Software `/` code `/` prosody

Annotate

plugins/mod_s2s/mod_s2s.lua @ 10457:0c44090cb168

mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied This ensures the closure reason is accurate and not reported as an authentication or other problem

author	Kim Alvefur <zash@zash.se>
date	Thu, 28 Nov 2019 18:30:30 +0100
parent	10456:2ab1cbb1c6b0
child	10459:7456eaa83b15

rev	line source
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 -- Prosody IM
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	2 -- Copyright (C) 2008-2010 Matthew Wild
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 -- Copyright (C) 2008-2010 Waqas Hussain
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	4 --
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 -- This project is MIT/X11 licensed. Please see the
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 -- COPYING file in the source package for more information.
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 --
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	8
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	9 module:set_global();
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	10
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	11 local prosody = prosody;
844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	12 local hosts = prosody.hosts;
5013 ab693eea0869 mod_admin_adhoc, mod_admin_telnet, mod_bosh, mod_c2s, mod_component, mod_pep, mod_presence, mod_roster, mod_s2s: Import core_post_stanza from the global prosody table. Kim Alvefur <zash@zash.se> parents: 4997 diff changeset	13 local core_process_stanza = prosody.core_process_stanza;
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	14
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	15 local tostring, type = tostring, type;
4578 da0528c59c52 mod_s2s: Add missing local table.insert Kim Alvefur <zash@zash.se> parents: 4576 diff changeset	16 local t_insert = table.insert;
8461 0f05d6535dfa mod_s2s: Remove unused local [luacheck] Kim Alvefur <zash@zash.se> parents: 8268 diff changeset	17 local traceback = debug.traceback;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	18
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 local add_task = require "util.timer".add_task;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	20 local st = require "util.stanza";
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 local initialize_filters = require "util.filters".initialize;
4568 aae7a62671de mod_s2s: port functionality once in s2smanager. Florian Zeitz <florob@babelmonkeys.de> parents: 4555 diff changeset	22 local nameprep = require "util.encodings".stringprep.nameprep;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	23 local new_xmpp_stream = require "util.xmppstream".new;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	24 local s2s_new_incoming = require "core.s2smanager".new_incoming;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	25 local s2s_new_outgoing = require "core.s2smanager".new_outgoing;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	26 local s2s_destroy_session = require "core.s2smanager".destroy_session;
4568 aae7a62671de mod_s2s: port functionality once in s2smanager. Florian Zeitz <florob@babelmonkeys.de> parents: 4555 diff changeset	27 local uuid_gen = require "util.uuid".generate;
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	28 local fire_global_event = prosody.events.fire_event;
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	29 local runner = require "util.async".runner;
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	30 local connect = require "net.connect".connect;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	31 local service = require "net.resolvers.service";
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	32 local errors = require "util.error";
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	33 local set = require "util.set";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	34
4997 61083e2b1392 mod_s2s: Bump s2s_timeout to 90, to allow for the TCP timeout (in most cases) - this allows us to continue to try other targets Matthew Wild <mwild1@gmail.com> parents: 4996 diff changeset	35 local connect_timeout = module:get_option_number("s2s_timeout", 90);
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	36 local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5);
5522 3912c9264ef0 mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually configurable through s2s_tcp_keepalives (thanks yeled) Matthew Wild <mwild1@gmail.com> parents: 5505 diff changeset	37 local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true));
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	38 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day...
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	39 local secure_domains, insecure_domains =
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	40 module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items;
5594 ad66ee47b674 mod_s2s: Fix interaction between s2s_secure_auth and s2s_require_encryption, in particular ensure that when s2s_require_encryption is NOT set, do not require encryption on s2s_insecure_domains. Matthew Wild <mwild1@gmail.com> parents: 5533 diff changeset	41 local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	42
7662 946871f6e3c8 mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval Kim Alvefur <zash@zash.se> parents: 7642 diff changeset	43 local measure_connections = module:measure("connections", "amount");
8763 67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	44 local measure_ipv6 = module:measure("ipv6", "amount");
6630 6735e2d735d6 mod_c2s, mod_s2s: Collect statistics on number of connections Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	45
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	46 local sessions = module:shared("sessions");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	47
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	48 local runner_callbacks = {};
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	49
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	50 local listener = {};
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	51
4752 27b724a698f8 mod_s2s: Add log() import Matthew Wild <mwild1@gmail.com> parents: 4630 diff changeset	52 local log = module._log;
27b724a698f8 mod_s2s: Add log() import Matthew Wild <mwild1@gmail.com> parents: 4630 diff changeset	53
7662 946871f6e3c8 mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval Kim Alvefur <zash@zash.se> parents: 7642 diff changeset	54 module:hook("stats-update", function ()
7466 f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	55 local count = 0;
8763 67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	56 local ipv6 = 0;
67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	57 for _, session in pairs(sessions) do
7466 f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	58 count = count + 1;
8763 67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	59 if session.ip and session.ip:match(":") then
67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	60 ipv6 = ipv6 + 1;
67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	61 end
7466 f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	62 end
f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	63 measure_connections(count);
8763 67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	64 measure_ipv6(ipv6);
7662 946871f6e3c8 mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval Kim Alvefur <zash@zash.se> parents: 7642 diff changeset	65 end);
7466 f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	66
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	67 --- Handle stanzas to remote domains
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	68
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	69 local bouncy_stanzas = { message = true, presence = true, iq = true };
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	70 local function bounce_sendq(session, reason)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	71 local sendq = session.sendq;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	72 if not sendq then return; end
8545 248bab2bd0c9 mod_s2s: Don't use string concatenation when passing values to logging Kim Alvefur <zash@zash.se> parents: 8483 diff changeset	73 session.log("info", "Sending error replies for %d queued stanzas because of failed outgoing connection to %s", #sendq, session.to_host);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	74 local dummy = {
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	75 type = "s2sin";
8462 60d508f411a1 mod_s2s: Remove unused argument [luacheck] Kim Alvefur <zash@zash.se> parents: 8461 diff changeset	76 send = function ()
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	77 (session.log or log)("error", "Replying to to an s2s error reply, please report this! Traceback: %s", traceback());
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	78 end;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	79 dummy = true;
6626 071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	80 close = function ()
071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	81 (session.log or log)("error", "Attempting to close the dummy origin of s2s error replies, please report this! Traceback: %s", traceback());
071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	82 end;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	83 };
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	84 -- FIXME Allow for more specific error conditions
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	85 -- TODO use util.error ?
