Software /
code /
prosody
Annotate
core/s2smanager.lua @ 10721:3a1b1d3084fb 0.11
core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513)
Backport of 94e341dee51c
The original intent of having kEDH before kEECDH was that if a `dhparam`
file was specified, this would be interpreted as a preference by the
admin for old and well-tested Diffie-Hellman key agreement over newer
elliptic curve ones. Otherwise the faster elliptic curve ciphersuites
would be preferred. This didn't really work as intended since this
affects the ClientHello on outgoing s2s connections, leading to some
servers using poorly configured kEDH.
With Debian shipping OpenSSL settings that enforce a higher security
level, this caused interoperability problems with servers that use DH
params smaller than 2048 bits. E.g. jabber.org at the time of this
writing has 1024 bit DH params.
MattJ says
> Curves have won, and OpenSSL is less weird about them now
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 25 Aug 2019 20:22:35 +0200 |
parent | 8675:d3d74e923e4e |
child | 9787:6625efab91e2 |
rev | line source |
---|---|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
1492
diff
changeset
|
1 -- Prosody IM |
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2889
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2889
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5459
diff
changeset
|
4 -- |
758 | 5 -- This project is MIT/X11 licensed. Please see the |
6 -- COPYING file in the source package for more information. | |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
451
diff
changeset
|
7 -- |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
451
diff
changeset
|
8 |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
451
diff
changeset
|
9 |
148 | 10 |
5366
c1357b7fbca3
s2smanager: Access prosody.hosts instead of hosts global directly
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
11 local hosts = prosody.hosts; |
5459
3a821511b9ec
sessionmanager, s2smanager: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents:
5447
diff
changeset
|
12 local tostring, pairs, setmetatable |
3a821511b9ec
sessionmanager, s2smanager: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents:
5447
diff
changeset
|
13 = tostring, pairs, setmetatable; |
148 | 14 |
15 local logger_init = require "util.logger".init; | |
16 | |
17 local log = logger_init("s2smanager"); | |
18 | |
3476
193bb0936a4e
s2smanager: Fire s2s{in,out}-established when new s2s connections are ready
Matthew Wild <mwild1@gmail.com>
parents:
3459
diff
changeset
|
19 local prosody = _G.prosody; |
8675
d3d74e923e4e
s2smanager: Explicitly export the incoming_s2s table [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
20 local incoming_s2s = {}; |
d3d74e923e4e
s2smanager: Explicitly export the incoming_s2s table [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
21 _G.incoming_s2s = incoming_s2s; |
3476
193bb0936a4e
s2smanager: Fire s2s{in,out}-established when new s2s connections are ready
Matthew Wild <mwild1@gmail.com>
parents:
3459
diff
changeset
|
22 prosody.incoming_s2s = incoming_s2s; |
5349
0d11e393201f
s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents:
5306
diff
changeset
|
23 local fire_event = prosody.events.fire_event; |
621
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
24 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
25 local _ENV = nil; |
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
7950
diff
changeset
|
26 -- luacheck: std none |
148 | 27 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
28 local function new_incoming(conn) |
621
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
29 local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} }; |
5306
10bc0e2aa55e
s2smanager: Generate session names used for logging the same way everywhere
Kim Alvefur <zash@zash.se>
parents:
5105
diff
changeset
|
30 session.log = logger_init("s2sin"..tostring(session):match("[a-f0-9]+$")); |
621
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
31 incoming_s2s[session] = true; |
148 | 32 return session; |
33 end | |
34 | |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
35 local function new_outgoing(from_host, to_host) |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
36 local host_session = { to_host = to_host, from_host = from_host, host = from_host, |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
37 notopen = true, type = "s2sout_unauthed", direction = "outgoing" }; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
38 hosts[from_host].s2sout[to_host] = host_session; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
39 local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$"); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
40 host_session.log = logger_init(conn_name); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
41 return host_session; |
148 | 42 end |
43 | |
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
44 local resting_session = { -- Resting, not dead |
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
45 destroyed = true; |
2915
f47bd0f7e2e6
sessionmanager, s2smanager: Add type of ?2s_destroyed to resting sessions (fixes a logging traceback, thanks Flo)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
46 type = "s2s_destroyed"; |
2748
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
47 open_stream = function (session) |
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
48 session.log("debug", "Attempt to open stream on resting session"); |
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
49 end; |
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
50 close = function (session) |
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
51 session.log("debug", "Attempt to close already-closed session"); |
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
52 end; |
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
5776
diff
changeset
|
53 filter = function (type, data) return data; end; --luacheck: ignore 212/type |
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
54 }; resting_session.__index = resting_session; |
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
55 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
56 local function retire_session(session, reason) |
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
