Annotate

core/s2smanager.lua @ 10721:3a1b1d3084fb 0.11

core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513) Backport of 94e341dee51c The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now
author Kim Alvefur <zash@zash.se>
date Sun, 25 Aug 2019 20:22:35 +0200
parent 8675:d3d74e923e4e
child 9787:6625efab91e2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 1492
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2889
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2889
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5459
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 739
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 739
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 451
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 451
diff changeset
8
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 451
diff changeset
9
148
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
5366
c1357b7fbca3 s2smanager: Access prosody.hosts instead of hosts global directly
Matthew Wild <mwild1@gmail.com>
parents: 5362
diff changeset
11 local hosts = prosody.hosts;
5459
3a821511b9ec sessionmanager, s2smanager: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents: 5447
diff changeset
12 local tostring, pairs, setmetatable
3a821511b9ec sessionmanager, s2smanager: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents: 5447
diff changeset
13 = tostring, pairs, setmetatable;
148
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local logger_init = require "util.logger".init;
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 local log = logger_init("s2smanager");
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18
3476
193bb0936a4e s2smanager: Fire s2s{in,out}-established when new s2s connections are ready
Matthew Wild <mwild1@gmail.com>
parents: 3459
diff changeset
19 local prosody = _G.prosody;
8675
d3d74e923e4e s2smanager: Explicitly export the incoming_s2s table [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8555
diff changeset
20 local incoming_s2s = {};
d3d74e923e4e s2smanager: Explicitly export the incoming_s2s table [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8555
diff changeset
21 _G.incoming_s2s = incoming_s2s;
3476
193bb0936a4e s2smanager: Fire s2s{in,out}-established when new s2s connections are ready
Matthew Wild <mwild1@gmail.com>
parents: 3459
diff changeset
22 prosody.incoming_s2s = incoming_s2s;
5349
0d11e393201f s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents: 5306
diff changeset
23 local fire_event = prosody.events.fire_event;
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
24
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
25 local _ENV = nil;
8555
4f0f5b49bb03 vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents: 7950
diff changeset
26 -- luacheck: std none
148
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
28 local function new_incoming(conn)
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
29 local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} };
5306
10bc0e2aa55e s2smanager: Generate session names used for logging the same way everywhere
Kim Alvefur <zash@zash.se>
parents: 5105
diff changeset
30 session.log = logger_init("s2sin"..tostring(session):match("[a-f0-9]+$"));
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
31 incoming_s2s[session] = true;
148
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 return session;
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 end
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
35 local function new_outgoing(from_host, to_host)
4555
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents: 4461
diff changeset
36 local host_session = { to_host = to_host, from_host = from_host, host = from_host,
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents: 4461
diff changeset
37 notopen = true, type = "s2sout_unauthed", direction = "outgoing" };
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents: 4461
diff changeset
38 hosts[from_host].s2sout[to_host] = host_session;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents: 4461
diff changeset
39 local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents: 4461
diff changeset
40 host_session.log = logger_init(conn_name);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents: 4461
diff changeset
41 return host_session;
148
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 end
4c0dcd245d34 s2s works! \o/ \o/
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43
2746
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
44 local resting_session = { -- Resting, not dead
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
45 destroyed = true;
2915
f47bd0f7e2e6 sessionmanager, s2smanager: Add type of ?2s_destroyed to resting sessions (fixes a logging traceback, thanks Flo)
Matthew Wild <mwild1@gmail.com>
parents: 2892
diff changeset
46 type = "s2s_destroyed";
2748
85a242cd1bc4 s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents: 2747
diff changeset
47 open_stream = function (session)
85a242cd1bc4 s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents: 2747
diff changeset
48 session.log("debug", "Attempt to open stream on resting session");
85a242cd1bc4 s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents: 2747
diff changeset
49 end;
85a242cd1bc4 s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents: 2747
diff changeset
50 close = function (session)
85a242cd1bc4 s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents: 2747
diff changeset
51 session.log("debug", "Attempt to close already-closed session");
85a242cd1bc4 s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents: 2747
diff changeset
52 end;
6663
d3023dd07cb6 portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents: 5776
diff changeset
53 filter = function (type, data) return data; end; --luacheck: ignore 212/type
2746
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
54 }; resting_session.__index = resting_session;
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
55
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
56 local function retire_session(session, reason)
6663
d3023dd07cb6 portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents: 5776