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	86 local error_type = "cancel";
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	87 local condition = "remote-server-not-found";
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	88 local reason_text;
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	89 if session.had_stream then -- set when a stream is opened by the remote
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	90 error_type, condition = "wait", "remote-server-timeout";
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	91 end
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	92 if errors.is_err(reason) then
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	93 error_type, condition, reason_text = reason.type, reason.condition, reason.text;
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	94 elseif type(reason) == "string" then
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	95 reason_text = reason;
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	96 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	97 for i, data in ipairs(sendq) do
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	98 local reply = data[2];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	99 if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	100 reply.attr.type = "error";
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	101 reply:tag("error", {type = error_type, by = session.from_host})
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	102 :tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up();
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	103 if reason_text then
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	104 reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"})
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	105 :text("Server-to-server connection failed: "..reason_text):up();
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	106 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	107 core_process_stanza(dummy, reply);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	108 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	109 sendq[i] = nil;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	110 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	111 session.sendq = nil;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	112 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	113
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	114 -- Handles stanzas to existing s2s sessions
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	115 function route_to_existing_session(event)
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	116 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	117 if not hosts[from_host] then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	118 log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	119 return false;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	120 end
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	121 if hosts[to_host] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	122 log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host);
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	123 return false;
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	124 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	125 local host = hosts[from_host].s2sout[to_host];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	126 if host then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	127 -- We have a connection to this host already
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	128 if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	129 (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	130
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	131 -- Queue stanza until we are able to send it
8463 d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	132 local queued_item = {
d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	133 tostring(stanza),
d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	134 stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza);
d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	135 };
d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	136 if host.sendq then
d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	137 t_insert(host.sendq, queued_item);
d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	138 else
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	139 -- luacheck: ignore 122
8463 d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	140 host.sendq = { queued_item };
d81ebb1ef5ce mod_s2s: Restructure some code Kim Alvefur <zash@zash.se> parents: 8462 diff changeset	141 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	142 host.log("debug", "stanza [%s] queued ", stanza.name);
4630 9502c0224caf mod_s2s: Queuing a stanza constitutes handling it. Paul Aurich <paul@darkrain42.org> parents: 4625 diff changeset	143 return true;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	144 elseif host.type == "local" or host.type == "component" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	145 log("error", "Trying to send a stanza to ourselves??")
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	146 log("error", "Traceback: %s", traceback());
10111 0f335815244f plugins: Remove tostring call from logging Kim Alvefur <zash@zash.se> parents: 9854 diff changeset	147 log("error", "Stanza: %s", stanza);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	148 return false;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	149 else
4968 a6d3ac11a7af mod_s2s: Don't treat a stanza as delivered if session.sends2s() returns false Matthew Wild <mwild1@gmail.com> parents: 4960 diff changeset	150 if host.sends2s(stanza) then
a6d3ac11a7af mod_s2s: Don't treat a stanza as delivered if session.sends2s() returns false Matthew Wild <mwild1@gmail.com> parents: 4960 diff changeset	151 return true;
a6d3ac11a7af mod_s2s: Don't treat a stanza as delivered if session.sends2s() returns false Matthew Wild <mwild1@gmail.com> parents: 4960 diff changeset	152 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	153 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	154 end
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	155 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	156
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	157 -- Create a new outgoing session for a stanza
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	158 function route_to_new_session(event)
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	159 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	160 log("debug", "opening a new outgoing connection for this stanza");
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	161 local host_session = s2s_new_outgoing(from_host, to_host);
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	162 host_session.version = 1;
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	163
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	164 -- Store in buffer
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	165 host_session.bounce_sendq = bounce_sendq;
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	166 host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} };
10111 0f335815244f plugins: Remove tostring call from logging Kim Alvefur <zash@zash.se> parents: 9854 diff changeset	167 log("debug", "stanza [%s] queued until connection complete", stanza.name);
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	168 connect(service.new(to_host, "xmpp-server", "tcp", { default_port = 5269 }), listener, nil, { session = host_session });
4581 d2eb5962d235 mod_s2s: return true when we sent the stanza, or initiated a new s2sout Kim Alvefur <zash@zash.se> parents: 4580 diff changeset	169 return true;
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	170 end
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	171
5669 9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	172 local function keepalive(event)
9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	173 return event.session.sends2s(' ');
9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	174 end
9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	175
5713 5cf6dedf36f4 mod_s2s: Add missing global hook for read-timeout Kim Alvefur <zash@zash.se> parents: 5669 diff changeset	176 module:hook("s2s-read-timeout", keepalive, -1);
5cf6dedf36f4 mod_s2s: Add missing global hook for read-timeout Kim Alvefur <zash@zash.se> parents: 5669 diff changeset	177
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	178 function module.add_host(module)
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	179 if module:get_option_boolean("disallow_s2s", false) then
7359 a5a080c12c96 Update every link to the documentation to use HTTPS Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 7278 diff changeset	180 module:log("warn", "The 'disallow_s2s' config option is deprecated, please see https://prosody.im/doc/s2s#disabling");
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	181 return nil, "This host has disallow_s2s set";
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	182 end
5454 5f69fddf6fb9 mod_s2s: Adjust priority of route/remote hooks to negative values (like most other internal hooks) Kim Alvefur <zash@zash.se> parents: 5423 diff changeset	183 module:hook("route/remote", route_to_existing_session, -1);
5f69fddf6fb9 mod_s2s: Adjust priority of route/remote hooks to negative values (like most other internal hooks) Kim Alvefur <zash@zash.se> parents: 5423 diff changeset	184 module:hook("route/remote", route_to_new_session, -10);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	185 module:hook("s2s-authenticated", make_authenticated, -1);
5669 9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	186 module:hook("s2s-read-timeout", keepalive, -1);
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	187 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) -- luacheck: ignore 212/stanza