5776
diff
changeset
|
57 local log = session.log or log; --luacheck: ignore 431/log |
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
58 for k in pairs(session) do |
5447
92b88476873a
sessionmanager, s2smanager: Remove open_session tracing
Matthew Wild <mwild1@gmail.com>
parents:
5367
diff
changeset
|
59 if k ~= "log" and k ~= "id" and k ~= "conn" then |
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
60 session[k] = nil; |
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
61 end |
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
62 end |
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
63 |
4018
5061c8d41d89
s2smanager: retire_session(): Add a 'reason' parameter
Matthew Wild <mwild1@gmail.com>
parents:
4017
diff
changeset
|
64 session.destruction_reason = reason; |
5061c8d41d89
s2smanager: retire_session(): Add a 'reason' parameter
Matthew Wild <mwild1@gmail.com>
parents:
4017
diff
changeset
|
65 |
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
66 function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end |
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
67 function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end |
7452
d916703d5e18
s2smanager: Include a stub thread on destroyed sessions (thanks Link Mauve)
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
68 session.thread = { run = function (_, data) return session.data(data) end }; |
6691
c6c996410064
s2smanager: Make sure destroyed sessions have a sends2s method
Kim Alvefur <zash@zash.se>
parents:
5459
diff
changeset
|
69 session.sends2s = session.send; |
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
70 return setmetatable(session, resting_session); |
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
71 end |
2857
6036c4b75235
sessionmanager, s2smanager: Give sessions dummy data handlers that log when data is received by a destroyed session
Matthew Wild <mwild1@gmail.com>
parents:
2712
diff
changeset
|
72 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
73 local function destroy_session(session, reason) |
2749
8dc5f3651501
s2smanager: Don't re-destroy destroyed sessions
Matthew Wild <mwild1@gmail.com>
parents:
2748
diff
changeset
|
74 if session.destroyed then return; end |
7947
24170d74b00b
core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
75 (session.log or log)("debug", "Destroying "..tostring(session.direction) |
24170d74b00b
core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
76 .." session "..tostring(session.from_host).."->"..tostring(session.to_host) |
24170d74b00b
core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
77 ..(reason and (": "..reason) or "")); |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5459
diff
changeset
|
78 |
164
8dc1faa5b1df
other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents:
162
diff
changeset
|
79 if session.direction == "outgoing" then |
260
182f0c895676
Now outgoing s2s sessions are associated with their from_host, fixes #15
Matthew Wild <mwild1@gmail.com>
parents:
259
diff
changeset
|
80 hosts[session.from_host].s2sout[session.to_host] = nil; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
81 session:bounce_sendq(reason); |
621
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
82 elseif session.direction == "incoming" then |
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
83 incoming_s2s[session] = nil; |
164
8dc1faa5b1df
other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents:
162
diff
changeset
|
84 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5459
diff
changeset
|
85 |
3488
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
86 local event_data = { session = session, reason = reason }; |
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
87 if session.type == "s2sout" then |
5349
0d11e393201f
s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents:
5306
diff
changeset
|
88 fire_event("s2sout-destroyed", event_data); |
3488
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
89 if hosts[session.from_host] then |
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
90 hosts[session.from_host].events.fire_event("s2sout-destroyed", event_data); |
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
91 end |
3489
1b76d18e8045
s2smanager: Don't fire s2sin-destroyed for sessions that were never fully established (thanks Thomas)
Matthew Wild <mwild1@gmail.com>
parents:
3488
diff
changeset
|
92 elseif session.type == "s2sin" then |
5349
0d11e393201f
s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents:
5306
diff
changeset
|
93 fire_event("s2sin-destroyed", event_data); |
3488
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
94 if hosts[session.to_host] then |
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
95 hosts[session.to_host].events.fire_event("s2sin-destroyed", event_data); |
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
96 end |
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
97 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5459
diff
changeset
|
98 |
4019
80aa47c009f0
s2smanager: destroy_session(): Pass reason to retire_session() and return true on successful destruction
Matthew Wild <mwild1@gmail.com>
parents:
4018
diff
changeset
|
99 retire_session(session, reason); -- Clean session until it is GC'd |
80aa47c009f0
s2smanager: destroy_session(): Pass reason to retire_session() and return true on successful destruction
Matthew Wild <mwild1@gmail.com>
parents:
4018
diff
changeset
|
100 return true; |
164
8dc1faa5b1df
other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents:
162
diff
changeset
|
101 end |
8dc1faa5b1df
other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents:
162
diff
changeset
|
102 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
103 return { |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
104 incoming_s2s = incoming_s2s; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
105 new_incoming = new_incoming; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
106 new_outgoing = new_outgoing; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
107 retire_session = retire_session; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
108 destroy_session = destroy_session; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
109 }; |