to let resolvers add more to it Kim Alvefur <zash@zash.se> parents: 11705 diff changeset	104 local s2s_service_options_mt = { __index = s2s_service_options }
10625 3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	105
13298 b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	106 if module:get_option_boolean("use_dane", false) then
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	107 -- DANE is supported in net.connect but only for outgoing connections,
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	108 -- to authenticate incoming connections with DANE we need
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	109 module:depends("s2s_auth_dane_in");
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	110 end
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	111
7662 946871f6e3c8 mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval Kim Alvefur <zash@zash.se> parents: 7642 diff changeset	112 module:hook("stats-update", function ()
11525 5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	113 measure_connections_inbound:clear()
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	114 measure_connections_outbound:clear()
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	115 -- TODO: init all expected metrics once?
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	116 -- or maybe create/delete them in host-activate/host-deactivate? requires
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	117 -- extra API in openmetrics.lua tho
8763 67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	118 for _, session in pairs(sessions) do
11525 5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	119 local is_inbound = string.sub(session.type, 4, 5) == "in"
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	120 local metric_family = is_inbound and measure_connections_inbound or measure_connections_outbound
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	121 local host = is_inbound and session.to_host or session.from_host or ""
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	122 local type_ = session.type or "other"
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	123
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	124 -- we want to expose both v4 and v6 counters in all cases to make
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	125 -- queries smoother
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	126 local is_ipv6 = session.ip and session.ip:match(":") and 1 or 0
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	127 local is_ipv4 = 1 - is_ipv6
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	128 metric_family:with_labels(host, type_, "ipv4"):add(is_ipv4)
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	129 metric_family:with_labels(host, type_, "ipv6"):add(is_ipv6)
7466 f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	130 end
7662 946871f6e3c8 mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval Kim Alvefur <zash@zash.se> parents: 7642 diff changeset	131 end);
7466 f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	132
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	133 --- Handle stanzas to remote domains
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	134
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	135 local bouncy_stanzas = { message = true, presence = true, iq = true };
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	136 local function bounce_sendq(session, reason)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	137 local sendq = session.sendq;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	138 if not sendq then return; end
13557 63492b6e7fb6 mod_s2s: Really fix logging of outgoing stanza queue counts Kim Alvefur <zash@zash.se> parents: 13556 diff changeset	139 session.log("info", "Sending error replies for %d queued stanzas because of failed outgoing connection to %s", sendq.count(), session.to_host);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	140 local dummy = {
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	141 type = "s2sin";
8462 60d508f411a1 mod_s2s: Remove unused argument [luacheck] Kim Alvefur <zash@zash.se> parents: 8461 diff changeset	142 send = function ()
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	143 (session.log or log)("error", "Replying to to an s2s error reply, please report this! Traceback: %s", traceback());
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	144 end;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	145 dummy = true;
6626 071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	146 close = function ()
071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	147 (session.log or log)("error", "Attempting to close the dummy origin of s2s error replies, please report this! Traceback: %s", traceback());
071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	148 end;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	149 };
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	150 -- FIXME Allow for more specific error conditions
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	151 -- TODO use util.error ?
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	152 local error_type = "cancel";
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	153 local condition = "remote-server-not-found";
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	154 local reason_text;
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	155 if session.had_stream then -- set when a stream is opened by the remote
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	156 error_type, condition = "wait", "remote-server-timeout";
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	157 end
13534 d532176d4334 util.error: Use is_error() instead of is_err() everywhere Kim Alvefur <zash@zash.se> parents: 13516 diff changeset	158 if errors.is_error(reason) then
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	159 error_type, condition, reason_text = reason.type, reason.condition, reason.text;
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	160 elseif type(reason) == "string" then
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	161 reason_text = reason;
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	162 end
13554 902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	163 for stanza in sendq:consume() do
12493 e9ea5c88def0 mod_s2s: Don't bounce queued error stanzas (thanks Martin) Kim Alvefur <zash@zash.se> parents: 12480 diff changeset	164 if not stanza.attr.xmlns and bouncy_stanzas[stanza.name] and stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then
12462 11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	165 local reply = st.error_reply(
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	166 stanza,
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	167 error_type,
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	168 condition,
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	169 reason_text and ("Server-to-server connection failed: "..reason_text) or nil
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	170 );
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	171 core_process_stanza(dummy, reply);
12494 65316782862f mod_s2s: Log queued stanzas for which no error reply is produced Kim Alvefur <zash@zash.se> parents: 12493 diff changeset	172 else
65316782862f mod_s2s: Log queued stanzas for which no error reply is produced Kim Alvefur <zash@zash.se> parents: 12493 diff changeset	173 (session.log or log)("debug", "Not eligible for bouncing, discarding %s", stanza:top_tag());
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	174 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	175 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	176 session.sendq = nil;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	177 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	178
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	179 -- Handles stanzas to existing s2s sessions
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	180 function route_to_existing_session(event)
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	181 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	182 if not hosts[from_host] then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	183 log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	184 return false;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	185 end
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	186 if hosts[to_host] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	187 log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host);
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	188 return false;
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	189 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	190 local host = hosts[from_host].s2sout[to_host];
10483 c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	191 if not host then return end
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	192
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	193 -- We have a connection to this host already
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	194 if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	195 (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	196
10483 c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	197 -- Queue stanza until we are able to send it
13554 902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	198 if not host.sendq then
10483 c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	199 -- luacheck: ignore 122
13554 902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	200 host.sendq = queue.new(sendq_size);
902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	201 end
902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	202 if not host.sendq:push(st.clone(stanza)) then
902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	203 host.log("warn", "stanza [%s] not queued ", stanza.name);
902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	204 event.origin.send(st.error_reply(stanza, "wait", "resource-constraint", "Outgoing stanza queue full"));
902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	205 return true;
10483 c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	206 end
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	207 host.log("debug", "stanza [%s] queued ", stanza.name);
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	208 return true;
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	209 elseif host.type == "local" or host.type == "component" then
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	210 log("error", "Trying to send a stanza to ourselves??")