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	188 if session.type == "s2sout" then
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	189 -- Stream is authenticated and we are seem to be done with feature negotiation,
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	190 -- so the stream is ready for stanzas. RFC 6120 Section 4.3
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	191 mark_connected(session);
6403 166d1bd8fc38 core.stanza_router, mod_s2s: Move handling of S2S features to mod_s2s from stanza_router Kim Alvefur <zash@zash.se> parents: 6382 diff changeset	192 return true;
10457 0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	193 elseif require_encryption and not session.secure then
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	194 session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host);
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	195 session:close({
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	196 condition = "policy-violation",
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	197 text = "Encrypted server-to-server communication is required but was not offered",
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	198 }, nil, "Could not establish encrypted connection to remote server");
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	199 return false;
6426 e5945fb5b71f mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present Kim Alvefur <zash@zash.se> parents: 6403 diff changeset	200 elseif not session.dialback_verifying then
e5945fb5b71f mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present Kim Alvefur <zash@zash.se> parents: 6403 diff changeset	201 session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up");
10311 1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	202 session:close({
1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	203 condition = "unsupported-feature",
1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	204 text = "No viable authentication method offered",
10426 dd4eb84d92a8 mod_s2s: Add error text for error replies on some s2s failures (#770) Kim Alvefur <zash@zash.se> parents: 10425 diff changeset	205 }, nil, "No viable authentication method offered by remote server");
6426 e5945fb5b71f mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present Kim Alvefur <zash@zash.se> parents: 6403 diff changeset	206 return false;
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	207 end
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	208 end, -1);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	209 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	210
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	211 -- Stream is authorised, and ready for normal stanzas
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	212 function mark_connected(session)
8267 42fad8465537 mod_s2s: Use a separate resolver object for each outgoing session Matthew Wild <mwild1@gmail.com> parents: 8234 diff changeset	213
6683 873ad1023eb0 mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed Kim Alvefur <zash@zash.se> parents: 6600 diff changeset	214 local sendq = session.sendq;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	215
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	216 local from, to = session.from_host, session.to_host;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	217
5800 3a48acbcb7f3 mod_s2s: Captitalize log messages that begin with a stream direction Kim Alvefur <zash@zash.se> parents: 5776 diff changeset	218 session.log("info", "%s s2s connection %s->%s complete", session.direction:gsub("^.", string.upper), from, to);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	219
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	220 local event_data = { session = session };
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	221 if session.type == "s2sout" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	222 fire_global_event("s2sout-established", event_data);
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	223 hosts[from].events.fire_event("s2sout-established", event_data);
10247 5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	224
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	225 if session.incoming then
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	226 session.send = function(stanza)
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	227 return hosts[from].events.fire_event("route/remote", { from_host = from, to_host = to, stanza = stanza });
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	228 end;
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	229 end
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	230
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	231 else
10248 d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	232 if session.outgoing and not hosts[to].s2sout[from] then
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	233 session.log("debug", "Setting up to handle route from %s to %s", to, from);
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	234 hosts[to].s2sout[from] = session; -- luacheck: ignore 122
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	235 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	236 local host_session = hosts[to];
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	237 session.send = function(stanza)
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	238 return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza });
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	239 end;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	240
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	241 fire_global_event("s2sin-established", event_data);
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	242 hosts[to].events.fire_event("s2sin-established", event_data);
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	243 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	244
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	245 if session.direction == "outgoing" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	246 if sendq then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	247 session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host);
6683 873ad1023eb0 mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed Kim Alvefur <zash@zash.se> parents: 6600 diff changeset	248 local send = session.sends2s;
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	249 for i, data in ipairs(sendq) do
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	250 send(data[1]);
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	251 sendq[i] = nil;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	252 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	253 session.sendq = nil;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	254 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	255 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	256 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	257
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	258 function make_authenticated(event)
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	259 local session, host = event.session, event.host;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	260 if not session.secure then
5594 ad66ee47b674 mod_s2s: Fix interaction between s2s_secure_auth and s2s_require_encryption, in particular ensure that when s2s_require_encryption is NOT set, do not require encryption on s2s_insecure_domains. Matthew Wild <mwild1@gmail.com> parents: 5533 diff changeset	261 if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	262 session:close({
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	263 condition = "policy-violation",
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	264 text = "Encrypted server-to-server communication is required but was not "
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	265 ..((session.direction == "outgoing" and "offered") or "used")
10426 dd4eb84d92a8 mod_s2s: Add error text for error replies on some s2s failures (#770) Kim Alvefur <zash@zash.se> parents: 10425 diff changeset	266 }, nil, "Could not establish encrypted connection to remote server");
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	267 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	268 end
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	269 if hosts[host] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	270 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	271 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	272 if session.type == "s2sout_unauthed" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	273 session.type = "s2sout";
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	274 elseif session.type == "s2sin_unauthed" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	275 session.type = "s2sin";
10246 19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	276 elseif session.type ~= "s2sin" and session.type ~= "s2sout" then
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	277 return false;
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	278 end
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	279
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	280 if session.incoming and host then
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	281 if not session.hosts[host] then session.hosts[host] = {}; end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	282 session.hosts[host].authed = true;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	283 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	284 session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host);
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	285
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	286 if (session.type == "s2sout" and session.external_auth ~= "succeeded") or session.type == "s2sin" then
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	287 -- Stream either used dialback for authentication or is an incoming stream.