diff changeset
57 local log = session.log or log; --luacheck: ignore 431/log
2746
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
58 for k in pairs(session) do
5447
92b88476873a sessionmanager, s2smanager: Remove open_session tracing
Matthew Wild <mwild1@gmail.com>
parents: 5367
diff changeset
59 if k ~= "log" and k ~= "id" and k ~= "conn" then
2746
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
60 session[k] = nil;
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
61 end
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
62 end
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
63
4018
5061c8d41d89 s2smanager: retire_session(): Add a 'reason' parameter
Matthew Wild <mwild1@gmail.com>
parents: 4017
diff changeset
64 session.destruction_reason = reason;
5061c8d41d89 s2smanager: retire_session(): Add a 'reason' parameter
Matthew Wild <mwild1@gmail.com>
parents: 4017
diff changeset
65
2746
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
66 function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
67 function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end
7452
d916703d5e18 s2smanager: Include a stub thread on destroyed sessions (thanks Link Mauve)
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
68 session.thread = { run = function (_, data) return session.data(data) end };
6691
c6c996410064 s2smanager: Make sure destroyed sessions have a sends2s method
Kim Alvefur <zash@zash.se>
parents: 5459
diff changeset
69 session.sends2s = session.send;
2746
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
70 return setmetatable(session, resting_session);
3b9547fc0bed sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents: 2714
diff changeset
71 end
2857
6036c4b75235 sessionmanager, s2smanager: Give sessions dummy data handlers that log when data is received by a destroyed session
Matthew Wild <mwild1@gmail.com>
parents: 2712
diff changeset
72
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
73 local function destroy_session(session, reason)
2749
8dc5f3651501 s2smanager: Don't re-destroy destroyed sessions
Matthew Wild <mwild1@gmail.com>
parents: 2748
diff changeset
74 if session.destroyed then return; end
7947
24170d74b00b core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
75 (session.log or log)("debug", "Destroying "..tostring(session.direction)
24170d74b00b core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
76 .." session "..tostring(session.from_host).."->"..tostring(session.to_host)
24170d74b00b core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
77 ..(reason and (": "..reason) or ""));
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5459
diff changeset
78
164
8dc1faa5b1df other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents: 162
diff changeset
79 if session.direction == "outgoing" then
260
182f0c895676 Now outgoing s2s sessions are associated with their from_host, fixes #15
Matthew Wild <mwild1@gmail.com>
parents: 259
diff changeset
80 hosts[session.from_host].s2sout[session.to_host] = nil;
4555
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents: 4461
diff changeset
81 session:bounce_sendq(reason);
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
82 elseif session.direction == "incoming" then
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
83 incoming_s2s[session] = nil;
164
8dc1faa5b1df other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents: 162
diff changeset
84 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5459
diff changeset
85
3488
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
86 local event_data = { session = session, reason = reason };
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
87 if session.type == "s2sout" then
5349
0d11e393201f s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents: 5306
diff changeset
88 fire_event("s2sout-destroyed", event_data);
3488
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
89 if hosts[session.from_host] then
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
90 hosts[session.from_host].events.fire_event("s2sout-destroyed", event_data);
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
91 end
3489
1b76d18e8045 s2smanager: Don't fire s2sin-destroyed for sessions that were never fully established (thanks Thomas)
Matthew Wild <mwild1@gmail.com>
parents: 3488
diff changeset
92 elseif session.type == "s2sin" then
5349
0d11e393201f s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents: 5306
diff changeset
93 fire_event("s2sin-destroyed", event_data);
3488
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
94 if hosts[session.to_host] then
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
95 hosts[session.to_host].events.fire_event("s2sin-destroyed", event_data);
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
96 end
4f3fc5f9d944 s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents: 3476
diff changeset
97 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5459
diff changeset
98
4019
80aa47c009f0 s2smanager: destroy_session(): Pass reason to retire_session() and return true on successful destruction
Matthew Wild <mwild1@gmail.com>
parents: 4018
diff changeset
99 retire_session(session, reason); -- Clean session until it is GC'd
80aa47c009f0 s2smanager: destroy_session(): Pass reason to retire_session() and return true on successful destruction
Matthew Wild <mwild1@gmail.com>
parents: 4018
diff changeset
100 return true;
164
8dc1faa5b1df other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents: 162
diff changeset
101 end
8dc1faa5b1df other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents: 162
diff changeset
102
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
103 return {
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
104 incoming_s2s = incoming_s2s;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
105 new_incoming = new_incoming;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
106 new_outgoing = new_outgoing;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
107 retire_session = retire_session;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
108 destroy_session = destroy_session;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6692
diff changeset
109 };