Software /
code /
prosody
Annotate
plugins/mod_s2s.lua @ 11683:41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Couldn't use those with the host being deactivated.
Problem: This kicks in on reload, which isn't needed.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 14 Jul 2021 02:39:54 +0200 |
parent | 11682:7843f1ca3b33 |
child | 11684:8b0baf3003fb |
rev | line source |
---|---|
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 -- Prosody IM |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
4 -- |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 -- COPYING file in the source package for more information. |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 -- |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 module:set_global(); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
4755
844019f369a5
mod_s2s: Fix imports and remove some unused variables
Matthew Wild <mwild1@gmail.com>
parents:
4752
diff
changeset
|
11 local prosody = prosody; |
844019f369a5
mod_s2s: Fix imports and remove some unused variables
Matthew Wild <mwild1@gmail.com>
parents:
4752
diff
changeset
|
12 local hosts = prosody.hosts; |
5013
ab693eea0869
mod_admin_adhoc, mod_admin_telnet, mod_bosh, mod_c2s, mod_component, mod_pep, mod_presence, mod_roster, mod_s2s: Import core_post_stanza from the global prosody table.
Kim Alvefur <zash@zash.se>
parents:
4997
diff
changeset
|
13 local core_process_stanza = prosody.core_process_stanza; |
4755
844019f369a5
mod_s2s: Fix imports and remove some unused variables
Matthew Wild <mwild1@gmail.com>
parents:
4752
diff
changeset
|
14 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local tostring, type = tostring, type; |
4578
da0528c59c52
mod_s2s: Add missing local table.insert
Kim Alvefur <zash@zash.se>
parents:
4576
diff
changeset
|
16 local t_insert = table.insert; |
8461
0f05d6535dfa
mod_s2s: Remove unused local [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8268
diff
changeset
|
17 local traceback = debug.traceback; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 local add_task = require "util.timer".add_task; |
11678
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
20 local stop_timer = require "util.timer".stop; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 local st = require "util.stanza"; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 local initialize_filters = require "util.filters".initialize; |
4568
aae7a62671de
mod_s2s: port functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents:
4555
diff
changeset
|
23 local nameprep = require "util.encodings".stringprep.nameprep; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 local new_xmpp_stream = require "util.xmppstream".new; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 local s2s_new_incoming = require "core.s2smanager".new_incoming; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 local s2s_new_outgoing = require "core.s2smanager".new_outgoing; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local s2s_destroy_session = require "core.s2smanager".destroy_session; |
4568
aae7a62671de
mod_s2s: port functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents:
4555
diff
changeset
|
28 local uuid_gen = require "util.uuid".generate; |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
29 local runner = require "util.async".runner; |
10622
0662fe0e2c31
Backed out changeset 74d66b1be989 (not optimal API)
Matthew Wild <mwild1@gmail.com>
parents:
10613
diff
changeset
|
30 local connect = require "net.connect".connect; |
10120
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
31 local service = require "net.resolvers.service"; |
10403
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
32 local errors = require "util.error"; |
10455
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
33 local set = require "util.set"; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
4997
61083e2b1392
mod_s2s: Bump s2s_timeout to 90, to allow for the TCP timeout (in most cases) - this allows us to continue to try other targets
Matthew Wild <mwild1@gmail.com>
parents:
4996
diff
changeset
|
35 local connect_timeout = module:get_option_number("s2s_timeout", 90); |
4969
15183193c6a6
mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false.
Matthew Wild <mwild1@gmail.com>
parents:
4968
diff
changeset
|
36 local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5); |
5522
3912c9264ef0
mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually configurable through s2s_tcp_keepalives (thanks yeled)
Matthew Wild <mwild1@gmail.com>
parents:
5505
diff
changeset
|
37 local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); |
5363
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
38 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day... |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
39 local secure_domains, insecure_domains = |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
40 module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; |
5594
ad66ee47b674
mod_s2s: Fix interaction between s2s_secure_auth and s2s_require_encryption, in particular ensure that when s2s_require_encryption is NOT set, do not require encryption on s2s_insecure_domains.
Matthew Wild <mwild1@gmail.com>
parents:
5533
diff
changeset
|
41 local require_encryption = module:get_option_boolean("s2s_require_encryption", false); |
11540
1937b3c3efb5
mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
Matthew Wild <mwild1@gmail.com>
parents:
11237
diff
changeset
|
42 local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit", 1024*512); |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
43 |
11525
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
44 local measure_connections_inbound = module:metric( |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
45 "gauge", "connections_inbound", "", |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
46 "Established incoming s2s connections", |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
47 {"host", "type", "ip_family"} |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
48 ); |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
49 local measure_connections_outbound = module:metric( |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
50 "gauge", "connections_outbound", "", |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
51 "Established outgoing s2s connections", |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
52 {"host", "type", "ip_family"} |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
53 ); |
6630
6735e2d735d6
mod_c2s, mod_s2s: Collect statistics on number of connections
Kim Alvefur <zash@zash.se>
parents:
6608
diff
changeset
|
54 |
11526
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
55 local m_accepted_tcp_connections = module:metric( |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
56 "counter", "accepted_tcp", "", |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
57 "Accepted incoming connections on the TCP layer" |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
58 ); |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
59 local m_authn_connections = module:metric( |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
60 "counter", "authenticated", "", |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
61 "Authenticated incoming connections", |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
62 {"host", "direction", "mechanism"} |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
63 ); |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
64 local m_initiated_connections = module:metric( |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
65 "counter", "initiated", "", |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
66 "Initiated outbound connections", |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
67 {"host"} |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
68 ); |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
69 local m_closed_connections = module:metric( |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
70 "counter", "closed", "", |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
71 "Closed connections", |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
72 {"host", "direction", "error"} |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
73 ); |
11608
b2610460d9ab
mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
74 local m_tls_params = module:metric( |
b2610460d9ab
mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
75 "counter", "encrypted", "", |
b2610460d9ab
mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
76 "Encrypted connections", |
b2610460d9ab
mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
77 {"protocol"; "cipher"} |
b2610460d9ab
mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
78 ); |
11526
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
79 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 local sessions = module:shared("sessions"); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
82 local runner_callbacks = {}; |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
83 |
10120
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
84 local listener = {}; |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
85 |
4752 | 86 local log = module._log; |
87 | |
10625
3bfb20be844c
mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver
Matthew Wild <mwild1@gmail.com>
parents:
10622
diff
changeset
|
88 local s2s_service_options = { |
3bfb20be844c
mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver
Matthew Wild <mwild1@gmail.com>
parents:
10622
diff
changeset
|
89 default_port = 5269; |
3bfb20be844c
mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver
Matthew Wild <mwild1@gmail.com>
parents:
10622
diff
changeset
|
90 use_ipv4 = module:get_option_boolean("use_ipv4", true); |
3bfb20be844c
mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver
Matthew Wild <mwild1@gmail.com>
parents:
10622
diff
changeset
|
91 use_ipv6 = module:get_option_boolean("use_ipv6", true); |
11415
a38f9e09ca31
mod_s2s: Add config setting to enable DANE
Kim Alvefur <zash@zash.se>
parents:
11367
diff
changeset
|
92 use_dane = module:get_option_boolean("use_dane", false); |
10625
3bfb20be844c
mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver
Matthew Wild <mwild1@gmail.com>
parents:
10622
diff
changeset
|
93 }; |
3bfb20be844c
mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver
Matthew Wild <mwild1@gmail.com>
parents:
10622
diff
changeset
|
94 |
7662
946871f6e3c8
mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval
Kim Alvefur <zash@zash.se>
parents:
7642
diff
changeset
|
95 module:hook("stats-update", function () |
11525
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
96 measure_connections_inbound:clear() |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
97 measure_connections_outbound:clear() |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
98 -- TODO: init all expected metrics once? |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
99 -- or maybe create/delete them in host-activate/host-deactivate? requires |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
100 -- extra API in openmetrics.lua tho |
8763
67ecff7be011
mod_s2s: Add a counter for IPv6.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
8545
diff
changeset
|
101 for _, session in pairs(sessions) do |
11525
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
102 local is_inbound = string.sub(session.type, 4, 5) == "in" |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
103 local metric_family = is_inbound and measure_connections_inbound or measure_connections_outbound |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
104 local host = is_inbound and session.to_host or session.from_host or "" |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
105 local type_ = session.type or "other" |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
106 |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
107 -- we want to expose both v4 and v6 counters in all cases to make |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
108 -- queries smoother |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
109 local is_ipv6 = session.ip and session.ip:match(":") and 1 or 0 |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
110 local is_ipv4 = 1 - is_ipv6 |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
111 metric_family:with_labels(host, type_, "ipv4"):add(is_ipv4) |
5f99fcc43938
mod_s2s: Port to new OpenMetrics API
Jonas Schäfer <jonas@wielicki.name>
parents:
11419
diff
changeset
|