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	211 log("error", "Traceback: %s", traceback());
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	212 log("error", "Stanza: %s", stanza);
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	213 return false;
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	214 else
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	215 if host.sends2s(stanza) then
4630 9502c0224caf mod_s2s: Queuing a stanza constitutes handling it. Paul Aurich <paul@darkrain42.org> parents: 4625 diff changeset	216 return true;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	217 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	218 end
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	219 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	220
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	221 -- Create a new outgoing session for a stanza
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	222 function route_to_new_session(event)
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	223 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	224 log("debug", "opening a new outgoing connection for this stanza");
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	225 local host_session = s2s_new_outgoing(from_host, to_host);
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	226 host_session.version = 1;
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	227
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	228 -- Store in buffer
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	229 host_session.bounce_sendq = bounce_sendq;
13554 902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	230 host_session.sendq = queue.new(sendq_size);
13556 d3649ae194ab mod_s2s: Clone queued outgoing stanzas to prevent changes Kim Alvefur <zash@zash.se> parents: 13555 diff changeset	231 host_session.sendq:push(st.clone(stanza));
10111 0f335815244f plugins: Remove tostring call from logging Kim Alvefur <zash@zash.se> parents: 9854 diff changeset	232 log("debug", "stanza [%s] queued until connection complete", stanza.name);
11707 61759372be26 mod_s2s: Clone 'extra' data to let resolvers add more to it Kim Alvefur <zash@zash.se> parents: 11705 diff changeset	233 -- FIXME Cleaner solution to passing extra data from resolvers to net.server
61759372be26 mod_s2s: Clone 'extra' data to let resolvers add more to it Kim Alvefur <zash@zash.se> parents: 11705 diff changeset	234 -- This mt-clone allows resolvers to add extra data, currently used for DANE TLSA records
12207 65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	235 module:context(from_host):fire_event("s2sout-created", { session = host_session });
12206 77ac0d96ac24 mod_s2s: Enable outgoing Direct TLS connections Kim Alvefur <zash@zash.se> parents: 11867 diff changeset	236 local xmpp_extra = setmetatable({}, s2s_service_options_mt);
12207 65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	237 local resolver = service.new(to_host, "xmpp-server", "tcp", xmpp_extra);
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	238 if host_session.ssl_ctx then
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	239 local sslctx = host_session.ssl_ctx;
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	240 local xmpps_extra = setmetatable({ default_port = false; servername = to_host; sslctx = sslctx }, s2s_service_options_mt);
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	241 resolver = resolver_chain.new({
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	242 service.new(to_host, "xmpps-server", "tcp", xmpps_extra);
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	243 resolver;
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	244 });
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	245 end
13110 d5f322dd424b mod_s2s: Add event where resolver for s2sout can be tweaked Kim Alvefur <zash@zash.se> parents: 12679 diff changeset	246
d5f322dd424b mod_s2s: Add event where resolver for s2sout can be tweaked Kim Alvefur <zash@zash.se> parents: 12679 diff changeset	247 local pre_event = { session = host_session; resolver = resolver };
d5f322dd424b mod_s2s: Add event where resolver for s2sout can be tweaked Kim Alvefur <zash@zash.se> parents: 12679 diff changeset	248 module:context(from_host):fire_event("s2sout-pre-connect", pre_event);
d5f322dd424b mod_s2s: Add event where resolver for s2sout can be tweaked Kim Alvefur <zash@zash.se> parents: 12679 diff changeset	249 resolver = pre_event.resolver;
12207 65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	250 connect(resolver, listener, nil, { session = host_session });
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	251 m_initiated_connections:with_labels(from_host):add(1)
4581 d2eb5962d235 mod_s2s: return true when we sent the stanza, or initiated a new s2sout Kim Alvefur <zash@zash.se> parents: 4580 diff changeset	252 return true;
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	253 end
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	254
5669 9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	255 local function keepalive(event)
11226 b3ae48362f78 mod_s2s: Prevent whitespace keepalives the stream has been opened Kim Alvefur <zash@zash.se> parents: 11118 diff changeset	256 local session = event.session;
b3ae48362f78 mod_s2s: Prevent whitespace keepalives the stream has been opened Kim Alvefur <zash@zash.se> parents: 11118 diff changeset	257 if not session.notopen then
11237 49aeae836ad1 mod_s2s: Fix copypaste mistake in b3ae48362f78 Kim Alvefur <zash@zash.se> parents: 11226 diff changeset	258 return event.session.sends2s(' ');
11226 b3ae48362f78 mod_s2s: Prevent whitespace keepalives the stream has been opened Kim Alvefur <zash@zash.se> parents: 11118 diff changeset	259 end
5669 9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	260 end
9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	261
5713 5cf6dedf36f4 mod_s2s: Add missing global hook for read-timeout Kim Alvefur <zash@zash.se> parents: 5669 diff changeset	262 module:hook("s2s-read-timeout", keepalive, -1);
5cf6dedf36f4 mod_s2s: Add missing global hook for read-timeout Kim Alvefur <zash@zash.se> parents: 5669 diff changeset	263
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	264 function module.add_host(module)
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	265 if module:get_option_boolean("disallow_s2s", false) then
7359 a5a080c12c96 Update every link to the documentation to use HTTPS Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 7278 diff changeset	266 module:log("warn", "The 'disallow_s2s' config option is deprecated, please see https://prosody.im/doc/s2s#disabling");
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	267 return nil, "This host has disallow_s2s set";
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	268 end
5454 5f69fddf6fb9 mod_s2s: Adjust priority of route/remote hooks to negative values (like most other internal hooks) Kim Alvefur <zash@zash.se> parents: 5423 diff changeset	269 module:hook("route/remote", route_to_existing_session, -1);
5f69fddf6fb9 mod_s2s: Adjust priority of route/remote hooks to negative values (like most other internal hooks) Kim Alvefur <zash@zash.se> parents: 5423 diff changeset	270 module:hook("route/remote", route_to_new_session, -10);
12810 871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	271 module:hook("s2sout-stream-features", function (event)
13504 2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	272 if not (stanza_size_limit or advertised_idle_timeout) then return end
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	273 local limits = event.features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" })
12810 871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	274 if stanza_size_limit then
13504 2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	275 limits:text_tag("max-bytes", string.format("%d", stanza_size_limit));
12810 871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	276 end
13504 2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	277 if advertised_idle_timeout then
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	278 limits:text_tag("idle-seconds", string.format("%d", advertised_idle_timeout));
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	279 end
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	280 limits:up();
12810 871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	281 end);
12811 ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	282 module:hook_tag("urn:xmpp:bidi", "bidi", function(session, stanza)
ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	283 -- Advertising features on bidi connections where no <stream:features> is sent in the other direction
ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	284 local limits = stanza:get_child("limits", "urn:xmpp:stream-limits:0");
ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	285 if limits then
13093 93c68c454cb8 mod_c2s,mod_s2s: Fix tag name for SLA (thanks mjk) Kim Alvefur <zash@zash.se> parents: 12977 diff changeset	286 session.outgoing_stanza_size_limit = tonumber(limits:get_child_text("max-bytes"));
12811 ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	287 end
ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	288 end, 100);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	289 module:hook("s2s-authenticated", make_authenticated, -1);
5669 9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	290 module:hook("s2s-read-timeout", keepalive, -1);
13382 f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	291 module:hook("smacks-ack-delayed", function (event)
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	292 if event.origin.type == "s2sin" or event.origin.type == "s2sout" then
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	293 event.origin:close("connection-timeout");
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	294 return true;
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	295 end
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	296 end, -1);
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	297 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) -- luacheck: ignore 212/stanza
12808 12bd40b8e105 mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits Advertisement Kim Alvefur <zash@zash.se> parents: 12807 diff changeset	298 local limits = stanza:get_child("limits", "urn:xmpp:stream-limits:0");
12806 751bdd412915 mod_s2s: Record stanza size limit advertised by other servers Kim Alvefur <zash@zash.se> parents: 12805 diff changeset	299 if limits then
13093 93c68c454cb8 mod_c2s,mod_s2s: Fix tag name for SLA (thanks mjk) Kim Alvefur <zash@zash.se> parents: 12977 diff changeset	300 session.outgoing_stanza_size_limit = tonumber(limits:get_child_text("max-bytes"));
12806 751bdd412915 mod_s2s: Record stanza size limit advertised by other servers Kim Alvefur <zash@zash.se> parents: 12805 diff changeset	301 end
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	302 if session.type == "s2sout" then
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	303 -- Stream is authenticated and we are seem to be done with feature negotiation,
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	304 -- so the stream is ready for stanzas. RFC 6120 Section 4.3
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	305 mark_connected(session);
6403 166d1bd8fc38 core.stanza_router, mod_s2s: Move handling of S2S features to mod_s2s from stanza_router Kim Alvefur <zash@zash.se> parents: 6382 diff changeset	306 return true;
10457 0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	307 elseif require_encryption and not session.secure then
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	308 session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host);
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	309 session:close({