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	288 mark_connected(session);
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	289 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	290
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	291 return true;
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	292 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	293
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	294 --- Helper to check that a session peer's certificate is valid
6301 2fdd71b08126 mod_dialback: Short-circuit dialback auth if certificate is considered valid Kim Alvefur <zash@zash.se> parents: 6259 diff changeset	295 function check_cert_status(session)
5387 1130887e0d41 mod_s2s: session.from_host does not allways exist on incoming connections, true and nil or "our hostname" does not evaluate to what we want here Kim Alvefur <zash@zash.se> parents: 5368 diff changeset	296 local host = session.direction == "outgoing" and session.to_host or session.from_host
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	297 local conn = session.conn:socket()
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	298 local cert
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	299 if conn.getpeercertificate then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	300 cert = conn:getpeercertificate()
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	301 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	302
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	303 return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	304 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	305
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	306 --- XMPP stream event handlers
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	307
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	308 local stream_callbacks = { default_ns = "jabber:server" };
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	309
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	310 function stream_callbacks.handlestanza(session, stanza)
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	311 stanza = session.filter("stanzas/in", stanza);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	312 session.thread:run(stanza);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	313 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	314
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	315 local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	316
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	317 function stream_callbacks.streamopened(session, attr)
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	318 -- run _streamopened in async context
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	319 session.thread:run({ attr = attr });
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	320 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	321
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	322 function stream_callbacks._streamopened(session, attr)
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	323 session.version = tonumber(attr.version) or 0;
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	324 session.had_stream = true; -- Had a stream opened at least once
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	325
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	326 -- TODO: Rename session.secure to session.encrypted
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	327 if session.secure == false then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	328 session.secure = true;
5859 e327f2d4e09f mod_c2s, mod_s2s: Set session.encrypted as session.secure does not allways mean encrypted (eg consider_bosh_secure) Kim Alvefur <zash@zash.se> parents: 5801 diff changeset	329 session.encrypted = true;
5173 b22d24b5a89a mod_s2s: Detect TLS compression Kim Alvefur <zash@zash.se> parents: 5120 diff changeset	330
b22d24b5a89a mod_s2s: Detect TLS compression Kim Alvefur <zash@zash.se> parents: 5120 diff changeset	331 local sock = session.conn:socket();
b22d24b5a89a mod_s2s: Detect TLS compression Kim Alvefur <zash@zash.se> parents: 5120 diff changeset	332 if sock.info then
5764 969e0a054795 mod_c2s, mod_s2s: Log a message that stream encryption has been enabled with some details Kim Alvefur <zash@zash.se> parents: 5713 diff changeset	333 local info = sock:info();
5801 224644752bf4 mod_c2s, mod_s2s: Log cipher and encryption info in a more compact and (hopefully) less confusing way Kim Alvefur <zash@zash.se> parents: 5800 diff changeset	334 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher);
5764 969e0a054795 mod_c2s, mod_s2s: Log a message that stream encryption has been enabled with some details Kim Alvefur <zash@zash.se> parents: 5713 diff changeset	335 session.compressed = info.compression;
969e0a054795 mod_c2s, mod_s2s: Log a message that stream encryption has been enabled with some details Kim Alvefur <zash@zash.se> parents: 5713 diff changeset	336 else
969e0a054795 mod_c2s, mod_s2s: Log a message that stream encryption has been enabled with some details Kim Alvefur <zash@zash.se> parents: 5713 diff changeset	337 (session.log or log)("info", "Stream encrypted");
5173 b22d24b5a89a mod_s2s: Detect TLS compression Kim Alvefur <zash@zash.se> parents: 5120 diff changeset	338 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	339 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	340
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	341 if session.direction == "incoming" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	342 -- Send a reply stream header
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	343
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	344 -- Validate to/from
10381 66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	345 local to, from = attr.to, attr.from;
66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	346 if to then to = nameprep(attr.to); end
66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	347 if from then from = nameprep(attr.from); end
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	348 if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts)
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	349 session:close({ condition = "improper-addressing", text = "Invalid 'to' address" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	350 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	351 end
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	352 if not from and attr.from then -- COMPAT: Some servers do not reliably set 'from' (especially on stream restarts)
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	353 session:close({ condition = "improper-addressing", text = "Invalid 'from' address" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	354 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	355 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	356
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	357 -- Set session.[from/to]_host if they have not been set already and if
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	358 -- this session isn't already authenticated
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	359 if session.type == "s2sin_unauthed" and from and not session.from_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	360 session.from_host = from;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	361 elseif from ~= session.from_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	362 session:close({ condition = "improper-addressing", text = "New stream 'from' attribute does not match original" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	363 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	364 end
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	365 if session.type == "s2sin_unauthed" and to and not session.to_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	366 session.to_host = to;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	367 elseif to ~= session.to_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	368 session:close({ condition = "improper-addressing", text = "New stream 'to' attribute does not match original" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	369 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	370 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	371
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	372 -- For convenience we'll put the sanitised values into these variables
c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	373 to, from = session.to_host, session.from_host;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	374
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	375 session.streamid = uuid_gen();
4590 883611842d3a mod_s2s: Log the entire stream header. Kim Alvefur <zash@zash.se> parents: 4587 diff changeset	376 (session.log or log)("debug", "Incoming s2s received %s", st.stanza("stream:stream", attr):top_tag());
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	377 if to then
c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	378 if not hosts[to] then
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	379 -- Attempting to connect to a host we don't serve
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	380 session:close({
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	381 condition = "host-unknown";
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	382 text = "This host does not serve "..to
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	383 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	384 return;
4834 878f75ccc4fb mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users Matthew Wild <mwild1@gmail.com> parents: 4822 diff changeset	385 elseif not hosts[to].modules.s2s then
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	386 -- Attempting to connect to a host that disallows s2s
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	387 session:close({
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	388 condition = "policy-violation";