112 metric_family:with_labels(host, type_, "ipv6"):add(is_ipv6) |
7466
f28fa742def3
mod_c2s, mod_s2s: Bootstrap connection count statistic on module load
Kim Alvefur <zash@zash.se>
parents:
7449
diff
changeset
|
113 end |
7662
946871f6e3c8
mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval
Kim Alvefur <zash@zash.se>
parents:
7642
diff
changeset
|
114 end); |
7466
f28fa742def3
mod_c2s, mod_s2s: Bootstrap connection count statistic on module load
Kim Alvefur <zash@zash.se>
parents:
7449
diff
changeset
|
115 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 --- Handle stanzas to remote domains |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 local bouncy_stanzas = { message = true, presence = true, iq = true }; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 local function bounce_sendq(session, reason) |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 local sendq = session.sendq; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 if not sendq then return; end |
8545
248bab2bd0c9
mod_s2s: Don't use string concatenation when passing values to logging
Kim Alvefur <zash@zash.se>
parents:
8483
diff
changeset
|
122 session.log("info", "Sending error replies for %d queued stanzas because of failed outgoing connection to %s", #sendq, session.to_host); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 local dummy = { |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 type = "s2sin"; |
8462
60d508f411a1
mod_s2s: Remove unused argument [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8461
diff
changeset
|
125 send = function () |
4755
844019f369a5
mod_s2s: Fix imports and remove some unused variables
Matthew Wild <mwild1@gmail.com>
parents:
4752
diff
changeset
|
126 (session.log or log)("error", "Replying to to an s2s error reply, please report this! Traceback: %s", traceback()); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 end; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 dummy = true; |
6626
071611bc4f1d
mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error)
Kim Alvefur <zash@zash.se>
parents:
6608
diff
changeset
|
129 close = function () |
071611bc4f1d
mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error)
Kim Alvefur <zash@zash.se>
parents:
6608
diff
changeset
|
130 (session.log or log)("error", "Attempting to close the dummy origin of s2s error replies, please report this! Traceback: %s", traceback()); |
071611bc4f1d
mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error)
Kim Alvefur <zash@zash.se>
parents:
6608
diff
changeset
|
131 end; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 }; |
10115
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
133 -- FIXME Allow for more specific error conditions |
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
134 -- TODO use util.error ? |
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
135 local error_type = "cancel"; |
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
136 local condition = "remote-server-not-found"; |
10403
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
137 local reason_text; |
10115
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
138 if session.had_stream then -- set when a stream is opened by the remote |
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
139 error_type, condition = "wait", "remote-server-timeout"; |
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
140 end |
10403
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
141 if errors.is_err(reason) then |
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
142 error_type, condition, reason_text = reason.type, reason.condition, reason.text; |
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
143 elseif type(reason) == "string" then |
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
144 reason_text = reason; |
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
145 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 for i, data in ipairs(sendq) do |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 local reply = data[2]; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 reply.attr.type = "error"; |
10115
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
150 reply:tag("error", {type = error_type, by = session.from_host}) |
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
151 :tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up(); |
10403
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
152 if reason_text then |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}) |
10403
3b82e9df5a7a
mod_s2s: Allow passing bounce reason as an util.error object (see #770)
Kim Alvefur <zash@zash.se>
parents:
10381
diff
changeset
|
154 :text("Server-to-server connection failed: "..reason_text):up(); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 core_process_stanza(dummy, reply); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 sendq[i] = nil; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 session.sendq = nil; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 |
4818
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
163 -- Handles stanzas to existing s2s sessions |
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
164 function route_to_existing_session(event) |
4580
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
165 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 if not hosts[from_host] then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 return false; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 end |
5390
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
170 if hosts[to_host] then |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
171 log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host); |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
172 return false; |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
173 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 local host = hosts[from_host].s2sout[to_host]; |
10483
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
175 if not host then return end |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
176 |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
177 -- We have a connection to this host already |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
178 if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
179 (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host); |
4580
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
180 |
10483
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
181 -- Queue stanza until we are able to send it |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
182 local queued_item = { |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
183 tostring(stanza), |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
184 stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza); |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
185 }; |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
186 if host.sendq then |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
187 t_insert(host.sendq, queued_item); |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
188 else |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
189 -- luacheck: ignore 122 |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
190 host.sendq = { queued_item }; |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
191 end |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
192 host.log("debug", "stanza [%s] queued ", stanza.name); |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
193 return true; |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
194 elseif host.type == "local" or host.type == "component" then |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
195 log("error", "Trying to send a stanza to ourselves??") |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
196 log("error", "Traceback: %s", traceback()); |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
197 log("error", "Stanza: %s", stanza); |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
198 return false; |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
199 else |
c12a24f0a385
mod_s2s: Invert condition to return early and reduce indentation
Kim Alvefur <zash@zash.se>
parents:
10482
diff
changeset
|
200 if host.sends2s(stanza) then |
4630
9502c0224caf
mod_s2s: Queuing a stanza constitutes handling it.
Paul Aurich <paul@darkrain42.org>
parents:
4625
diff
changeset
|
201 return true; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
203 end |
4818
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
204 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 |
4818
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
206 -- Create a new outgoing session for a stanza |
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
207 function route_to_new_session(event) |
4580
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
208 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; |
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
209 log("debug", "opening a new outgoing connection for this stanza"); |
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
210 local host_session = s2s_new_outgoing(from_host, to_host); |
10120
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
211 host_session.version = 1; |
4580
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
212 |
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
213 -- Store in buffer |
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
214 host_session.bounce_sendq = bounce_sendq; |
351936a8de4a
mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent.
Kim Alvefur <zash@zash.se>
parents:
4578
diff
changeset
|
215 host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; |
10111
0f335815244f
plugins: Remove tostring call from logging
Kim Alvefur <zash@zash.se>
parents:
9854
diff
changeset
|
216 log("debug", "stanza [%s] queued until connection complete", stanza.name); |
10625
3bfb20be844c
mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver
Matthew Wild <mwild1@gmail.com>
parents:
10622
diff
changeset
|
217 connect(service.new(to_host, "xmpp-server", "tcp", s2s_service_options), listener, nil, { session = host_session }); |
11526
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
218 m_initiated_connections:with_labels(from_host):add(1) |
4581
d2eb5962d235
mod_s2s: return true when we sent the stanza, or initiated a new s2sout
Kim Alvefur <zash@zash.se>
parents:
4580
diff
changeset
|
219 return true; |
4818
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
220 end |
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
221 |
5669
9345c161481f
mod_c2s, mod_s2s: Fire an event on read timeouts
Kim Alvefur <zash@zash.se>
parents:
5661
diff
changeset
|
222 local function keepalive(event) |
11226
b3ae48362f78
mod_s2s: Prevent whitespace keepalives the stream has been opened
Kim Alvefur <zash@zash.se>
parents:
11118
diff
changeset
|
223 local session = event.session; |
b3ae48362f78
mod_s2s: Prevent whitespace keepalives the stream has been opened
Kim Alvefur <zash@zash.se>
parents:
11118
diff
changeset
|
224 if not session.notopen then |
11237
49aeae836ad1
mod_s2s: Fix copypaste mistake in b3ae48362f78
Kim Alvefur <zash@zash.se>
parents:
11226
diff
changeset
|
225 return event.session.sends2s(' '); |
11226
b3ae48362f78
mod_s2s: Prevent whitespace keepalives the stream has been opened
Kim Alvefur <zash@zash.se>
parents:
11118
diff
changeset
|
226 end |
5669
9345c161481f
mod_c2s, mod_s2s: Fire an event on read timeouts
Kim Alvefur <zash@zash.se>
parents:
5661
diff
changeset
|
227 end |
9345c161481f
mod_c2s, mod_s2s: Fire an event on read timeouts
Kim Alvefur <zash@zash.se>
parents:
5661
diff
changeset
|
228 |
5713
5cf6dedf36f4
mod_s2s: Add missing global hook for read-timeout
Kim Alvefur <zash@zash.se>
parents:
5669
diff
changeset
|
229 module:hook("s2s-read-timeout", keepalive, -1); |
5cf6dedf36f4
mod_s2s: Add missing global hook for read-timeout
Kim Alvefur <zash@zash.se>
parents:
5669
diff
changeset
|
230 |
4818
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
231 function module.add_host(module) |
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
232 if module:get_option_boolean("disallow_s2s", false) then |
7359
a5a080c12c96
Update every link to the documentation to use HTTPS
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
7278
diff
changeset
|
233 module:log("warn", "The 'disallow_s2s' config option is deprecated, please see https://prosody.im/doc/s2s#disabling"); |
4818
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
234 return nil, "This host has disallow_s2s set"; |