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	310 condition = "policy-violation",
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	311 text = "Encrypted server-to-server communication is required but was not offered",
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	312 }, nil, "Could not establish encrypted connection to remote server");
10459 7456eaa83b15 mod_s2s: Prevent unhandled stanza handler from complaining about stream features on aborted connections Kim Alvefur <zash@zash.se> parents: 10457 diff changeset	313 return true;
6426 e5945fb5b71f mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present Kim Alvefur <zash@zash.se> parents: 6403 diff changeset	314 elseif not session.dialback_verifying then
e5945fb5b71f mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present Kim Alvefur <zash@zash.se> parents: 6403 diff changeset	315 session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up");
10311 1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	316 session:close({
1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	317 condition = "unsupported-feature",
1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	318 text = "No viable authentication method offered",
10426 dd4eb84d92a8 mod_s2s: Add error text for error replies on some s2s failures (#770) Kim Alvefur <zash@zash.se> parents: 10425 diff changeset	319 }, nil, "No viable authentication method offered by remote server");
10459 7456eaa83b15 mod_s2s: Prevent unhandled stanza handler from complaining about stream features on aborted connections Kim Alvefur <zash@zash.se> parents: 10457 diff changeset	320 return true;
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	321 end
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	322 end, -1);
11683 41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	323
41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	324 function module.unload()
11684 8b0baf3003fb mod_s2s: Don't close connections on reload Kim Alvefur <zash@zash.se> parents: 11683 diff changeset	325 if module.reloading then return end
11683 41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	326 for _, session in pairs(sessions) do
12681 16ea01745dbe mod_s2s: Simplify conditionals since all sessions should have .host now Kim Alvefur <zash@zash.se> parents: 12680 diff changeset	327 if session.host == module.host then
11683 41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	328 session:close("host-gone");
41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	329 end
41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	330 end
41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	331 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	332 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	333
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	334 -- Stream is authorised, and ready for normal stanzas
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	335 function mark_connected(session)
8267 42fad8465537 mod_s2s: Use a separate resolver object for each outgoing session Matthew Wild <mwild1@gmail.com> parents: 8234 diff changeset	336
6683 873ad1023eb0 mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed Kim Alvefur <zash@zash.se> parents: 6600 diff changeset	337 local sendq = session.sendq;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	338
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	339 local from, to = session.from_host, session.to_host;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	340
5800 3a48acbcb7f3 mod_s2s: Captitalize log messages that begin with a stream direction Kim Alvefur <zash@zash.se> parents: 5776 diff changeset	341 session.log("info", "%s s2s connection %s->%s complete", session.direction:gsub("^.", string.upper), from, to);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	342
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	343 local event_data = { session = session };
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	344 if session.type == "s2sout" then
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	345 module:fire_event("s2sout-established", event_data);
f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	346 module:context(from):fire_event("s2sout-established", event_data);
10247 5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	347
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	348 if session.incoming then
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	349 session.send = function(stanza)
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	350 return module:context(from):fire_event("route/remote", { from_host = from, to_host = to, stanza = stanza });
10247 5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	351 end;
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	352 end
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	353
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	354 else
10248 d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	355 if session.outgoing and not hosts[to].s2sout[from] then
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	356 session.log("debug", "Setting up to handle route from %s to %s", to, from);
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	357 hosts[to].s2sout[from] = session; -- luacheck: ignore 122
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	358 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	359 local host_session = hosts[to];
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	360 session.send = function(stanza)
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	361 return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza });
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	362 end;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	363
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	364 module:fire_event("s2sin-established", event_data);
f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	365 module:context(to):fire_event("s2sin-established", event_data);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	366 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	367
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	368 if session.direction == "outgoing" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	369 if sendq then
13557 63492b6e7fb6 mod_s2s: Really fix logging of outgoing stanza queue counts Kim Alvefur <zash@zash.se> parents: 13556 diff changeset	370 session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", sendq.count(), session.to_host);
6683 873ad1023eb0 mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed Kim Alvefur <zash@zash.se> parents: 6600 diff changeset	371 local send = session.sends2s;
13554 902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	372 for stanza in sendq:consume() do
902d25cd0557 mod_s2s: Limit size of outgoing stanza queue Kim Alvefur <zash@zash.se> parents: 13534 diff changeset	373 -- TODO check send success
12462 11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	374 send(stanza);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	375 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	376 session.sendq = nil;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	377 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	378 end
11678 f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	379
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	380 if session.connect_timeout then
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	381 stop_timer(session.connect_timeout);
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	382 session.connect_timeout = nil;
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	383 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	384 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	385
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	386 function make_authenticated(event)
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	387 local session, host = event.session, event.host;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	388 if not session.secure then
5594 ad66ee47b674 mod_s2s: Fix interaction between s2s_secure_auth and s2s_require_encryption, in particular ensure that when s2s_require_encryption is NOT set, do not require encryption on s2s_insecure_domains. Matthew Wild <mwild1@gmail.com> parents: 5533 diff changeset	389 if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	390 session:close({
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	391 condition = "policy-violation",
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	392 text = "Encrypted server-to-server communication is required but was not "
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	393 ..((session.direction == "outgoing" and "offered") or "used")
10426 dd4eb84d92a8 mod_s2s: Add error text for error replies on some s2s failures (#770) Kim Alvefur <zash@zash.se> parents: 10425 diff changeset	394 }, nil, "Could not establish encrypted connection to remote server");
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	395 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	396 end
12474 8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	397
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	398 if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	399 session:close({
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	400 condition = "policy-violation";
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	401 text = "Failed to verify certificate (internal error)";
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	402 });
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	403 return;
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	404 end
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	405
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	406 if hosts[host] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	407 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	408 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	409 if session.type == "s2sout_unauthed" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	410 session.type = "s2sout";
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	411 elseif session.type == "s2sin_unauthed" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	412 session.type = "s2sin";
10246 19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	413 elseif session.type ~= "s2sin" and session.type ~= "s2sout" then
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	414 return false;
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	415 end
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	416
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	417 if session.incoming and host then
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	418 if not session.hosts[host] then session.hosts[host] = {}; end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	419 session.hosts[host].authed = true;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	420 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	421 session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host);
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	422
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	423 local local_host = session.direction == "incoming" and session.to_host or session.from_host
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	424 m_authn_connections:with_labels(local_host, session.direction, event.mechanism or "other"):add(1)
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	425
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	426 if (session.type == "s2sout" and session.external_auth ~= "succeeded") or session.type == "s2sin" then
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	427 -- Stream either used dialback for authentication or is an incoming stream.