4834 878f75ccc4fb mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users Matthew Wild <mwild1@gmail.com> parents: 4822 diff changeset	389 text = "Server-to-server communication is disabled for this host";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	390 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	391 return;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	392 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	393 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	394
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	395 if hosts[from] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	396 session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" });
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	397 return;
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	398 end
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	399
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	400 if session.secure and not session.cert_chain_status then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	401 if check_cert_status(session) == false then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	402 return;
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	403 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	404 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	405
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	406 session:open_stream(session.to_host, session.from_host)
6684 53635a91c95c mod_s2s: Mark stream as opened directly after opening stream, prevents session.close opening it again Kim Alvefur <zash@zash.se> parents: 6683 diff changeset	407 session.notopen = nil;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	408 if session.version >= 1.0 then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	409 local features = st.stanza("stream:features");
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	410
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	411 if to then
c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	412 hosts[to].events.fire_event("s2s-stream-features", { origin = session, features = features });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	413 else
5975 0d219631d47b mod_s2s: Include IP in log messages, if host is unavailable Florian Zeitz <florob@babelmonkeys.de> parents: 5769 diff changeset	414 (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host");
6901 ccc452767ec6 mod_s2s: Fire global event for stream features where the remote server has not sent the 'to' stream attribute Kim Alvefur <zash@zash.se> parents: 6848 diff changeset	415 fire_global_event("s2s-stream-features-legacy", { origin = session, features = features });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	416 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	417
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	418 if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	419 log("debug", "Sending stream features: %s", features);
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	420 session.sends2s(features);
7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	421 else
7865 a8cc495a65dc mod_s2s: Clarify that it is stream features that can't be offered (here too) Kim Alvefur <zash@zash.se> parents: 7679 diff changeset	422 (session.log or log)("warn", "No stream features to offer, giving up");
a8cc495a65dc mod_s2s: Clarify that it is stream features that can't be offered (here too) Kim Alvefur <zash@zash.se> parents: 7679 diff changeset	423 session:close({ condition = "undefined-condition", text = "No stream features to offer" });
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	424 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	425 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	426 elseif session.direction == "outgoing" then
6359 c74670b3be53 mod_s2s: Mark stream as opened earlier for outgoing connections, fixes double stream headers on policy failures Kim Alvefur <zash@zash.se> parents: 5975 diff changeset	427 session.notopen = nil;
6378 3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	428 if not attr.id then
7677 8613086779fa mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered protocol issues Matthew Wild <mwild1@gmail.com> parents: 7100 diff changeset	429 log("warn", "Stream response did not give us a stream id!");
6378 3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	430 session:close({ condition = "undefined-condition", text = "Missing stream ID" });
3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	431 return;
3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	432 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	433 session.streamid = attr.id;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	434
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	435 if session.secure and not session.cert_chain_status then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	436 if check_cert_status(session) == false then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	437 return;
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	438 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	439 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	440
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	441 -- Send unauthed buffer
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	442 -- (stanzas which are fine to send before dialback)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	443 -- Note that this is not the stanza queue (which
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	444 -- we can only send if auth succeeds) :)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	445 local send_buffer = session.send_buffer;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	446 if send_buffer and #send_buffer > 0 then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	447 log("debug", "Sending s2s send_buffer now...");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	448 for i, data in ipairs(send_buffer) do
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	449 session.sends2s(tostring(data));
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	450 send_buffer[i] = nil;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	451 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	452 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	453 session.send_buffer = nil;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	454
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	455 -- If server is pre-1.0, don't wait for features, just do dialback
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	456 if session.version < 1.0 then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	457 if not session.dialback_verifying then
5341 760c22c822be mod_s2s, mod_dialback: Rename s2s-authenticate-legacy event to s2sout-authenticate-legacy for clarity. Also, hello! Matthew Wild <mwild1@gmail.com> parents: 5307 diff changeset	458 hosts[session.from_host].events.fire_event("s2sout-authenticate-legacy", { origin = session });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	459 else
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	460 mark_connected(session);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	461 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	462 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	463 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	464 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	465
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	466 function stream_callbacks.streamclosed(session)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	467 (session.log or log)("debug", "Received </stream:stream>");
4988 29bdf68ad142 mod_s2s: Adjust session:close() in line with mod_c2s's - fixes waiting for </stream:stream> if it has already been sent by the peer Matthew Wild <mwild1@gmail.com> parents: 4969 diff changeset	468 session:close(false);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	469 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	470
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	471 function stream_callbacks.error(session, error, data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	472 if error == "no-stream" then
6364 4e93e8768c36 mod_c2s, mod_s2s: Log received invalid stream headers Matthew Wild <mwild1@gmail.com> parents: 6362 diff changeset	473 session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}")));
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	474 session:close("invalid-namespace");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	475 elseif error == "parse-error" then
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	476 session.log("debug", "Server-to-server XML parse error: %s", error);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	477 session:close("not-well-formed");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	478 elseif error == "stream-error" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	479 local condition, text = "undefined-condition";
8233 4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	480 for child in data:childtags(nil, xmlns_xmpp_streams) do
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	481 if child.name ~= "text" then
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	482 condition = child.name;
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	483 else
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	484 text = child:get_text();
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	485 end
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	486 if condition ~= "undefined-condition" and text then
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	487 break;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	488 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	489 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	490 text = condition .. (text and (" ("..text..")") or "");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	491 session.log("info", "Session closed by remote with error: %s", text);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	492 session:close(nil, text);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	493 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	494 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	495