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
235 end |
5454
5f69fddf6fb9
mod_s2s: Adjust priority of route/remote hooks to negative values (like most other internal hooks)
Kim Alvefur <zash@zash.se>
parents:
5423
diff
changeset
|
236 module:hook("route/remote", route_to_existing_session, -1); |
5f69fddf6fb9
mod_s2s: Adjust priority of route/remote hooks to negative values (like most other internal hooks)
Kim Alvefur <zash@zash.se>
parents:
5423
diff
changeset
|
237 module:hook("route/remote", route_to_new_session, -10); |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
238 module:hook("s2s-authenticated", make_authenticated, -1); |
5669
9345c161481f
mod_c2s, mod_s2s: Fire an event on read timeouts
Kim Alvefur <zash@zash.se>
parents:
5661
diff
changeset
|
239 module:hook("s2s-read-timeout", keepalive, -1); |
9412
063977461363
mod_s2s: Silence all warnings instead of ignoring the entire module
Kim Alvefur <zash@zash.se>
parents:
9070
diff
changeset
|
240 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) -- luacheck: ignore 212/stanza |
6146
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
241 if session.type == "s2sout" then |
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
242 -- Stream is authenticated and we are seem to be done with feature negotiation, |
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
243 -- so the stream is ready for stanzas. RFC 6120 Section 4.3 |
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
244 mark_connected(session); |
6403
166d1bd8fc38
core.stanza_router, mod_s2s: Move handling of S2S features to mod_s2s from stanza_router
Kim Alvefur <zash@zash.se>
parents:
6382
diff
changeset
|
245 return true; |
10457
0c44090cb168
mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied
Kim Alvefur <zash@zash.se>
parents:
10456
diff
changeset
|
246 elseif require_encryption and not session.secure then |
0c44090cb168
mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied
Kim Alvefur <zash@zash.se>
parents:
10456
diff
changeset
|
247 session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host); |
0c44090cb168
mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied
Kim Alvefur <zash@zash.se>
parents:
10456
diff
changeset
|
248 session:close({ |
0c44090cb168
mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied
Kim Alvefur <zash@zash.se>
parents:
10456
diff
changeset
|
249 condition = "policy-violation", |
0c44090cb168
mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied
Kim Alvefur <zash@zash.se>
parents:
10456
diff
changeset
|
250 text = "Encrypted server-to-server communication is required but was not offered", |
0c44090cb168
mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied
Kim Alvefur <zash@zash.se>
parents:
10456
diff
changeset
|
251 }, nil, "Could not establish encrypted connection to remote server"); |
10459
7456eaa83b15
mod_s2s: Prevent unhandled stanza handler from complaining about stream features on aborted connections
Kim Alvefur <zash@zash.se>
parents:
10457
diff
changeset
|
252 return true; |
6426
e5945fb5b71f
mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present
Kim Alvefur <zash@zash.se>
parents:
6403
diff
changeset
|
253 elseif not session.dialback_verifying then |
e5945fb5b71f
mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present
Kim Alvefur <zash@zash.se>
parents:
6403
diff
changeset
|
254 session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up"); |
10311
1bb1e16f24b0
mod_s2s: Close with a stream error in case neither SASL or Dialback are available
Kim Alvefur <zash@zash.se>
parents:
10249
diff
changeset
|
255 session:close({ |
1bb1e16f24b0
mod_s2s: Close with a stream error in case neither SASL or Dialback are available
Kim Alvefur <zash@zash.se>
parents:
10249
diff
changeset
|
256 condition = "unsupported-feature", |
1bb1e16f24b0
mod_s2s: Close with a stream error in case neither SASL or Dialback are available
Kim Alvefur <zash@zash.se>
parents:
10249
diff
changeset
|
257 text = "No viable authentication method offered", |
10426
dd4eb84d92a8
mod_s2s: Add error text for error replies on some s2s failures (#770)
Kim Alvefur <zash@zash.se>
parents:
10425
diff
changeset
|
258 }, nil, "No viable authentication method offered by remote server"); |
10459
7456eaa83b15
mod_s2s: Prevent unhandled stanza handler from complaining about stream features on aborted connections
Kim Alvefur <zash@zash.se>
parents:
10457
diff
changeset
|
259 return true; |
6146
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
260 end |
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
261 end, -1); |
11683
41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Kim Alvefur <zash@zash.se>
parents:
11682
diff
changeset
|
262 |
41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Kim Alvefur <zash@zash.se>
parents:
11682
diff
changeset
|
263 function module.unload() |
41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Kim Alvefur <zash@zash.se>
parents:
11682
diff
changeset
|
264 for _, session in pairs(sessions) do |
41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Kim Alvefur <zash@zash.se>
parents:
11682
diff
changeset
|
265 if session.to_host == module.host or session.from_host == module.host then |
41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Kim Alvefur <zash@zash.se>
parents:
11682
diff
changeset
|
266 session:close("host-gone"); |
41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Kim Alvefur <zash@zash.se>
parents:
11682
diff
changeset
|
267 end |
41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Kim Alvefur <zash@zash.se>
parents:
11682
diff
changeset
|
268 end |
41b144a93897
mod_s2s: Close connections attached to a host being deactivated
Kim Alvefur <zash@zash.se>
parents:
11682
diff
changeset
|
269 end |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
270 end |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
271 |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
272 -- Stream is authorised, and ready for normal stanzas |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
273 function mark_connected(session) |
8267
42fad8465537
mod_s2s: Use a separate resolver object for each outgoing session
Matthew Wild <mwild1@gmail.com>
parents:
8234
diff
changeset
|
274 |
6683
873ad1023eb0
mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed
Kim Alvefur <zash@zash.se>
parents:
6600
diff
changeset
|
275 local sendq = session.sendq; |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
276 |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
277 local from, to = session.from_host, session.to_host; |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
278 |
5800
3a48acbcb7f3
mod_s2s: Captitalize log messages that begin with a stream direction
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
279 session.log("info", "%s s2s connection %s->%s complete", session.direction:gsub("^.", string.upper), from, to); |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
280 |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
281 local event_data = { session = session }; |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
282 if session.type == "s2sout" then |
11668
f18fbae6d9fe
mod_s2s: Use module API to fire events
Kim Alvefur <zash@zash.se>
parents:
11624
diff
changeset
|
283 module:fire_event("s2sout-established", event_data); |
f18fbae6d9fe
mod_s2s: Use module API to fire events
Kim Alvefur <zash@zash.se>
parents:
11624
diff
changeset
|
284 module:context(from):fire_event("s2sout-established", event_data); |
10247
5de65f30fe5e
mod_s2s: Add function to send replies on s2sout connections that support incoming traffic
Kim Alvefur <zash@zash.se>
parents:
10246
diff
changeset
|
285 |
5de65f30fe5e
mod_s2s: Add function to send replies on s2sout connections that support incoming traffic
Kim Alvefur <zash@zash.se>
parents:
10246
diff
changeset
|
286 if session.incoming then |
5de65f30fe5e
mod_s2s: Add function to send replies on s2sout connections that support incoming traffic
Kim Alvefur <zash@zash.se>
parents:
10246
diff
changeset
|
287 session.send = function(stanza) |
11668
f18fbae6d9fe
mod_s2s: Use module API to fire events
Kim Alvefur <zash@zash.se>
parents:
11624
diff
changeset
|
288 return module:context(from):fire_event("route/remote", { from_host = from, to_host = to, stanza = stanza }); |
10247
5de65f30fe5e
mod_s2s: Add function to send replies on s2sout connections that support incoming traffic
Kim Alvefur <zash@zash.se>
parents:
10246
diff
changeset
|
289 end; |
5de65f30fe5e
mod_s2s: Add function to send replies on s2sout connections that support incoming traffic
Kim Alvefur <zash@zash.se>
parents:
10246
diff
changeset
|
290 end |
5de65f30fe5e
mod_s2s: Add function to send replies on s2sout connections that support incoming traffic
Kim Alvefur <zash@zash.se>
parents:
10246
diff
changeset
|
291 |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
292 else |
10248
d7cadd118053
mod_s2s: Insert s2sin into outgoing routing table when bidirectional
Kim Alvefur <zash@zash.se>
parents:
10247
diff
changeset
|
293 if session.outgoing and not hosts[to].s2sout[from] then |
d7cadd118053
mod_s2s: Insert s2sin into outgoing routing table when bidirectional
Kim Alvefur <zash@zash.se>
parents:
10247
diff
changeset
|
294 session.log("debug", "Setting up to handle route from %s to %s", to, from); |
d7cadd118053
mod_s2s: Insert s2sin into outgoing routing table when bidirectional
Kim Alvefur <zash@zash.se>
parents:
10247
diff
changeset
|
295 hosts[to].s2sout[from] = session; -- luacheck: ignore 122 |
d7cadd118053
mod_s2s: Insert s2sin into outgoing routing table when bidirectional
Kim Alvefur <zash@zash.se>
parents:
10247
diff
changeset
|
296 end |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
297 local host_session = hosts[to]; |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
298 session.send = function(stanza) |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
299 return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza }); |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
300 end; |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
301 |
11668
f18fbae6d9fe
mod_s2s: Use module API to fire events
Kim Alvefur <zash@zash.se>
parents:
11624
diff
changeset
|
302 module:fire_event("s2sin-established", event_data); |
f18fbae6d9fe
mod_s2s: Use module API to fire events
Kim Alvefur <zash@zash.se>
parents:
11624
diff
changeset
|
303 module:context(to):fire_event("s2sin-established", event_data); |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
304 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
305 |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
306 if session.direction == "outgoing" then |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
307 if sendq then |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
308 session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host); |
6683
873ad1023eb0
mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed
Kim Alvefur <zash@zash.se>
parents:
6600
diff
changeset
|
309 local send = session.sends2s; |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
310 for i, data in ipairs(sendq) do |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
311 send(data[1]); |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
312 sendq[i] = nil; |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
313 end |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
314 session.sendq = nil; |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
315 end |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
316 end |
11678
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
317 |
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
318 if session.connect_timeout then |
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
319 stop_timer(session.connect_timeout); |
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
320 session.connect_timeout = nil; |
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
321 end |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
322 end |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
323 |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
324 function make_authenticated(event) |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
325 local session, host = event.session, event.host; |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
326 if not session.secure then |
5594
ad66ee47b674
mod_s2s: Fix interaction between s2s_secure_auth and s2s_require_encryption, in particular ensure that when s2s_require_encryption is NOT set, do not require encryption on s2s_insecure_domains.