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	428 mark_connected(session);
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	429 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	430
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	431 return true;
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	432 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	433
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	434 --- Helper to check that a session peer's certificate is valid
11558 d0e9ffccdef9 mod_dialback: Remove d-w-d feature Kim Alvefur <zash@zash.se> parents: 11540 diff changeset	435 local function check_cert_status(session)
5387 1130887e0d41 mod_s2s: session.from_host does not allways exist on incoming connections, true and nil or "our hostname" does not evaluate to what we want here Kim Alvefur <zash@zash.se> parents: 5368 diff changeset	436 local host = session.direction == "outgoing" and session.to_host or session.from_host
12480 7e9ebdc75ce4 net: isolate LuaSec-specifics Jonas Schäfer <jonas@wielicki.name> parents: 12476 diff changeset	437 local conn = session.conn
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	438 local cert
12480 7e9ebdc75ce4 net: isolate LuaSec-specifics Jonas Schäfer <jonas@wielicki.name> parents: 12476 diff changeset	439 if conn.ssl_peercertificate then
7e9ebdc75ce4 net: isolate LuaSec-specifics Jonas Schäfer <jonas@wielicki.name> parents: 12476 diff changeset	440 cert = conn:ssl_peercertificate()
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	441 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	442
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	443 return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	444 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	445
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	446 --- XMPP stream event handlers
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	447
11772 e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	448 local function session_secure(session)
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	449 session.secure = true;
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	450 session.encrypted = true;
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	451
12480 7e9ebdc75ce4 net: isolate LuaSec-specifics Jonas Schäfer <jonas@wielicki.name> parents: 12476 diff changeset	452 local info = session.conn:ssl_info();
11772 e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	453 if type(info) == "table" then
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	454 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher);
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	455 session.compressed = info.compression;
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	456 m_tls_params:with_labels(info.protocol, info.cipher):add(1)
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	457 else
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	458 (session.log or log)("info", "Stream encrypted");
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	459 end
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	460 end
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	461
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	462 local stream_callbacks = { default_ns = "jabber:server" };
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	463
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	464 function stream_callbacks.handlestanza(session, stanza)
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	465 stanza = session.filter("stanzas/in", stanza);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	466 session.thread:run(stanza);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	467 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	468
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	469 local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	470
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	471 function stream_callbacks.streamopened(session, attr)
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	472 -- run _streamopened in async context
13575 750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	473 session.thread:run({ event = "streamopened", attr = attr });
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	474 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	475
13575 750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	476 function session_events.streamopened(session, event)
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	477 local attr = event.attr;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	478 session.version = tonumber(attr.version) or 0;
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	479 session.had_stream = true; -- Had a stream opened at least once
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	480
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	481 -- TODO: Rename session.secure to session.encrypted
12602 9184fe3d489a mod_tls: Record STARTTLS state so it can be shown in Shell Kim Alvefur <zash@zash.se> parents: 12494 diff changeset	482 if session.secure == false then -- Set by mod_tls during STARTTLS handshake
9184fe3d489a mod_tls: Record STARTTLS state so it can be shown in Shell Kim Alvefur <zash@zash.se> parents: 12494 diff changeset	483 session.starttls = "completed";
11772 e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	484 session_secure(session);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	485 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	486
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	487 if session.direction == "incoming" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	488 -- Send a reply stream header
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	489
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	490 -- Validate to/from
10381 66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	491 local to, from = attr.to, attr.from;
66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	492 if to then to = nameprep(attr.to); end
66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	493 if from then from = nameprep(attr.from); end
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	494 if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts)
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	495 session:close({ condition = "improper-addressing", text = "Invalid 'to' address" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	496 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	497 end
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	498 if not from and attr.from then -- COMPAT: Some servers do not reliably set 'from' (especially on stream restarts)
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	499 session:close({ condition = "improper-addressing", text = "Invalid 'from' address" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	500 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	501 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	502
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	503 -- Set session.[from/to]_host if they have not been set already and if
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	504 -- this session isn't already authenticated
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	505 if session.type == "s2sin_unauthed" and from and not session.from_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	506 session.from_host = from;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	507 elseif from ~= session.from_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	508 session:close({ condition = "improper-addressing", text = "New stream 'from' attribute does not match original" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	509 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	510 end
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	511 if session.type == "s2sin_unauthed" and to and not session.to_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	512 session.to_host = to;
12679 7d4a95ba9b6c mod_s2s: Fix firing buffer drain events Kim Alvefur <zash@zash.se> parents: 12474 diff changeset	513 session.host = to;
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	514 elseif to ~= session.to_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	515 session:close({ condition = "improper-addressing", text = "New stream 'to' attribute does not match original" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	516 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	517 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	518
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	519 -- For convenience we'll put the sanitised values into these variables
c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	520 to, from = session.to_host, session.from_host;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	521
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	522 session.streamid = uuid_gen();
4590 883611842d3a mod_s2s: Log the entire stream header. Kim Alvefur <zash@zash.se> parents: 4587 diff changeset	523 (session.log or log)("debug", "Incoming s2s received %s", st.stanza("stream:stream", attr):top_tag());
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	524 if to then
c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	525 if not hosts[to] then
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	526 -- Attempting to connect to a host we don't serve
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	527 session:close({
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	528 condition = "host-unknown";
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	529 text = "This host does not serve "..to
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	530 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	531 return;
4834 878f75ccc4fb mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users Matthew Wild <mwild1@gmail.com> parents: 4822 diff changeset	532 elseif not hosts[to].modules.s2s then
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	533 -- Attempting to connect to a host that disallows s2s
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	534 session:close({
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	535 condition = "policy-violation";
4834 878f75ccc4fb mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users Matthew Wild <mwild1@gmail.com> parents: 4822 diff changeset	536 text = "Server-to-server communication is disabled for this host";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	537 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	538 return;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	539 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	540 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	541
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	542 if hosts[from] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	543 session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" });
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	544 return;
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	545 end
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	546
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	547 if session.secure and not session.cert_chain_status then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	548 if check_cert_status(session) == false then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	549 return;
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	550 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	551 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	552
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	553 session:open_stream(session.to_host, session.from_host)
11609 6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	554 if session.destroyed then
6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	555 -- sending the stream opening could have failed during an opportunistic write
6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	556 return
6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	557 end
6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	558
6684 53635a91c95c mod_s2s: Mark stream as opened directly after opening stream, prevents session.close opening it again Kim Alvefur <zash@zash.se> parents: 6683 diff changeset	559 session.notopen = nil;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	560 if session.version >= 1.0 then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	561 local features = st.stanza("stream:features");
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	562
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	563 if to then
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	564 module:context(to):fire_event("s2s-stream-features", { origin = session, features = features });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	565 else
5975 0d219631d47b mod_s2s: Include IP in log messages, if host is unavailable Florian Zeitz <florob@babelmonkeys.de> parents: 5769 diff changeset	566 (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host");
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	567 module:fire_event("s2s-stream-features-legacy", { origin = session, features = features });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	568 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	569
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	570 if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then
13504 2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	571 if stanza_size_limit or advertised_idle_timeout then
12805 d96e24bd54e1 mod_s2s: Advertise stanza size limit to other servers Kim Alvefur <zash@zash.se> parents: 12681 diff changeset	572 features:reset();
13504 2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	573 local limits = features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" });
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	574 if stanza_size_limit then
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	575 limits:text_tag("max-bytes", string.format("%d", stanza_size_limit));
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	576 end
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	577 if advertised_idle_timeout then
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	578 limits:text_tag("idle-seconds", string.format("%d", advertised_idle_timeout));
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	579 end
2159a206684e mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478 Kim Alvefur <zash@zash.se> parents: 13444 diff changeset	580 features:reset();
12805 d96e24bd54e1 mod_s2s: Advertise stanza size limit to other servers Kim Alvefur <zash@zash.se> parents: 12681 diff changeset	581 end
d96e24bd54e1 mod_s2s: Advertise stanza size limit to other servers Kim Alvefur <zash@zash.se> parents: 12681 diff changeset	582
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	583 log("debug", "Sending stream features: %s", features);
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	584 session.sends2s(features);
7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	585 else
7865 a8cc495a65dc mod_s2s: Clarify that it is stream features that can't be offered (here too) Kim Alvefur <zash@zash.se> parents: 7679 diff changeset	586 (session.log or log)("warn", "No stream features to offer, giving up");
a8cc495a65dc mod_s2s: Clarify that it is stream features that can't be offered (here too) Kim Alvefur <zash@zash.se> parents: 7679 diff changeset	587 session:close({ condition = "undefined-condition", text = "No stream features to offer" });
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	588 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	589 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	590 elseif session.direction == "outgoing" then
6359 c74670b3be53 mod_s2s: Mark stream as opened earlier for outgoing connections, fixes double stream headers on policy failures Kim Alvefur <zash@zash.se> parents: 5975 diff changeset	591 session.notopen = nil;
6378 3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	592 if not attr.id then
7677 8613086779fa mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered protocol issues Matthew Wild <mwild1@gmail.com> parents: 7100 diff changeset	593 log("warn", "Stream response did not give us a stream id!");
6378 3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	594 session:close({ condition = "undefined-condition", text = "Missing stream ID" });
3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	595 return;
3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	596 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	597 session.streamid = attr.id;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	598
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	599 if session.secure and not session.cert_chain_status then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	600 if check_cert_status(session) == false then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	601 return;
12474 8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	602 else
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	603 session.authenticated_remote = true;
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	604 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	605 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	606
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	607 -- If server is pre-1.0, don't wait for features, just do dialback
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	608 if session.version < 1.0 then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	609 if not session.dialback_verifying then
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	610 module:context(session.from_host):fire_event("s2sout-authenticate-legacy", { origin = session });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	611 else
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	612 mark_connected(session);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	613 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	614 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	615 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	616 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	617
13575 750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	618 function session_events.streamclosed(session)
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	619 (session.log or log)("debug", "Received </stream:stream>");
4988 29bdf68ad142 mod_s2s: Adjust session:close() in line with mod_c2s's - fixes waiting for </stream:stream> if it has already been sent by the peer Matthew Wild <mwild1@gmail.com> parents: 4969 diff changeset	620 session:close(false);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	621 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	622
13575 750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	623 function session_events.callback(session, event)
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	624 session.log("debug", "Running session callback %s", event.name);
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	625 event.callback(session, event);
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	626 end
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	627
10810 8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	628 function stream_callbacks.streamclosed(session, attr)
8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	629 -- run _streamclosed in async context
13575 750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	630 session.thread:run({ event = "streamclosed", attr = attr });
10810 8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	631 end
8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	632
11682 7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	633 -- Some stream conditions indicate a problem on our end, e.g. that we sent
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	634 -- something invalid. Those should be investigated. Others are problems or
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	635 -- events in the remote host that don't affect us, or simply that the
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	636 -- connection was closed for being idle.