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	496 --- Session methods
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	497 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
10425 42cf93ff4618 s2s: Allow passing a custom error for bouncing queued stanzas (#770) Kim Alvefur <zash@zash.se> parents: 10421 diff changeset	498 local function session_close(session, reason, remote_reason, bounce_reason)
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	499 local log = session.log or log;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	500 if session.conn then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	501 if session.notopen then
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	502 if session.direction == "incoming" then
df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	503 session:open_stream(session.to_host, session.from_host);
df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	504 else
df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	505 session:open_stream(session.from_host, session.to_host);
df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	506 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	507 end
4988 29bdf68ad142 mod_s2s: Adjust session:close() in line with mod_c2s's - fixes waiting for </stream:stream> if it has already been sent by the peer Matthew Wild <mwild1@gmail.com> parents: 4969 diff changeset	508 if reason then -- nil == no err, initiated by us, false == initiated by remote
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	509 if type(reason) == "string" then -- assume stream error
5975 0d219631d47b mod_s2s: Include IP in log messages, if host is unavailable Florian Zeitz <florob@babelmonkeys.de> parents: 5769 diff changeset	510 log("debug", "Disconnecting %s[%s], <stream:error> is: %s", session.host or session.ip or "(unknown host)", session.type, reason);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	511 session.sends2s(st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }));
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	512 elseif type(reason) == "table" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	513 if reason.condition then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	514 local stanza = st.stanza("stream:error"):tag(reason.condition, stream_xmlns_attr):up();
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	515 if reason.text then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	516 stanza:tag("text", stream_xmlns_attr):text(reason.text):up();
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	517 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	518 if reason.extra then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	519 stanza:add_child(reason.extra);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	520 end
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	521 log("debug", "Disconnecting %s[%s], <stream:error> is: %s",
063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	522 session.host or session.ip or "(unknown host)", session.type, stanza);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	523 session.sends2s(stanza);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	524 elseif reason.name then -- a stanza
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	525 log("debug", "Disconnecting %s->%s[%s], <stream:error> is: %s",
063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	526 session.from_host or "(unknown host)", session.to_host or "(unknown host)",
063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	527 session.type, reason);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	528 session.sends2s(reason);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	529 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	530 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	531 end
4988 29bdf68ad142 mod_s2s: Adjust session:close() in line with mod_c2s's - fixes waiting for </stream:stream> if it has already been sent by the peer Matthew Wild <mwild1@gmail.com> parents: 4969 diff changeset	532
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	533 session.sends2s("</stream:stream>");
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	534 function session.sends2s() return false; end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	535
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	536 -- luacheck: ignore 422/reason
063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	537 -- FIXME reason should be managed in a place common to c2s, s2s, bosh, component etc
4988 29bdf68ad142 mod_s2s: Adjust session:close() in line with mod_c2s's - fixes waiting for </stream:stream> if it has already been sent by the peer Matthew Wild <mwild1@gmail.com> parents: 4969 diff changeset	538 local reason = remote_reason or (reason and (reason.text or reason.condition)) or reason;
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	539 session.log("info", "%s s2s stream %s->%s closed: %s", session.direction:gsub("^.", string.upper),
063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	540 session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed");
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	541
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	542 -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	543 local conn = session.conn;
10421 09b54ad0fdc4 mod_s2s: Wait for remote to close any connection allowing incoming stanzas Kim Alvefur <zash@zash.se> parents: 10403 diff changeset	544 if reason == nil and not session.notopen and session.incoming then
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	545 add_task(stream_close_timeout, function ()
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	546 if not session.destroyed then
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	547 session.log("warn", "Failed to receive a stream close response, closing connection anyway...");
10425 42cf93ff4618 s2s: Allow passing a custom error for bouncing queued stanzas (#770) Kim Alvefur <zash@zash.se> parents: 10421 diff changeset	548 s2s_destroy_session(session, reason, bounce_reason);
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	549 conn:close();
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	550 end
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	551 end);
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	552 else
10425 42cf93ff4618 s2s: Allow passing a custom error for bouncing queued stanzas (#770) Kim Alvefur <zash@zash.se> parents: 10421 diff changeset	553 s2s_destroy_session(session, reason, bounce_reason);
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	554 conn:close(); -- Close immediately, as this is an outgoing connection or is not authed
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	555 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	556 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	557 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	558
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	559 function session_stream_attrs(session, from, to, attr) -- luacheck: ignore 212/session
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	560 if not from or (hosts[from] and hosts[from].modules.dialback) then
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	561 attr["xmlns:db"] = 'jabber:server:dialback';
901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	562 end
6602 61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	563 if not from then
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	564 attr.from = '';
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	565 end
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	566 if not to then
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	567 attr.to = '';
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	568 end
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	569 end
901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	570
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	571 -- Session initialization logic shared by incoming and outgoing
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	572 local function initialize_session(session)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	573 local stream = new_xmpp_stream(session, stream_callbacks);
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	574
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	575 session.thread = runner(function (stanza)
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	576 if stanza.name == nil then
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	577 stream_callbacks._streamopened(session, stanza.attr);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	578 else
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	579 core_process_stanza(session, stanza);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	580 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	581 end, runner_callbacks, session);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	582
6255 6167f8bc5a6b mod_s2s: Decide on log function once Kim Alvefur <zash@zash.se> parents: 6146 diff changeset	583 local log = session.log or log;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	584 session.stream = stream;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	585
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	586 session.notopen = true;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	587
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	588 function session.reset_stream()
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	589 session.notopen = true;
6362 f5f44504e18b mod_s2s: Reset stream ID when resetting stream [compliance] Kim Alvefur <zash@zash.se> parents: 6359 diff changeset	590 session.streamid = nil;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	591 session.stream:reset();
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	592 end
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	593
6085 2f911644f527 mod_s2s: Replace open_stream() with function that only adds s2s/dialback attributes to stream header Kim Alvefur <zash@zash.se> parents: 6069 diff changeset	594 session.stream_attrs = session_stream_attrs;