Matthew Wild <mwild1@gmail.com>
parents:
5533
diff
changeset
|
327 if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
328 session:close({ |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
329 condition = "policy-violation", |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
330 text = "Encrypted server-to-server communication is required but was not " |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
331 ..((session.direction == "outgoing" and "offered") or "used") |
10426
dd4eb84d92a8
mod_s2s: Add error text for error replies on some s2s failures (#770)
Kim Alvefur <zash@zash.se>
parents:
10425
diff
changeset
|
332 }, nil, "Could not establish encrypted connection to remote server"); |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
333 end |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
334 end |
5390
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
335 if hosts[host] then |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
336 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
337 end |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
338 if session.type == "s2sout_unauthed" then |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
339 session.type = "s2sout"; |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
340 elseif session.type == "s2sin_unauthed" then |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
341 session.type = "s2sin"; |
10246
19d7a2e7b9c4
mod_s2s: Handle authentication of s2sin and s2sout the same way
Kim Alvefur <zash@zash.se>
parents:
10240
diff
changeset
|
342 elseif session.type ~= "s2sin" and session.type ~= "s2sout" then |
19d7a2e7b9c4
mod_s2s: Handle authentication of s2sin and s2sout the same way
Kim Alvefur <zash@zash.se>
parents:
10240
diff
changeset
|
343 return false; |
19d7a2e7b9c4
mod_s2s: Handle authentication of s2sin and s2sout the same way
Kim Alvefur <zash@zash.se>
parents:
10240
diff
changeset
|
344 end |
19d7a2e7b9c4
mod_s2s: Handle authentication of s2sin and s2sout the same way
Kim Alvefur <zash@zash.se>
parents:
10240
diff
changeset
|
345 |
19d7a2e7b9c4
mod_s2s: Handle authentication of s2sin and s2sout the same way
Kim Alvefur <zash@zash.se>
parents:
10240
diff
changeset
|
346 if session.incoming and host then |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
347 if not session.hosts[host] then session.hosts[host] = {}; end |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
348 session.hosts[host].authed = true; |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
349 end |
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
350 session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host); |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
351 |
11526
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
352 local local_host = session.direction == "incoming" and session.to_host or session.from_host |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
353 m_authn_connections:with_labels(local_host, session.direction, event.mechanism or "other"):add(1) |
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
354 |
6146
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
355 if (session.type == "s2sout" and session.external_auth ~= "succeeded") or session.type == "s2sin" then |
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
356 -- Stream either used dialback for authentication or is an incoming stream. |
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
357 mark_connected(session); |
ac4f8770d9aa
mod_s2s: Follow XMPP Core on when a stream is to be considered ready
Kim Alvefur <zash@zash.se>
parents:
6085
diff
changeset
|
358 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
359 |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
360 return true; |
4818
3bda6fc02652
mod_s2s: Become a shared module (yay)
Matthew Wild <mwild1@gmail.com>
parents:
4814
diff
changeset
|
361 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
362 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
363 --- Helper to check that a session peer's certificate is valid |
11558
d0e9ffccdef9
mod_dialback: Remove d-w-d feature
Kim Alvefur <zash@zash.se>
parents:
11540
diff
changeset
|
364 local function check_cert_status(session) |
5387
1130887e0d41
mod_s2s: session.from_host does not allways exist on incoming connections, true and nil or "our hostname" does not evaluate to what we want here
Kim Alvefur <zash@zash.se>
parents:
5368
diff
changeset
|
365 local host = session.direction == "outgoing" and session.to_host or session.from_host |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
366 local conn = session.conn:socket() |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
367 local cert |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
368 if conn.getpeercertificate then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
369 cert = conn:getpeercertificate() |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
370 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
371 |
5363
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
372 return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert }); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
373 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
374 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
375 --- XMPP stream event handlers |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
376 |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
377 local stream_callbacks = { default_ns = "jabber:server" }; |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
378 |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
379 function stream_callbacks.handlestanza(session, stanza) |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
380 stanza = session.filter("stanzas/in", stanza); |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
381 session.thread:run(stanza); |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
382 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
383 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
384 local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
385 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
386 function stream_callbacks.streamopened(session, attr) |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
387 -- run _streamopened in async context |
10809
86ea811ee25b
mod_s2s: Improve signaling of stream open events
Kim Alvefur <zash@zash.se>
parents:
10648
diff
changeset
|
388 session.thread:run({ stream = "opened", attr = attr }); |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
389 end |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
390 |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
391 function stream_callbacks._streamopened(session, attr) |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
392 session.version = tonumber(attr.version) or 0; |
10115
c0bd5daa9c7f
mod_s2s: Distinguish between high and low level errors in bounces
Kim Alvefur <zash@zash.se>
parents:
10111
diff
changeset
|
393 session.had_stream = true; -- Had a stream opened at least once |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
394 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
395 -- TODO: Rename session.secure to session.encrypted |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
396 if session.secure == false then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
397 session.secure = true; |
5859
e327f2d4e09f
mod_c2s, mod_s2s: Set session.encrypted as session.secure does not allways mean encrypted (eg consider_bosh_secure)
Kim Alvefur <zash@zash.se>
parents:
5801
diff
changeset
|
398 session.encrypted = true; |
5173
b22d24b5a89a
mod_s2s: Detect TLS compression
Kim Alvefur <zash@zash.se>
parents:
5120
diff
changeset
|
399 |
b22d24b5a89a
mod_s2s: Detect TLS compression
Kim Alvefur <zash@zash.se>
parents:
5120
diff
changeset
|
400 local sock = session.conn:socket(); |
11623
cce5191a65a7
mod_s2s: Guard against LuaSec not returning TLS info here too
Kim Alvefur <zash@zash.se>
parents:
11609
diff
changeset
|
401 local info = sock.info and sock:info(); |
cce5191a65a7
mod_s2s: Guard against LuaSec not returning TLS info here too
Kim Alvefur <zash@zash.se>
parents:
11609
diff
changeset
|
402 if type(info) == "table" then |
5801
224644752bf4
mod_c2s, mod_s2s: Log cipher and encryption info in a more compact and (hopefully) less confusing way
Kim Alvefur <zash@zash.se>
parents:
5800
diff
changeset
|
403 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); |
5764
969e0a054795
mod_c2s, mod_s2s: Log a message that stream encryption has been enabled with some details
Kim Alvefur <zash@zash.se>
parents:
5713
diff
changeset
|
404 session.compressed = info.compression; |
11608
b2610460d9ab
mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers
Kim Alvefur <zash@zash.se>
parents:
11560
diff
changeset
|
405 m_tls_params:with_labels(info.protocol, info.cipher):add(1) |
5764
969e0a054795
mod_c2s, mod_s2s: Log a message that stream encryption has been enabled with some details
Kim Alvefur <zash@zash.se>
parents:
5713
diff
changeset
|
406 else |
969e0a054795
mod_c2s, mod_s2s: Log a message that stream encryption has been enabled with some details
Kim Alvefur <zash@zash.se>
parents:
5713
diff
changeset
|
407 (session.log or log)("info", "Stream encrypted"); |
5173
b22d24b5a89a
mod_s2s: Detect TLS compression
Kim Alvefur <zash@zash.se>
parents:
5120
diff
changeset
|
408 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
409 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
410 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
411 if session.direction == "incoming" then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
412 -- Send a reply stream header |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
413 |
4589
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
414 -- Validate to/from |
10381
66fa45d24481
mod_s2s: Only nameprep stream to/from addresses if they are present
Kim Alvefur <zash@zash.se>
parents:
10311
diff
changeset
|
415 local to, from = attr.to, attr.from; |
66fa45d24481
mod_s2s: Only nameprep stream to/from addresses if they are present
Kim Alvefur <zash@zash.se>
parents:
10311
diff
changeset
|
416 if to then to = nameprep(attr.to); end |
66fa45d24481
mod_s2s: Only nameprep stream to/from addresses if they are present
Kim Alvefur <zash@zash.se>
parents:
10311
diff
changeset
|
417 if from then from = nameprep(attr.from); end |
4589
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
418 if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts) |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
419 session:close({ condition = "improper-addressing", text = "Invalid 'to' address" }); |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
420 return; |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
421 end |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
422 if not from and attr.from then -- COMPAT: Some servers do not reliably set 'from' (especially on stream restarts) |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
423 session:close({ condition = "improper-addressing", text = "Invalid 'from' address" }); |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
424 return; |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
425 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
426 |
4589
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
427 -- Set session.[from/to]_host if they have not been set already and if |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
428 -- this session isn't already authenticated |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
429 if session.type == "s2sin_unauthed" and from and not session.from_host then |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
430 session.from_host = from; |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
431 elseif from ~= session.from_host then |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
432 session:close({ condition = "improper-addressing", text = "New stream 'from' attribute does not match original" }); |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
433 return; |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
434 end |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
435 if session.type == "s2sin_unauthed" and to and not session.to_host then |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
436 session.to_host = to; |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
437 elseif to ~= session.to_host then |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
438 session:close({ condition = "improper-addressing", text = "New stream 'to' attribute does not match original" }); |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
439 return; |
8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
Matthew Wild <mwild1@gmail.com>
parents:
4587
diff
changeset
|
440 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
441 |
4820
c65edd3bb334
mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups
Matthew Wild <mwild1@gmail.com>
parents:
4819
diff
changeset
|
442 -- For convenience we'll put the sanitised values into these variables |
c65edd3bb334
mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups
Matthew Wild <mwild1@gmail.com>
parents:
4819
diff
changeset
|
443 to, from = session.to_host, session.from_host; |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
444 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
445 session.streamid = uuid_gen(); |
4590
883611842d3a
mod_s2s: Log the entire stream header.