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	637 local stream_condition_severity = {
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	638 ["bad-format"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	639 ["bad-namespace-prefix"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	640 ["conflict"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	641 ["connection-timeout"] = "debug";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	642 ["host-gone"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	643 ["host-unknown"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	644 ["improper-addressing"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	645 ["internal-server-error"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	646 ["invalid-from"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	647 ["invalid-namespace"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	648 ["invalid-xml"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	649 ["not-authorized"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	650 ["not-well-formed"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	651 ["policy-violation"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	652 ["remote-connection-failed"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	653 ["reset"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	654 ["resource-constraint"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	655 ["restricted-xml"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	656 ["see-other-host"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	657 ["system-shutdown"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	658 ["undefined-condition"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	659 ["unsupported-encoding"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	660 ["unsupported-feature"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	661 ["unsupported-stanza-type"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	662 ["unsupported-version"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	663 }
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	664
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	665 function stream_callbacks.error(session, error, data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	666 if error == "no-stream" then
6364 4e93e8768c36 mod_c2s, mod_s2s: Log received invalid stream headers Matthew Wild <mwild1@gmail.com> parents: 6362 diff changeset	667 session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}")));
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	668 session:close("invalid-namespace");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	669 elseif error == "parse-error" then
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	670 session.log("debug", "Server-to-server XML parse error: %s", error);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	671 session:close("not-well-formed");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	672 elseif error == "stream-error" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	673 local condition, text = "undefined-condition";
8233 4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	674 for child in data:childtags(nil, xmlns_xmpp_streams) do
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	675 if child.name ~= "text" then
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	676 condition = child.name;
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	677 else
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	678 text = child:get_text();
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	679 end
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	680 if condition ~= "undefined-condition" and text then
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	681 break;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	682 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	683 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	684 text = condition .. (text and (" ("..text..")") or "");
11682 7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	685 session.log(stream_condition_severity[condition] or "info", "Session closed by remote with error: %s", text);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	686 session:close(nil, text);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	687 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	688 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	689
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	690 --- Session methods
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	691 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
10632 c9de8275aaf2 mod_s2s: Comment on the various 'reason' arguments passed to :close Kim Alvefur <zash@zash.se> parents: 10625 diff changeset	692 -- reason: stream error to send to the remote server
c9de8275aaf2 mod_s2s: Comment on the various 'reason' arguments passed to :close Kim Alvefur <zash@zash.se> parents: 10625 diff changeset	693 -- remote_reason: stream error received from the remote server
10648 2bd17e043275 mod_s2s: Fix typo in comment [codespell] Kim Alvefur <zash@zash.se> parents: 10632 diff changeset	694 -- bounce_reason: stanza error to pass to bounce_sendq because stream- and stanza errors are different
10425 42cf93ff4618 s2s: Allow passing a custom error for bouncing queued stanzas (#770) Kim Alvefur <zash@zash.se> parents: 10421 diff changeset	695 local function session_close(session, reason, remote_reason, bounce_reason)
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	696 local log = session.log or log;
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	697 if not session.conn then
11670 7f6c816a2c09 mod_s2s: Log debug message on attempted close of an connectionless session Kim Alvefur <zash@zash.se> parents: 11669 diff changeset	698 log("debug", "Attempt to close without associated connection with reason %q", reason);
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	699 return
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	700 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	701
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	702 local conn = session.conn;
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	703 conn:pause_writes(); -- until :close
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	704 if session.notopen then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	705 if session.direction == "incoming" then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	706 session:open_stream(session.to_host, session.from_host);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	707 else
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	708 session:open_stream(session.from_host, session.to_host);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	709 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	710 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	711
11704 0a8671f32424 mod_s2s: Guard against missing 'to' on incoming stream Kim Alvefur <zash@zash.se> parents: 11684 diff changeset	712 local this_host = session.direction == "outgoing" and session.from_host or session.to_host
11859 14cf34d35c30 mod_s2s: Don't pass unknown hostnames as stats label Kim Alvefur <zash@zash.se> parents: 11775 diff changeset	713 if not hosts[this_host] then this_host = ":unknown"; end
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	714
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	715 if reason then -- nil == no err, initiated by us, false == initiated by remote
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	716 local stream_error;
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	717 local condition, text, extra
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	718 if type(reason) == "string" then -- assume stream error
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	719 condition = reason
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	720 elseif type(reason) == "table" and not st.is_stanza(reason) then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	721 condition = reason.condition or "undefined-condition"
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	722 text = reason.text
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	723 extra = reason.extra
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	724 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	725 if condition then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	726 stream_error = st.stanza("stream:error"):tag(condition, stream_xmlns_attr):up();
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	727 if text then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	728 stream_error:tag("text", stream_xmlns_attr):text(text):up();
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	729 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	730 if extra then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	731 stream_error:add_child(extra);
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	732 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	733 end
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	734 if this_host and condition then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	735 m_closed_connections:with_labels(this_host, session.direction, condition):add(1)
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	736 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	737 if st.is_stanza(stream_error) then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	738 -- to and from are never unknown on outgoing connections
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	739 log("debug", "Disconnecting %s->%s[%s], <stream:error> is: %s",
11867 bb20cfd4884f mod_s2s: Fix logging of <stream:error> consistency with other mods Kim Alvefur <zash@zash.se> parents: 11859 diff changeset	740 session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, stream_error);
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	741 session.sends2s(stream_error);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	742 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	743 else
11705 7132acfd287e mod_s2s: Handle measurement where the local host is unknown Kim Alvefur <zash@zash.se> parents: 11704 diff changeset	744 m_closed_connections:with_labels(this_host or ":unknown", session.direction, reason == false and ":remote-choice" or ":local-choice"):add(1)
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	745 end
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	746
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	747 session.sends2s("</stream:stream>");
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	748 function session.sends2s() return false; end
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	749
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	750 -- luacheck: ignore 422/reason 412/reason
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	751 -- FIXME reason should be managed in a place common to c2s, s2s, bosh, component etc
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	752 local reason = remote_reason or (reason and (reason.text or reason.condition)) or reason;
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	753 session.log("info", "%s s2s stream %s->%s closed: %s", session.direction:gsub("^.", string.upper),
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	754 session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed");
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	755
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	756 conn:resume_writes();
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	757
11678 f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	758 if session.connect_timeout then
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	759 stop_timer(session.connect_timeout);
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	760 session.connect_timeout = nil;
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	761 end
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	762
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	763 -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	764 if reason == nil and not session.notopen and session.direction == "incoming" then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	765 add_task(stream_close_timeout, function ()
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	766 if not session.destroyed then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	767 session.log("warn", "Failed to receive a stream close response, closing connection anyway...");
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	768 s2s_destroy_session(session, reason, bounce_reason);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	769 conn:close();
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	770 end
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	771 end);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	772 else
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	773 s2s_destroy_session(session, reason, bounce_reason);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	774 conn:close(); -- Close immediately, as this is an outgoing connection or is not authed