6069 446148cad35e mod_s2s: Revert e626ee2fe106 change, it broke Dialback Kim Alvefur <zash@zash.se> parents: 6063 diff changeset	595
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	596 local filter = initialize_filters(session);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	597 local conn = session.conn;
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	598 local w = conn.write;
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	599
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	600 function session.sends2s(t)
9069 22e5f11c778a sessionmanager, mod_s2s: Bring debug line for outgoing stanzas in line with that for incoming Kim Alvefur <zash@zash.se> parents: 9068 diff changeset	601 log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?"));
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	602 if t.name then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	603 t = filter("stanzas/out", t);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	604 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	605 if t then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	606 t = filter("bytes/out", tostring(t));
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	607 if t then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	608 return w(conn, t);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	609 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	610 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	611 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	612
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	613 function session.data(data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	614 data = filter("bytes/in", data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	615 if data then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	616 local ok, err = stream:feed(data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	617 if ok then return; end
10111 0f335815244f plugins: Remove tostring call from logging Kim Alvefur <zash@zash.se> parents: 9854 diff changeset	618 log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
10426 dd4eb84d92a8 mod_s2s: Add error text for error replies on some s2s failures (#770) Kim Alvefur <zash@zash.se> parents: 10425 diff changeset	619 session:close("not-well-formed", nil, "Received invalid XML from remote server");
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	620 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	621 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	622
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	623 session.close = session_close;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	624
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	625 local handlestanza = stream_callbacks.handlestanza;
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	626 function session.dispatch_stanza(session, stanza) -- luacheck: ignore 432/session
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	627 return handlestanza(session, stanza);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	628 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	629
6259 36f611624987 mod_s2s: Fire a 's2s-created' event when new s2s connections are initialized Kim Alvefur <zash@zash.se> parents: 6257 diff changeset	630 module:fire_event("s2s-created", { session = session });
36f611624987 mod_s2s: Fire a 's2s-created' event when new s2s connections are initialized Kim Alvefur <zash@zash.se> parents: 6257 diff changeset	631
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	632 add_task(connect_timeout, function ()
4960 8950510ddb2e mod_s2s: Make unauthed session timeout a little more aggressive... otherwise it's possible for sessions to slip under the net and never get killed off Matthew Wild <mwild1@gmail.com> parents: 4906 diff changeset	633 if session.type == "s2sin" or session.type == "s2sout" then
8950510ddb2e mod_s2s: Make unauthed session timeout a little more aggressive... otherwise it's possible for sessions to slip under the net and never get killed off Matthew Wild <mwild1@gmail.com> parents: 4906 diff changeset	634 return; -- Ok, we're connected
5307 d80e56d8805c mod_s2s: Don't try to close sessions that were destroyed before timeout Kim Alvefur <zash@zash.se> parents: 5281 diff changeset	635 elseif session.type == "s2s_destroyed" then
d80e56d8805c mod_s2s: Don't try to close sessions that were destroyed before timeout Kim Alvefur <zash@zash.se> parents: 5281 diff changeset	636 return; -- Session already destroyed
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	637 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	638 -- Not connected, need to close session and clean up
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	639 (session.log or log)("debug", "Destroying incomplete session %s->%s due to inactivity",
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	640 session.from_host or "(unknown)", session.to_host or "(unknown)");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	641 session:close("connection-timeout");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	642 end);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	643 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	644
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	645 function runner_callbacks:ready()
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	646 self.data.log("debug", "Runner %s ready (%s)", self.thread, coroutine.status(self.thread));
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	647 self.data.conn:resume();
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	648 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	649
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	650 function runner_callbacks:waiting()
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	651 self.data.log("debug", "Runner %s waiting (%s)", self.thread, coroutine.status(self.thread));
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	652 self.data.conn:pause();
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	653 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	654
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	655 function runner_callbacks:error(err)
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	656 (self.data.log or log)("error", "Traceback[s2s]: %s", err);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	657 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	658
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	659 function listener.onconnect(conn)
5522 3912c9264ef0 mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually configurable through s2s_tcp_keepalives (thanks yeled) Matthew Wild <mwild1@gmail.com> parents: 5505 diff changeset	660 conn:setoption("keepalive", opt_keepalives);
4906 89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	661 local session = sessions[conn];
89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	662 if not session then -- New incoming connection
89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	663 session = s2s_new_incoming(conn);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	664 sessions[conn] = session;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	665 session.log("debug", "Incoming s2s connection");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	666 initialize_session(session);
4906 89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	667 else -- Outgoing session connected
89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	668 session:open_stream(session.from_host, session.to_host);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	669 end
5661 f226a0d23e85 mod_s2s: Set s2s_session.ip Kim Alvefur <zash@zash.se> parents: 5638 diff changeset	670 session.ip = conn:ip();
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	671 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	672
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	673 function listener.onincoming(conn, data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	674 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	675 if session then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	676 session.data(data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	677 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	678 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	679
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	680 function listener.onstatus(conn, status)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	681 if status == "ssl-handshake-complete" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	682 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	683 if session and session.direction == "outgoing" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	684 session.log("debug", "Sending stream header...");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	685 session:open_stream(session.from_host, session.to_host);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	686 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	687 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	688 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	689
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	690 function listener.ondisconnect(conn, err)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	691 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	692 if session then
5274 0d08c0965824 mod_s2s: Remove connection from sessions table as soon as we learn it is disconnected. Fixes a connection/session leak. Matthew Wild <mwild1@gmail.com> parents: 5173 diff changeset	693 sessions[conn] = nil;
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	694 (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed");
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	695 s2s_destroy_session(session, err);
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	696 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	697 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	698