Kim Alvefur <zash@zash.se>
parents:
4587
diff
changeset
|
446 (session.log or log)("debug", "Incoming s2s received %s", st.stanza("stream:stream", attr):top_tag()); |
4820
c65edd3bb334
mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups
Matthew Wild <mwild1@gmail.com>
parents:
4819
diff
changeset
|
447 if to then |
c65edd3bb334
mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups
Matthew Wild <mwild1@gmail.com>
parents:
4819
diff
changeset
|
448 if not hosts[to] then |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
449 -- Attempting to connect to a host we don't serve |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
450 session:close({ |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
451 condition = "host-unknown"; |
4820
c65edd3bb334
mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups
Matthew Wild <mwild1@gmail.com>
parents:
4819
diff
changeset
|
452 text = "This host does not serve "..to |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
453 }); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
454 return; |
4834
878f75ccc4fb
mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users
Matthew Wild <mwild1@gmail.com>
parents:
4822
diff
changeset
|
455 elseif not hosts[to].modules.s2s then |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
456 -- Attempting to connect to a host that disallows s2s |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
457 session:close({ |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
458 condition = "policy-violation"; |
4834
878f75ccc4fb
mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users
Matthew Wild <mwild1@gmail.com>
parents:
4822
diff
changeset
|
459 text = "Server-to-server communication is disabled for this host"; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
460 }); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
461 return; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
462 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
463 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
464 |
5390
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
465 if hosts[from] then |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
466 session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" }); |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
467 return; |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
468 end |
b3c8757ee4f4
mod_s2s: Prevent s2s to and from hosts we serve locally
Kim Alvefur <zash@zash.se>
parents:
5389
diff
changeset
|
469 |
5363
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
470 if session.secure and not session.cert_chain_status then |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
471 if check_cert_status(session) == false then |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
472 return; |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
473 end |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
474 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
475 |
5533
df3c78221f26
mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338
Matthew Wild <mwild1@gmail.com>
parents:
5522
diff
changeset
|
476 session:open_stream(session.to_host, session.from_host) |
11609
6dcc45a2e3bc
mod_s2s: Bail if connection is destroyed after attempting to open stream
Kim Alvefur <zash@zash.se>
parents:
11608
diff
changeset
|
477 if session.destroyed then |
6dcc45a2e3bc
mod_s2s: Bail if connection is destroyed after attempting to open stream
Kim Alvefur <zash@zash.se>
parents:
11608
diff
changeset
|
478 -- sending the stream opening could have failed during an opportunistic write |
6dcc45a2e3bc
mod_s2s: Bail if connection is destroyed after attempting to open stream
Kim Alvefur <zash@zash.se>
parents:
11608
diff
changeset
|
479 return |
6dcc45a2e3bc
mod_s2s: Bail if connection is destroyed after attempting to open stream
Kim Alvefur <zash@zash.se>
parents:
11608
diff
changeset
|
480 end |
6dcc45a2e3bc
mod_s2s: Bail if connection is destroyed after attempting to open stream
Kim Alvefur <zash@zash.se>
parents:
11608
diff
changeset
|
481 |
6684
53635a91c95c
mod_s2s: Mark stream as opened directly after opening stream, prevents session.close opening it again
Kim Alvefur <zash@zash.se>
parents:
6683
diff
changeset
|
482 session.notopen = nil; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
483 if session.version >= 1.0 then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
484 local features = st.stanza("stream:features"); |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
485 |
4820
c65edd3bb334
mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups
Matthew Wild <mwild1@gmail.com>
parents:
4819
diff
changeset
|
486 if to then |
11668
f18fbae6d9fe
mod_s2s: Use module API to fire events
Kim Alvefur <zash@zash.se>
parents:
11624
diff
changeset
|
487 module:context(to):fire_event("s2s-stream-features", { origin = session, features = features }); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
488 else |
5975
0d219631d47b
mod_s2s: Include IP in log messages, if host is unavailable
Florian Zeitz <florob@babelmonkeys.de>
parents:
5769
diff
changeset
|
489 (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host"); |
11668
f18fbae6d9fe
mod_s2s: Use module API to fire events
Kim Alvefur <zash@zash.se>
parents:
11624
diff
changeset
|
490 module:fire_event("s2s-stream-features-legacy", { origin = session, features = features }); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
491 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
492 |
6846
7eb166fa1f26
mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285)
Kim Alvefur <zash@zash.se>
parents:
6685
diff
changeset
|
493 if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then |
8483
6d47b74926dd
mod_s2s: Remove tostring() in logging since this is handled by util.format now
Kim Alvefur <zash@zash.se>
parents:
8463
diff
changeset
|
494 log("debug", "Sending stream features: %s", features); |
6846
7eb166fa1f26
mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285)
Kim Alvefur <zash@zash.se>
parents:
6685
diff
changeset
|
495 session.sends2s(features); |
7eb166fa1f26
mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285)
Kim Alvefur <zash@zash.se>
parents:
6685
diff
changeset
|
496 else |
7865
a8cc495a65dc
mod_s2s: Clarify that it is stream features that can't be offered (here too)
Kim Alvefur <zash@zash.se>
parents:
7679
diff
changeset
|
497 (session.log or log)("warn", "No stream features to offer, giving up"); |
a8cc495a65dc
mod_s2s: Clarify that it is stream features that can't be offered (here too)
Kim Alvefur <zash@zash.se>
parents:
7679
diff
changeset
|
498 session:close({ condition = "undefined-condition", text = "No stream features to offer" }); |
6846
7eb166fa1f26
mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285)
Kim Alvefur <zash@zash.se>
parents:
6685
diff
changeset
|
499 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
500 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
501 elseif session.direction == "outgoing" then |
6359
c74670b3be53
mod_s2s: Mark stream as opened earlier for outgoing connections, fixes double stream headers on policy failures
Kim Alvefur <zash@zash.se>
parents:
5975
diff
changeset
|
502 session.notopen = nil; |
6378
3cec0eef0b70
mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error
Kim Alvefur <zash@zash.se>
parents:
6364
diff
changeset
|
503 if not attr.id then |
7677
8613086779fa
mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered protocol issues
Matthew Wild <mwild1@gmail.com>
parents:
7100
diff
changeset
|
504 log("warn", "Stream response did not give us a stream id!"); |
6378
3cec0eef0b70
mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error
Kim Alvefur <zash@zash.se>
parents:
6364
diff
changeset
|
505 session:close({ condition = "undefined-condition", text = "Missing stream ID" }); |
3cec0eef0b70
mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error
Kim Alvefur <zash@zash.se>
parents:
6364
diff
changeset
|
506 return; |
3cec0eef0b70
mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error
Kim Alvefur <zash@zash.se>
parents:
6364
diff
changeset
|
507 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
508 session.streamid = attr.id; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
509 |
5363
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
510 if session.secure and not session.cert_chain_status then |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
511 if check_cert_status(session) == false then |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
512 return; |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
513 end |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
514 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
515 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
516 -- If server is pre-1.0, don't wait for features, just do dialback |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
517 if session.version < 1.0 then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
518 if not session.dialback_verifying then |
11668
f18fbae6d9fe
mod_s2s: Use module API to fire events
Kim Alvefur <zash@zash.se>
parents:
11624
diff
changeset
|
519 module:context(session.from_host):fire_event("s2sout-authenticate-legacy", { origin = session }); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
520 else |
5362
612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents:
5351
diff
changeset
|
521 mark_connected(session); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
522 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
523 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
524 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
525 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
526 |
10810
8a0a923e1ced
mod_s2s: Run stream close in async context
Kim Alvefur <zash@zash.se>
parents:
10809
diff
changeset
|
527 function stream_callbacks._streamclosed(session) |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
528 (session.log or log)("debug", "Received </stream:stream>"); |
4988
29bdf68ad142
mod_s2s: Adjust session:close() in line with mod_c2s's - fixes waiting for </stream:stream> if it has already been sent by the peer
Matthew Wild <mwild1@gmail.com>
parents:
4969
diff
changeset
|
529 session:close(false); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
530 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
531 |
10810
8a0a923e1ced
mod_s2s: Run stream close in async context
Kim Alvefur <zash@zash.se>
parents:
10809
diff
changeset
|
532 function stream_callbacks.streamclosed(session, attr) |
8a0a923e1ced
mod_s2s: Run stream close in async context
Kim Alvefur <zash@zash.se>
parents:
10809
diff
changeset
|
533 -- run _streamclosed in async context |
8a0a923e1ced
mod_s2s: Run stream close in async context
Kim Alvefur <zash@zash.se>
parents:
10809
diff
changeset
|
534 session.thread:run({ stream = "closed", attr = attr }); |
8a0a923e1ced
mod_s2s: Run stream close in async context
Kim Alvefur <zash@zash.se>
parents:
10809
diff
changeset
|
535 end |
8a0a923e1ced
mod_s2s: Run stream close in async context
Kim Alvefur <zash@zash.se>
parents:
10809
diff
changeset
|
536 |
11682
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
537 -- Some stream conditions indicate a problem on our end, e.g. that we sent |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
538 -- something invalid. Those should be investigated. Others are problems or |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
539 -- events in the remote host that don't affect us, or simply that the |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
540 -- connection was closed for being idle. |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
541 local stream_condition_severity = { |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
542 ["bad-format"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
543 ["bad-namespace-prefix"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
544 ["conflict"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
545 ["connection-timeout"] = "debug"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
546 ["host-gone"] = "info"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
547 ["host-unknown"] = "info"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
548 ["improper-addressing"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
549 ["internal-server-error"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