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	775 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	776 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	777
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	778 function session_stream_attrs(session, from, to, attr) -- luacheck: ignore 212/session
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	779 if not from or (hosts[from] and hosts[from].modules.dialback) then
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	780 attr["xmlns:db"] = 'jabber:server:dialback';
901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	781 end
6602 61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	782 if not from then
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	783 attr.from = '';
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	784 end
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	785 if not to then
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	786 attr.to = '';
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	787 end
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	788 end
901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	789
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	790 -- Session initialization logic shared by incoming and outgoing
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	791 local function initialize_session(session)
10850 bd2814f900dd mod_c2s,mod_s2s: Make stanza size limits configurable Kim Alvefur <zash@zash.se> parents: 10849 diff changeset	792 local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit);
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	793
13575 750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	794 session.thread = runner(function (item)
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	795 if st.is_stanza(item) then
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	796 core_process_stanza(session, item);
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	797 else
750ff9f579e2 mod_c2s, mod_s2s: Support for queuing callbacks to run in session thread Matthew Wild <mwild1@gmail.com> parents: 13557 diff changeset	798 session_events[item.event](session, item);
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	799 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	800 end, runner_callbacks, session);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	801
6255 6167f8bc5a6b mod_s2s: Decide on log function once Kim Alvefur <zash@zash.se> parents: 6146 diff changeset	802 local log = session.log or log;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	803 session.stream = stream;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	804
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	805 session.notopen = true;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	806
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	807 function session.reset_stream()
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	808 session.notopen = true;
6362 f5f44504e18b mod_s2s: Reset stream ID when resetting stream [compliance] Kim Alvefur <zash@zash.se> parents: 6359 diff changeset	809 session.streamid = nil;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	810 session.stream:reset();
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	811 end
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	812
6085 2f911644f527 mod_s2s: Replace open_stream() with function that only adds s2s/dialback attributes to stream header Kim Alvefur <zash@zash.se> parents: 6069 diff changeset	813 session.stream_attrs = session_stream_attrs;
6069 446148cad35e mod_s2s: Revert e626ee2fe106 change, it broke Dialback Kim Alvefur <zash@zash.se> parents: 6063 diff changeset	814
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	815 local filter = initialize_filters(session);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	816 local conn = session.conn;
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	817 local w = conn.write;
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	818
11773 c5f2b63cf6ff mod_s2s: Handle connections having TLS from the start Kim Alvefur <zash@zash.se> parents: 11772 diff changeset	819 if conn:ssl() then
12602 9184fe3d489a mod_tls: Record STARTTLS state so it can be shown in Shell Kim Alvefur <zash@zash.se> parents: 12494 diff changeset	820 -- Direct TLS was used
11773 c5f2b63cf6ff mod_s2s: Handle connections having TLS from the start Kim Alvefur <zash@zash.se> parents: 11772 diff changeset	821 session_secure(session);
c5f2b63cf6ff mod_s2s: Handle connections having TLS from the start Kim Alvefur <zash@zash.se> parents: 11772 diff changeset	822 end
c5f2b63cf6ff mod_s2s: Handle connections having TLS from the start Kim Alvefur <zash@zash.se> parents: 11772 diff changeset	823
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	824 function session.sends2s(t)
9069 22e5f11c778a sessionmanager, mod_s2s: Bring debug line for outgoing stanzas in line with that for incoming Kim Alvefur <zash@zash.se> parents: 9068 diff changeset	825 log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?"));
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	826 if t.name then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	827 t = filter("stanzas/out", t);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	828 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	829 if t then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	830 t = filter("bytes/out", tostring(t));
12807 f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	831 if session.outgoing_stanza_size_limit and #t > session.outgoing_stanza_size_limit then
f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	832 log("warn", "Attempt to send a stanza exceeding session limit of %dB (%dB)!", session.outgoing_stanza_size_limit, #t);
f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	833 -- TODO Pass identifiable error condition back to allow appropriate handling
f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	834 return false
f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	835 end
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	836 if t then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	837 return w(conn, t);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	838 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	839 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	840 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	841
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	842 function session.data(data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	843 data = filter("bytes/in", data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	844 if data then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	845 local ok, err = stream:feed(data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	846 if ok then return; end
10111 0f335815244f plugins: Remove tostring call from logging Kim Alvefur <zash@zash.se> parents: 9854 diff changeset	847 log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
10849 19e7092e062c mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Kim Alvefur <zash@zash.se> parents: 10810 diff changeset	848 if err == "stanza-too-large" then
11770 d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	849 session:close({
d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	850 condition = "policy-violation",
d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	851 text = "XML stanza is too big",
d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	852 extra = st.stanza("stanza-too-big", { xmlns = 'urn:xmpp:errors' }),
d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	853 }, nil, "Received invalid XML from remote server");
10849 19e7092e062c mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Kim Alvefur <zash@zash.se> parents: 10810 diff changeset	854 else
19e7092e062c mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Kim Alvefur <zash@zash.se> parents: 10810 diff changeset	855 session:close("not-well-formed", nil, "Received invalid XML from remote server");
19e7092e062c mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Kim Alvefur <zash@zash.se> parents: 10810 diff changeset	856 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	857 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	858 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	859
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	860 session.close = session_close;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	861
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	862 local handlestanza = stream_callbacks.handlestanza;
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	863 function session.dispatch_stanza(session, stanza) -- luacheck: ignore 432/session
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	864 return handlestanza(session, stanza);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	865 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	866
6259 36f611624987 mod_s2s: Fire a 's2s-created' event when new s2s connections are initialized Kim Alvefur <zash@zash.se> parents: 6257 diff changeset	867 module:fire_event("s2s-created", { session = session });
36f611624987 mod_s2s: Fire a 's2s-created' event when new s2s connections are initialized Kim Alvefur <zash@zash.se> parents: 6257 diff changeset	868
11678 f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	869 session.connect_timeout = add_task(connect_timeout, function ()
4960 8950510ddb2e mod_s2s: Make unauthed session timeout a little more aggressive... otherwise it's possible for sessions to slip under the net and never get killed off Matthew Wild <mwild1@gmail.com> parents: 4906 diff changeset	870 if session.type == "s2sin" or session.type == "s2sout" then
8950510ddb2e mod_s2s: Make unauthed session timeout a little more aggressive... otherwise it's possible for sessions to slip under the net and never get killed off Matthew Wild <mwild1@gmail.com> parents: 4906 diff changeset	871 return; -- Ok, we're connected
5307 d80e56d8805c mod_s2s: Don't try to close sessions that were destroyed before timeout Kim Alvefur <zash@zash.se> parents: 5281 diff changeset	872 elseif session.type == "s2s_destroyed" then
d80e56d8805c mod_s2s: Don't try to close sessions that were destroyed before timeout Kim Alvefur <zash@zash.se> parents: 5281 diff changeset	873 return; -- Session already destroyed
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	874 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	875 -- Not connected, need to close session and clean up
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	876 (session.log or log)("debug", "Destroying incomplete session %s->%s due to inactivity",
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	877 session.from_host or "(unknown)", session.to_host or "(unknown)");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	878 session:close("connection-timeout");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	879 end);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	880 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	881
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	882 function runner_callbacks:ready()
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	883 self.data.log("debug", "Runner %s ready (%s)", self.thread, coroutine.status(self.thread));
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	884 self.data.conn:resume();
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	885 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	886
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	887 function runner_callbacks:waiting()
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	888 self.data.log("debug", "Runner %s waiting (%s)", self.thread, coroutine.status(self.thread));
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	889 self.data.conn:pause();
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	890 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	891
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	892 function runner_callbacks:error(err)
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	893 (self.data.log or log)("error", "Traceback[s2s]: %s", err);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	894 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	895
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	896 function listener.onconnect(conn)
5522 3912c9264ef0 mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually configurable through s2s_tcp_keepalives (thanks yeled) Matthew Wild <mwild1@gmail.com> parents: 5505 diff changeset	897 conn:setoption("keepalive", opt_keepalives);
4906 89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	898 local session = sessions[conn];
89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	899 if not session then -- New incoming connection
89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	900 session = s2s_new_incoming(conn);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	901 sessions[conn] = session;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	902 session.log("debug", "Incoming s2s connection");
12280 74f8739b967a mod_s2s: Add new early s2s-connected events Kim Alvefur <zash@zash.se> parents: 12207 diff changeset	903 module:fire_event("s2sin-connected", { session = session })