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	699 function listener.onfail(data, err)
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	700 local session = data and data.session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	701 if session then
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	702 if err and session.direction == "outgoing" and session.notopen then
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	703 (session.log or log)("debug", "s2s connection attempt failed: %s", err);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	704 end
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	705 (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed");
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	706 s2s_destroy_session(session, err);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	707 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	708 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	709
5638 c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	710 function listener.onreadtimeout(conn)
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	711 local session = sessions[conn];
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	712 if session then
7537 a0813737c6fa mod_s2s: Index session after checking if it exists (fixes traceback in case of a connection without a session having a read timeout) Kim Alvefur <zash@zash.se> parents: 7466 diff changeset	713 local host = session.host or session.to_host;
6658 65563530375b mod_s2s: Fire read timeout event on correct virtualhost for incoming connections Kim Alvefur <zash@zash.se> parents: 6630 diff changeset	714 return (hosts[host] or prosody).events.fire_event("s2s-read-timeout", { session = session });
5638 c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	715 end
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	716 end
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	717
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	718 function listener.register_outgoing(conn, session)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	719 sessions[conn] = session;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	720 initialize_session(session);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	721 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	722
6380 4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	723 function listener.ondetach(conn)
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	724 sessions[conn] = nil;
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	725 end
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	726
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	727 function listener.onattach(conn, data)
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	728 local session = data and data.session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	729 if session then
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	730 session.conn = conn;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	731 sessions[conn] = session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	732 initialize_session(session);
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	733 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	734 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	735
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	736 -- Complete the sentence "Your certificate " with what's wrong
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	737 local function friendly_cert_error(session) --> string
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	738 if session.cert_chain_status == "invalid" then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	739 if session.cert_chain_errors then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	740 local cert_errors = set.new(session.cert_chain_errors[1]);
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	741 if cert_errors:contains("certificate has expired") then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	742 return "has expired";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	743 elseif cert_errors:contains("self signed certificate") then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	744 return "is self-signed";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	745 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	746 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	747 return "is not trusted"; -- for some other reason
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	748 elseif session.cert_identity_status == "invalid" then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	749 return "is not valid for this name";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	750 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	751 -- this should normally be unreachable except if no s2s auth module was loaded
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	752 return "could not be validated";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	753 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	754
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	755 function check_auth_policy(event)
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	756 local host, session = event.host, event.session;
5368 ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	757 local must_secure = secure_auth;
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	758
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	759 if not must_secure and secure_domains[host] then
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	760 must_secure = true;
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	761 elseif must_secure and insecure_domains[host] then
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	762 must_secure = false;
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	763 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	764
5767 3a30ad76a86a mod_s2s: Improve policy check Kim Alvefur <zash@zash.se> parents: 5766 diff changeset	765 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
5975 0d219631d47b mod_s2s: Include IP in log messages, if host is unavailable Florian Zeitz <florob@babelmonkeys.de> parents: 5769 diff changeset	766 module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)");
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	767 local reason = friendly_cert_error(session);
10456 2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	768 -- XEP-0178 recommends closing outgoing connections without warning
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	769 -- but does not give a rationale for this.
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	770 -- In practice most cases are configuration mistakes or forgotten
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	771 -- certificate renewals. We think it's better to let the other party
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	772 -- know about the problem so that they can fix it.
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	773 session:close({ condition = "not-authorized", text = "Your server's certificate "..reason },
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	774 nil, "Remote server's certificate "..reason);
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	775 return false;
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	776 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	777 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	778
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	779 module:hook("s2s-check-certificate", check_auth_policy, -1);
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	780
5281 815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	781 module:hook("server-stopping", function(event)
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	782 local reason = event.reason;
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	783 for _, session in pairs(sessions) do
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	784 session:close{ condition = "system-shutdown", text = reason };
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	785 end
7100 301d58705667 mod_c2s, mod_s2s: Lower priority of session shutdown to negative, so that plugins hooking at the default priority run first (fixes #601) Kim Alvefur <zash@zash.se> parents: 6684 diff changeset	786 end, -200);
5281 815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	787
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	788
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	789
5120 bcabea740c00 mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item(). Waqas Hussain <waqas20@gmail.com> parents: 5013 diff changeset	790 module:provides("net", {
4610 171051f9dd00 mod_c2s: Use module:add_item() to add the net-provider for portmanager Matthew Wild <mwild1@gmail.com> parents: 4601 diff changeset	791 name = "s2s";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	792 listener = listener;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	793 default_port = 5269;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	794 encryption = "starttls";
9854 115b5e32d960 mod_tls: Restore querying for certificates on s2s Kim Alvefur <zash@zash.se> parents: 9852 diff changeset	795 ssl_config = { -- FIXME This is not used atm, see mod_tls
9852 6ea3cafb6ac3 core.certmanager: Do not ask for client certificates by default Kim Alvefur <zash@zash.se> parents: 9784 diff changeset	796 verify = { "peer", "client_once", };
6ea3cafb6ac3 core.certmanager: Do not ask for client certificates by default Kim Alvefur <zash@zash.se> parents: 9784 diff changeset	797 };
4620 e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	798 multiplex = {
e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	799 pattern = "^<.:stream.%sxmlns%s=%s(['\"])jabber:server%1.*>";
e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	800 };
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	801 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	802

prosody

0c44090cb168

plugins/mod_s2s/mod_s2s.lua

Software / code / prosody

Annotate

plugins/mod_s2s/mod_s2s.lua @ 10457:0c44090cb168

Software `/` code `/` prosody