550 ["invalid-from"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
551 ["invalid-namespace"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
552 ["invalid-xml"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
553 ["not-authorized"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
554 ["not-well-formed"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
555 ["policy-violation"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
556 ["remote-connection-failed"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
557 ["reset"] = "info"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
558 ["resource-constraint"] = "info"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
559 ["restricted-xml"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
560 ["see-other-host"] = "info"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
561 ["system-shutdown"] = "info"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
562 ["undefined-condition"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
563 ["unsupported-encoding"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
564 ["unsupported-feature"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
565 ["unsupported-stanza-type"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
566 ["unsupported-version"] = "warn"; |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
567 } |
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
568 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
569 function stream_callbacks.error(session, error, data) |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
570 if error == "no-stream" then |
6364
4e93e8768c36
mod_c2s, mod_s2s: Log received invalid stream headers
Matthew Wild <mwild1@gmail.com>
parents:
6362
diff
changeset
|
571 session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}"))); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
572 session:close("invalid-namespace"); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
573 elseif error == "parse-error" then |
8483
6d47b74926dd
mod_s2s: Remove tostring() in logging since this is handled by util.format now
Kim Alvefur <zash@zash.se>
parents:
8463
diff
changeset
|
574 session.log("debug", "Server-to-server XML parse error: %s", error); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
575 session:close("not-well-formed"); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
576 elseif error == "stream-error" then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
577 local condition, text = "undefined-condition"; |
8233
4e7269c53659
mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9)
Kim Alvefur <zash@zash.se>
parents:
7677
diff
changeset
|
578 for child in data:childtags(nil, xmlns_xmpp_streams) do |
4e7269c53659
mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9)
Kim Alvefur <zash@zash.se>
parents:
7677
diff
changeset
|
579 if child.name ~= "text" then |
4e7269c53659
mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9)
Kim Alvefur <zash@zash.se>
parents:
7677
diff
changeset
|
580 condition = child.name; |
4e7269c53659
mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9)
Kim Alvefur <zash@zash.se>
parents:
7677
diff
changeset
|
581 else |
4e7269c53659
mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9)
Kim Alvefur <zash@zash.se>
parents:
7677
diff
changeset
|
582 text = child:get_text(); |
4e7269c53659
mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9)
Kim Alvefur <zash@zash.se>
parents:
7677
diff
changeset
|
583 end |
4e7269c53659
mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9)
Kim Alvefur <zash@zash.se>
parents:
7677
diff
changeset
|
584 if condition ~= "undefined-condition" and text then |
4e7269c53659
mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9)
Kim Alvefur <zash@zash.se>
parents:
7677
diff
changeset
|
585 break; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
586 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
587 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
588 text = condition .. (text and (" ("..text..")") or ""); |
11682
7843f1ca3b33
mod_s2s: Vary log level by remote stream error
Kim Alvefur <zash@zash.se>
parents:
11678
diff
changeset
|
589 session.log(stream_condition_severity[condition] or "info", "Session closed by remote with error: %s", text); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
590 session:close(nil, text); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
591 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
592 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
593 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
594 --- Session methods |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
595 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; |
10632
c9de8275aaf2
mod_s2s: Comment on the various 'reason' arguments passed to :close
Kim Alvefur <zash@zash.se>
parents:
10625
diff
changeset
|
596 -- reason: stream error to send to the remote server |
c9de8275aaf2
mod_s2s: Comment on the various 'reason' arguments passed to :close
Kim Alvefur <zash@zash.se>
parents:
10625
diff
changeset
|
597 -- remote_reason: stream error received from the remote server |
10648
2bd17e043275
mod_s2s: Fix typo in comment [codespell]
Kim Alvefur <zash@zash.se>
parents:
10632
diff
changeset
|
598 -- bounce_reason: stanza error to pass to bounce_sendq because stream- and stanza errors are different |
10425
42cf93ff4618
s2s: Allow passing a custom error for bouncing queued stanzas (#770)
Kim Alvefur <zash@zash.se>
parents:
10421
diff
changeset
|
599 local function session_close(session, reason, remote_reason, bounce_reason) |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
600 local log = session.log or log; |
11669
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
601 if not session.conn then |
11670
7f6c816a2c09
mod_s2s: Log debug message on attempted close of an connectionless session
Kim Alvefur <zash@zash.se>
parents:
11669
diff
changeset
|
602 log("debug", "Attempt to close without associated connection with reason %q", reason); |
11669
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
603 return |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
604 end |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
605 |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
606 local conn = session.conn; |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
607 conn:pause_writes(); -- until :close |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
608 if session.notopen then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
609 if session.direction == "incoming" then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
610 session:open_stream(session.to_host, session.from_host); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
611 else |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
612 session:open_stream(session.from_host, session.to_host); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
613 end |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
614 end |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
615 |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
616 local this_host = session.direction == "incoming" and session.to_host or session.from_host |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
617 |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
618 if reason then -- nil == no err, initiated by us, false == initiated by remote |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
619 local stream_error; |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
620 local condition, text, extra |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
621 if type(reason) == "string" then -- assume stream error |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
622 condition = reason |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
623 elseif type(reason) == "table" and not st.is_stanza(reason) then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
624 condition = reason.condition or "undefined-condition" |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
625 text = reason.text |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
626 extra = reason.extra |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
627 end |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
628 if condition then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
629 stream_error = st.stanza("stream:error"):tag(condition, stream_xmlns_attr):up(); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
630 if text then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
631 stream_error:tag("text", stream_xmlns_attr):text(text):up(); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
632 end |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
633 if extra then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
634 stream_error:add_child(extra); |
5533
df3c78221f26
mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338
Matthew Wild <mwild1@gmail.com>
parents:
5522
diff
changeset
|
635 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
636 end |
11669
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
637 if this_host and condition then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
638 m_closed_connections:with_labels(this_host, session.direction, condition):add(1) |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
639 end |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
640 if st.is_stanza(stream_error) then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
641 -- to and from are never unknown on outgoing connections |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
642 log("debug", "Disconnecting %s->%s[%s], <stream:error> is: %s", |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
643 session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, reason); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
644 session.sends2s(stream_error); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
645 end |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
646 else |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
647 m_closed_connections:with_labels(this_host, session.direction, reason == false and ":remote-choice" or ":local-choice"):add(1) |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
648 end |
11526
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
649 |
11669
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
650 session.sends2s("</stream:stream>"); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
651 function session.sends2s() return false; end |
11526
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
652 |
11669
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
653 -- luacheck: ignore 422/reason 412/reason |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
654 -- FIXME reason should be managed in a place common to c2s, s2s, bosh, component etc |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
655 local reason = remote_reason or (reason and (reason.text or reason.condition)) or reason; |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
656 session.log("info", "%s s2s stream %s->%s closed: %s", session.direction:gsub("^.", string.upper), |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
657 session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed"); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
658 |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
659 conn:resume_writes(); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
660 |
11678
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
661 if session.connect_timeout then |
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
662 stop_timer(session.connect_timeout); |
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
663 session.connect_timeout = nil; |
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
664 end |
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
665 |
11669
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
666 -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
667 if reason == nil and not session.notopen and session.direction == "incoming" then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
668 add_task(stream_close_timeout, function () |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
669 if not session.destroyed then |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
670 session.log("warn", "Failed to receive a stream close response, closing connection anyway..."); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