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	904 initialize_session(session);
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	905 m_accepted_tcp_connections:with_labels():add(1)
4906 89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	906 else -- Outgoing session connected
12280 74f8739b967a mod_s2s: Add new early s2s-connected events Kim Alvefur <zash@zash.se> parents: 12207 diff changeset	907 module:fire_event("s2sout-connected", { session = session })
4906 89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	908 session:open_stream(session.from_host, session.to_host);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	909 end
12280 74f8739b967a mod_s2s: Add new early s2s-connected events Kim Alvefur <zash@zash.se> parents: 12207 diff changeset	910 module:fire_event("s2s-connected", { session = session })
5661 f226a0d23e85 mod_s2s: Set s2s_session.ip Kim Alvefur <zash@zash.se> parents: 5638 diff changeset	911 session.ip = conn:ip();
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	912 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	913
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	914 function listener.onincoming(conn, data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	915 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	916 if session then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	917 session.data(data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	918 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	919 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	920
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	921 function listener.onstatus(conn, status)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	922 if status == "ssl-handshake-complete" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	923 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	924 if session and session.direction == "outgoing" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	925 session.log("debug", "Sending stream header...");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	926 session:open_stream(session.from_host, session.to_host);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	927 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	928 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	929 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	930
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	931 function listener.ondisconnect(conn, err)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	932 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	933 if session then
5274 0d08c0965824 mod_s2s: Remove connection from sessions table as soon as we learn it is disconnected. Fixes a connection/session leak. Matthew Wild <mwild1@gmail.com> parents: 5173 diff changeset	934 sessions[conn] = nil;
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	935 (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed");
10473 b2dd1219a321 mod_s2s: Improve TLS handshake error messages Kim Alvefur <zash@zash.se> parents: 10472 diff changeset	936 if session.secure == false and err then
b2dd1219a321 mod_s2s: Improve TLS handshake error messages Kim Alvefur <zash@zash.se> parents: 10472 diff changeset	937 -- TODO util.error-ify this
b2dd1219a321 mod_s2s: Improve TLS handshake error messages Kim Alvefur <zash@zash.se> parents: 10472 diff changeset	938 err = "Error during negotiation of encrypted connection: "..err;
b2dd1219a321 mod_s2s: Improve TLS handshake error messages Kim Alvefur <zash@zash.se> parents: 10472 diff changeset	939 end
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	940 s2s_destroy_session(session, err);
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	941 end
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	942 module:fire_event("s2s-closed", { session = session; conn = conn });
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	943 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	944
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	945 function listener.onfail(data, err)
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	946 local session = data and data.session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	947 if session then
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	948 if err and session.direction == "outgoing" and session.notopen then
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	949 (session.log or log)("debug", "s2s connection attempt failed: %s", err);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	950 end
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	951 (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed");
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	952 s2s_destroy_session(session, err);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	953 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	954 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	955
5638 c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	956 function listener.onreadtimeout(conn)
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	957 local session = sessions[conn];
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	958 if session then
12679 7d4a95ba9b6c mod_s2s: Fix firing buffer drain events Kim Alvefur <zash@zash.se> parents: 12474 diff changeset	959 return (hosts[session.host] or prosody).events.fire_event("s2s-read-timeout", { session = session });
5638 c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	960 end
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	961 end
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	962
11740 b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	963 function listener.ondrain(conn)
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	964 local session = sessions[conn];
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	965 if session then
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	966 return (hosts[session.host] or prosody).events.fire_event("s2s-ondrain", { session = session });
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	967 end
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	968 end
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	969
11742 9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	970 function listener.onpredrain(conn)
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	971 local session = sessions[conn];
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	972 if session then
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	973 return (hosts[session.host] or prosody).events.fire_event("s2s-pre-ondrain", { session = session });
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	974 end
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	975 end
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	976
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	977 function listener.register_outgoing(conn, session)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	978 sessions[conn] = session;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	979 initialize_session(session);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	980 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	981
6380 4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	982 function listener.ondetach(conn)
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	983 sessions[conn] = nil;
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	984 end
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	985
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	986 function listener.onattach(conn, data)
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	987 local session = data and data.session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	988 if session then
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	989 session.conn = conn;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	990 sessions[conn] = session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	991 initialize_session(session);
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	992 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	993 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	994
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	995 -- Complete the sentence "Your certificate " with what's wrong
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	996 local function friendly_cert_error(session) --> string
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	997 if session.cert_chain_status == "invalid" then
13516 078780f262d5 mod_s2s: Fix traceback due to type confusion (Thanks Menel) Kim Alvefur <zash@zash.se> parents: 13504 diff changeset	998 if type(session.cert_chain_errors) == "table" then
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	999 local cert_errors = set.new(session.cert_chain_errors[1]);
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1000 if cert_errors:contains("certificate has expired") then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1001 return "has expired";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1002 elseif cert_errors:contains("self signed certificate") then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1003 return "is self-signed";
13253 68d540df46b8 mod_s2s: Fix reporting of DANE mismatch Kim Alvefur <zash@zash.se> parents: 13213 diff changeset	1004 elseif cert_errors:contains("no matching DANE TLSA records") then
68d540df46b8 mod_s2s: Fix reporting of DANE mismatch Kim Alvefur <zash@zash.se> parents: 13213 diff changeset	1005 return "does not match any DANE TLSA records";
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1006 end
12472 48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	1007
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	1008 local chain_errors = set.new(session.cert_chain_errors[2]);
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	1009 for i, e in pairs(session.cert_chain_errors) do
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	1010 if i > 2 then chain_errors:add_list(e); end
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	1011 end
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	1012 if chain_errors:contains("certificate has expired") then
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	1013 return "has an expired certificate chain";
13253 68d540df46b8 mod_s2s: Fix reporting of DANE mismatch Kim Alvefur <zash@zash.se> parents: 13213 diff changeset	1014 elseif chain_errors:contains("no matching DANE TLSA records") then
12473 bb85be686a01 mod_s2s: Distinguish DANE TLSA errors from generic cert chain errors Kim Alvefur <zash@zash.se> parents: 12472 diff changeset	1015 return "does not match any DANE TLSA records";
12472 48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	1016 end
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1017 end
13516 078780f262d5 mod_s2s: Fix traceback due to type confusion (Thanks Menel) Kim Alvefur <zash@zash.se> parents: 13504 diff changeset	1018 -- TODO cert_chain_errors can be a string, handle that
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1019 return "is not trusted"; -- for some other reason
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1020 elseif session.cert_identity_status == "invalid" then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1021 return "is not valid for this name";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1022 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1023 -- this should normally be unreachable except if no s2s auth module was loaded
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1024 return "could not be validated";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1025 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1026
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1027 function check_auth_policy(event)
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1028 local host, session = event.host, event.session;
5368 ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1029 local must_secure = secure_auth;
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1030
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1031 if not must_secure and secure_domains[host] then
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1032 must_secure = true;
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1033 elseif must_secure and insecure_domains[host] then
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1034 must_secure = false;
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1035 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	1036
5767 3a30ad76a86a mod_s2s: Improve policy check Kim Alvefur <zash@zash.se> parents: 5766 diff changeset	1037 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1038 local reason = friendly_cert_error(session);
10472 676e6a1b23d4 mod_s2s: Log from session logger Kim Alvefur <zash@zash.se> parents: 10471 diff changeset	1039 session.log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason);
10456 2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1040 -- XEP-0178 recommends closing outgoing connections without warning
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1041 -- but does not give a rationale for this.