671 s2s_destroy_session(session, reason, bounce_reason); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
672 conn:close(); |
11526
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
673 end |
11669
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
674 end); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
675 else |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
676 s2s_destroy_session(session, reason, bounce_reason); |
bca75f34d374
mod_s2s: Drop level of indentation by inverting a condition and early return
Kim Alvefur <zash@zash.se>
parents:
11668
diff
changeset
|
677 conn:close(); -- Close immediately, as this is an outgoing connection or is not authed |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
678 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
679 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
680 |
9412
063977461363
mod_s2s: Silence all warnings instead of ignoring the entire module
Kim Alvefur <zash@zash.se>
parents:
9070
diff
changeset
|
681 function session_stream_attrs(session, from, to, attr) -- luacheck: ignore 212/session |
5533
df3c78221f26
mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338
Matthew Wild <mwild1@gmail.com>
parents:
5522
diff
changeset
|
682 if not from or (hosts[from] and hosts[from].modules.dialback) then |
5351
901ed253bbf7
mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams
Kim Alvefur <zash@zash.se>
parents:
5345
diff
changeset
|
683 attr["xmlns:db"] = 'jabber:server:dialback'; |
901ed253bbf7
mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams
Kim Alvefur <zash@zash.se>
parents:
5345
diff
changeset
|
684 end |
6602 | 685 if not from then |
686 attr.from = ''; | |
687 end | |
688 if not to then | |
689 attr.to = ''; | |
690 end | |
5351
901ed253bbf7
mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams
Kim Alvefur <zash@zash.se>
parents:
5345
diff
changeset
|
691 end |
901ed253bbf7
mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams
Kim Alvefur <zash@zash.se>
parents:
5345
diff
changeset
|
692 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
693 -- Session initialization logic shared by incoming and outgoing |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
694 local function initialize_session(session) |
10850
bd2814f900dd
mod_c2s,mod_s2s: Make stanza size limits configurable
Kim Alvefur <zash@zash.se>
parents:
10849
diff
changeset
|
695 local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit); |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
696 |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
697 session.thread = runner(function (stanza) |
10809
86ea811ee25b
mod_s2s: Improve signaling of stream open events
Kim Alvefur <zash@zash.se>
parents:
10648
diff
changeset
|
698 if st.is_stanza(stanza) then |
86ea811ee25b
mod_s2s: Improve signaling of stream open events
Kim Alvefur <zash@zash.se>
parents:
10648
diff
changeset
|
699 core_process_stanza(session, stanza); |
86ea811ee25b
mod_s2s: Improve signaling of stream open events
Kim Alvefur <zash@zash.se>
parents:
10648
diff
changeset
|
700 elseif stanza.stream == "opened" then |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
701 stream_callbacks._streamopened(session, stanza.attr); |
10810
8a0a923e1ced
mod_s2s: Run stream close in async context
Kim Alvefur <zash@zash.se>
parents:
10809
diff
changeset
|
702 elseif stanza.stream == "closed" then |
8a0a923e1ced
mod_s2s: Run stream close in async context
Kim Alvefur <zash@zash.se>
parents:
10809
diff
changeset
|
703 stream_callbacks._streamclosed(session, stanza.attr); |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
704 end |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
705 end, runner_callbacks, session); |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
706 |
6255
6167f8bc5a6b
mod_s2s: Decide on log function once
Kim Alvefur <zash@zash.se>
parents:
6146
diff
changeset
|
707 local log = session.log or log; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
708 session.stream = stream; |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
709 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
710 session.notopen = true; |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
711 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
712 function session.reset_stream() |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
713 session.notopen = true; |
6362
f5f44504e18b
mod_s2s: Reset stream ID when resetting stream [compliance]
Kim Alvefur <zash@zash.se>
parents:
6359
diff
changeset
|
714 session.streamid = nil; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
715 session.stream:reset(); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
716 end |
5351
901ed253bbf7
mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams
Kim Alvefur <zash@zash.se>
parents:
5345
diff
changeset
|
717 |
6085
2f911644f527
mod_s2s: Replace open_stream() with function that only adds s2s/dialback attributes to stream header
Kim Alvefur <zash@zash.se>
parents:
6069
diff
changeset
|
718 session.stream_attrs = session_stream_attrs; |
6069
446148cad35e
mod_s2s: Revert e626ee2fe106 change, it broke Dialback
Kim Alvefur <zash@zash.se>
parents:
6063
diff
changeset
|
719 |
6256
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
720 local filter = initialize_filters(session); |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
721 local conn = session.conn; |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
722 local w = conn.write; |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
723 |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
724 function session.sends2s(t) |
9069
22e5f11c778a
sessionmanager, mod_s2s: Bring debug line for outgoing stanzas in line with that for incoming
Kim Alvefur <zash@zash.se>
parents:
9068
diff
changeset
|
725 log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?")); |
6256
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
726 if t.name then |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
727 t = filter("stanzas/out", t); |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
728 end |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
729 if t then |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
730 t = filter("bytes/out", tostring(t)); |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
731 if t then |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
732 return w(conn, t); |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
733 end |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
734 end |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
735 end |
d05627c89c99
mod_s2s: Move filter initialization to common place
Kim Alvefur <zash@zash.se>
parents:
6255
diff
changeset
|
736 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
737 function session.data(data) |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
738 data = filter("bytes/in", data); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
739 if data then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
740 local ok, err = stream:feed(data); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
741 if ok then return; end |
10111
0f335815244f
plugins: Remove tostring call from logging
Kim Alvefur <zash@zash.se>
parents:
9854
diff
changeset
|
742 log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); |
10849
19e7092e062c
mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit
Kim Alvefur <zash@zash.se>
parents:
10810
diff
changeset
|
743 if err == "stanza-too-large" then |
19e7092e062c
mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit
Kim Alvefur <zash@zash.se>
parents:
10810
diff
changeset
|
744 session:close({ condition = "policy-violation", text = "XML stanza is too big" }, nil, "Received invalid XML from remote server"); |
19e7092e062c
mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit
Kim Alvefur <zash@zash.se>
parents:
10810
diff
changeset
|
745 else |
19e7092e062c
mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit
Kim Alvefur <zash@zash.se>
parents:
10810
diff
changeset
|
746 session:close("not-well-formed", nil, "Received invalid XML from remote server"); |
19e7092e062c
mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit
Kim Alvefur <zash@zash.se>
parents:
10810
diff
changeset
|
747 end |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
748 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
749 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
750 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
751 session.close = session_close; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
752 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
753 local handlestanza = stream_callbacks.handlestanza; |
9412
063977461363
mod_s2s: Silence all warnings instead of ignoring the entire module
Kim Alvefur <zash@zash.se>
parents:
9070
diff
changeset
|
754 function session.dispatch_stanza(session, stanza) -- luacheck: ignore 432/session |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
755 return handlestanza(session, stanza); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
756 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
757 |
6259
36f611624987
mod_s2s: Fire a 's2s-created' event when new s2s connections are initialized
Kim Alvefur <zash@zash.se>
parents:
6257
diff
changeset
|
758 module:fire_event("s2s-created", { session = session }); |
36f611624987
mod_s2s: Fire a 's2s-created' event when new s2s connections are initialized
Kim Alvefur <zash@zash.se>
parents:
6257
diff
changeset
|
759 |
11678
f90a337d81a8
mod_s2s: Remove connection timeout once it's no longer needed
Kim Alvefur <zash@zash.se>
parents:
11670
diff
changeset
|
760 session.connect_timeout = add_task(connect_timeout, function () |
4960
8950510ddb2e
mod_s2s: Make unauthed session timeout a little more aggressive... otherwise it's possible for sessions to slip under the net and never get killed off
Matthew Wild <mwild1@gmail.com>
parents:
4906
diff
changeset
|
761 if session.type == "s2sin" or session.type == "s2sout" then |
8950510ddb2e
mod_s2s: Make unauthed session timeout a little more aggressive... otherwise it's possible for sessions to slip under the net and never get killed off
Matthew Wild <mwild1@gmail.com>
parents:
4906
diff
changeset
|
762 return; -- Ok, we're connected |
5307
d80e56d8805c
mod_s2s: Don't try to close sessions that were destroyed before timeout
Kim Alvefur <zash@zash.se>
parents:
5281
diff
changeset
|
763 elseif session.type == "s2s_destroyed" then |
d80e56d8805c
mod_s2s: Don't try to close sessions that were destroyed before timeout
Kim Alvefur <zash@zash.se>
parents:
5281
diff
changeset
|
764 return; -- Session already destroyed |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
765 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
766 -- Not connected, need to close session and clean up |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
767 (session.log or log)("debug", "Destroying incomplete session %s->%s due to inactivity", |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
768 session.from_host or "(unknown)", session.to_host or "(unknown)"); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
769 session:close("connection-timeout"); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
770 end); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
771 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
772 |
7451
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
773 function runner_callbacks:ready() |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
774 self.data.log("debug", "Runner %s ready (%s)", self.thread, coroutine.status(self.thread)); |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
775 self.data.conn:resume(); |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
776 end |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
777 |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
778 function runner_callbacks:waiting() |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
779 self.data.log("debug", "Runner %s waiting (%s)", self.thread, coroutine.status(self.thread)); |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
780 self.data.conn:pause(); |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
781 end |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
782 |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