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1042 -- In practice most cases are configuration mistakes or forgotten
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1043 -- certificate renewals. We think it's better to let the other party
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1044 -- know about the problem so that they can fix it.
13444 783706350faa mod_s2s: Comment on why we avoid hostnames in stanza bounce messages Kim Alvefur <zash@zash.se> parents: 13382 diff changeset	1045 --
783706350faa mod_s2s: Comment on why we avoid hostnames in stanza bounce messages Kim Alvefur <zash@zash.se> parents: 13382 diff changeset	1046 -- Note: Bounce message must not include name of server, as it may leak half your JID in semi-anon MUCs.
10456 2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1047 session:close({ condition = "not-authorized", text = "Your server's certificate "..reason },
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1048 nil, "Remote server's certificate "..reason);
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1049 return false;
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1050 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1051 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1052
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1053 module:hook("s2s-check-certificate", check_auth_policy, -1);
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1054
5281 815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1055 module:hook("server-stopping", function(event)
12298 cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1056 -- Close ports
12977 74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	1057 local pm = require "prosody.core.portmanager";
12298 cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1058 for _, netservice in pairs(module.items["net-provider"]) do
cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1059 pm.unregister_service(netservice.name, netservice);
cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1060 end
cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1061
12299 ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1062 -- Stop opening new connections
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1063 for host in pairs(prosody.hosts) do
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1064 if prosody.hosts[host].modules.s2s then
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1065 module:context(host):unhook("route/remote", route_to_new_session);
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1066 end
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1067 end
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1068
12311 bc30e1b9ad89 mod_c2s,mod_s2s: Fix error on shutdown (Thanks Martin) Kim Alvefur <zash@zash.se> parents: 12309 diff changeset	1069 local wait, done = async.waiter(1, true);
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1070 module:hook("s2s-closed", function ()
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1071 if next(sessions) == nil then done(); end
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1072 end, 1)
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1073
12298 cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1074 -- Close sessions
5281 815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1075 local reason = event.reason;
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1076 for _, session in pairs(sessions) do
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1077 session:close{ condition = "system-shutdown", text = reason };
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1078 end
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1079
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1080 -- Wait for them to close properly if they haven't already
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1081 if next(sessions) ~= nil then
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1082 module:log("info", "Waiting for sessions to close");
12309 926a6c5d13e7 mod_c2s,mod_s2s: Wrap callback to improve tracebacks Kim Alvefur <zash@zash.se> parents: 12301 diff changeset	1083 add_task(stream_close_timeout + 1, function () done() end);
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1084 wait();
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1085 end
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1086
7100 301d58705667 mod_c2s, mod_s2s: Lower priority of session shutdown to negative, so that plugins hooking at the default priority run first (fixes #601) Kim Alvefur <zash@zash.se> parents: 6684 diff changeset	1087 end, -200);
5281 815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1088
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1089
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1090
5120 bcabea740c00 mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item(). Waqas Hussain <waqas20@gmail.com> parents: 5013 diff changeset	1091 module:provides("net", {
4610 171051f9dd00 mod_c2s: Use module:add_item() to add the net-provider for portmanager Matthew Wild <mwild1@gmail.com> parents: 4601 diff changeset	1092 name = "s2s";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1093 listener = listener;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1094 default_port = 5269;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1095 encryption = "starttls";
11367 9525c4b4e5de mod_s2s: Clarify comment about unused TLS settings Kim Alvefur <zash@zash.se> parents: 11238 diff changeset	1096 ssl_config = {
9525c4b4e5de mod_s2s: Clarify comment about unused TLS settings Kim Alvefur <zash@zash.se> parents: 11238 diff changeset	1097 -- FIXME This only applies to Direct TLS, which we don't use yet.
9525c4b4e5de mod_s2s: Clarify comment about unused TLS settings Kim Alvefur <zash@zash.se> parents: 11238 diff changeset	1098 -- This gets applied for real in mod_tls
9852 6ea3cafb6ac3 core.certmanager: Do not ask for client certificates by default Kim Alvefur <zash@zash.se> parents: 9784 diff changeset	1099 verify = { "peer", "client_once", };
6ea3cafb6ac3 core.certmanager: Do not ask for client certificates by default Kim Alvefur <zash@zash.se> parents: 9784 diff changeset	1100 };
4620 e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	1101 multiplex = {
10465 09697a673015 mod_net_multiplex: Add support for using ALPN Kim Alvefur <zash@zash.se> parents: 10459 diff changeset	1102 protocol = "xmpp-server";
4620 e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	1103 pattern = "^<.:stream.%sxmlns%s=%s(['\"])jabber:server%1.*>";
e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	1104 };
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1105 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1106
11774 4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1107
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1108 module:provides("net", {
11775 af9c7f3f4735 mod_s2s: Rename Direct TLS listener 's2s_direct_tls' Kim Alvefur <zash@zash.se> parents: 11774 diff changeset	1109 name = "s2s_direct_tls";
11774 4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1110 listener = listener;
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1111 encryption = "ssl";
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1112 ssl_config = {
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1113 verify = { "peer", "client_once", };
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1114 };
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1115 multiplex = {
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1116 protocol = "xmpp-server";
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1117 pattern = "^<.:stream.%sxmlns%s=%s(['\"])jabber:server%1.*>";
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1118 };
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1119 });
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1120

prosody

026a75a443de

plugins/mod_s2s.lua

Software / code / prosody

Annotate

plugins/mod_s2s.lua @ 13684:026a75a443de 13.0

Software `/` code `/` prosody