783 function runner_callbacks:error(err) |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
784 (self.data.log or log)("error", "Traceback[s2s]: %s", err); |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
785 end |
464a8a8de625
mod_s2s: Add util.async support
Kim Alvefur <zash@zash.se>
parents:
7450
diff
changeset
|
786 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
787 function listener.onconnect(conn) |
5522
3912c9264ef0
mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually configurable through s2s_tcp_keepalives (thanks yeled)
Matthew Wild <mwild1@gmail.com>
parents:
5505
diff
changeset
|
788 conn:setoption("keepalive", opt_keepalives); |
4906
89df1f03546a
mod_s2s, s2sout.lib: Send stream header in onconnect()
Matthew Wild <mwild1@gmail.com>
parents:
4873
diff
changeset
|
789 local session = sessions[conn]; |
89df1f03546a
mod_s2s, s2sout.lib: Send stream header in onconnect()
Matthew Wild <mwild1@gmail.com>
parents:
4873
diff
changeset
|
790 if not session then -- New incoming connection |
89df1f03546a
mod_s2s, s2sout.lib: Send stream header in onconnect()
Matthew Wild <mwild1@gmail.com>
parents:
4873
diff
changeset
|
791 session = s2s_new_incoming(conn); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
792 sessions[conn] = session; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
793 session.log("debug", "Incoming s2s connection"); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
794 initialize_session(session); |
11526
15a3db955ad3
s2s et al.: Add counters for connection state transitions
Jonas Schäfer <jonas@wielicki.name>
parents:
11525
diff
changeset
|
795 m_accepted_tcp_connections:with_labels():add(1) |
4906
89df1f03546a
mod_s2s, s2sout.lib: Send stream header in onconnect()
Matthew Wild <mwild1@gmail.com>
parents:
4873
diff
changeset
|
796 else -- Outgoing session connected |
89df1f03546a
mod_s2s, s2sout.lib: Send stream header in onconnect()
Matthew Wild <mwild1@gmail.com>
parents:
4873
diff
changeset
|
797 session:open_stream(session.from_host, session.to_host); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
798 end |
5661 | 799 session.ip = conn:ip(); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
800 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
801 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
802 function listener.onincoming(conn, data) |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
803 local session = sessions[conn]; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
804 if session then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
805 session.data(data); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
806 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
807 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
808 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
809 function listener.onstatus(conn, status) |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
810 if status == "ssl-handshake-complete" then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
811 local session = sessions[conn]; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
812 if session and session.direction == "outgoing" then |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
813 session.log("debug", "Sending stream header..."); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
814 session:open_stream(session.from_host, session.to_host); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
815 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
816 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
817 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
818 |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
819 function listener.ondisconnect(conn, err) |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
820 local session = sessions[conn]; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
821 if session then |
5274
0d08c0965824
mod_s2s: Remove connection from sessions table as soon as we learn it is disconnected. Fixes a connection/session leak.
Matthew Wild <mwild1@gmail.com>
parents:
5173
diff
changeset
|
822 sessions[conn] = nil; |
10120
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
823 (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); |
10473
b2dd1219a321
mod_s2s: Improve TLS handshake error messages
Kim Alvefur <zash@zash.se>
parents:
10472
diff
changeset
|
824 if session.secure == false and err then |
b2dd1219a321
mod_s2s: Improve TLS handshake error messages
Kim Alvefur <zash@zash.se>
parents:
10472
diff
changeset
|
825 -- TODO util.error-ify this |
b2dd1219a321
mod_s2s: Improve TLS handshake error messages
Kim Alvefur <zash@zash.se>
parents:
10472
diff
changeset
|
826 err = "Error during negotiation of encrypted connection: "..err; |
b2dd1219a321
mod_s2s: Improve TLS handshake error messages
Kim Alvefur <zash@zash.se>
parents:
10472
diff
changeset
|
827 end |
10120
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
828 s2s_destroy_session(session, err); |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
829 end |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
830 end |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
831 |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
832 function listener.onfail(data, err) |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
833 local session = data and data.session; |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
834 if session then |
4969
15183193c6a6
mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false.
Matthew Wild <mwild1@gmail.com>
parents:
4968
diff
changeset
|
835 if err and session.direction == "outgoing" and session.notopen then |
15183193c6a6
mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false.
Matthew Wild <mwild1@gmail.com>
parents:
4968
diff
changeset
|
836 (session.log or log)("debug", "s2s connection attempt failed: %s", err); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
837 end |
8483
6d47b74926dd
mod_s2s: Remove tostring() in logging since this is handled by util.format now
Kim Alvefur <zash@zash.se>
parents:
8463
diff
changeset
|
838 (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); |
4969
15183193c6a6
mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false.
Matthew Wild <mwild1@gmail.com>
parents:
4968
diff
changeset
|
839 s2s_destroy_session(session, err); |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
840 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
841 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
842 |
5638
c5b7f4858014
mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died
Kim Alvefur <zash@zash.se>
parents:
5636
diff
changeset
|
843 function listener.onreadtimeout(conn) |
c5b7f4858014
mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died
Kim Alvefur <zash@zash.se>
parents:
5636
diff
changeset
|
844 local session = sessions[conn]; |
c5b7f4858014
mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died
Kim Alvefur <zash@zash.se>
parents:
5636
diff
changeset
|
845 if session then |
7537
a0813737c6fa
mod_s2s: Index session after checking if it exists (fixes traceback in case of a connection without a session having a read timeout)
Kim Alvefur <zash@zash.se>
parents:
7466
diff
changeset
|
846 local host = session.host or session.to_host; |
6658
65563530375b
mod_s2s: Fire read timeout event on correct virtualhost for incoming connections
Kim Alvefur <zash@zash.se>
parents:
6630
diff
changeset
|
847 return (hosts[host] or prosody).events.fire_event("s2s-read-timeout", { session = session }); |
5638
c5b7f4858014
mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died
Kim Alvefur <zash@zash.se>
parents:
5636
diff
changeset
|
848 end |
c5b7f4858014
mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died
Kim Alvefur <zash@zash.se>
parents:
5636
diff
changeset
|
849 end |
c5b7f4858014
mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died
Kim Alvefur <zash@zash.se>
parents:
5636
diff
changeset
|
850 |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
851 function listener.register_outgoing(conn, session) |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
852 sessions[conn] = session; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
853 initialize_session(session); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
854 end |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
855 |
6380
4220ffb87b22
net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent)
Matthew Wild <mwild1@gmail.com>
parents:
6378
diff
changeset
|
856 function listener.ondetach(conn) |
4220ffb87b22
net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent)
Matthew Wild <mwild1@gmail.com>
parents:
6378
diff
changeset
|
857 sessions[conn] = nil; |
4220ffb87b22
net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent)
Matthew Wild <mwild1@gmail.com>
parents:
6378
diff
changeset
|
858 end |
4220ffb87b22
net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent)
Matthew Wild <mwild1@gmail.com>
parents:
6378
diff
changeset
|
859 |
10120
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
860 function listener.onattach(conn, data) |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
861 local session = data and data.session; |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
862 if session then |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
863 session.conn = conn; |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
864 sessions[conn] = session; |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
865 initialize_session(session); |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
866 end |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
867 end |
756b8821007a
mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections
Kim Alvefur <zash@zash.se>
parents:
10115
diff
changeset
|
868 |
10455
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
869 -- Complete the sentence "Your certificate " with what's wrong |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
870 local function friendly_cert_error(session) --> string |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
871 if session.cert_chain_status == "invalid" then |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
872 if session.cert_chain_errors then |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
873 local cert_errors = set.new(session.cert_chain_errors[1]); |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
874 if cert_errors:contains("certificate has expired") then |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
875 return "has expired"; |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
876 elseif cert_errors:contains("self signed certificate") then |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
877 return "is self-signed"; |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
878 end |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
879 end |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
880 return "is not trusted"; -- for some other reason |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
881 elseif session.cert_identity_status == "invalid" then |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
882 return "is not valid for this name"; |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
883 end |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
884 -- this should normally be unreachable except if no s2s auth module was loaded |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
885 return "could not be validated"; |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
886 end |
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
887 |
5363
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
888 function check_auth_policy(event) |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
889 local host, session = event.host, event.session; |
5368
ab31dbb3a415
mod_s2s: Fix variable usage in check_auth_policy (thanks Florob)
Matthew Wild <mwild1@gmail.com>
parents:
5365
diff
changeset
|
890 local must_secure = secure_auth; |
ab31dbb3a415
mod_s2s: Fix variable usage in check_auth_policy (thanks Florob)
Matthew Wild <mwild1@gmail.com>
parents:
5365
diff
changeset
|
891 |
ab31dbb3a415
mod_s2s: Fix variable usage in check_auth_policy (thanks Florob)
Matthew Wild <mwild1@gmail.com>
parents:
5365
diff
changeset
|
892 if not must_secure and secure_domains[host] then |
ab31dbb3a415
mod_s2s: Fix variable usage in check_auth_policy (thanks Florob)
Matthew Wild <mwild1@gmail.com>
parents:
5365
diff
changeset
|
893 must_secure = true; |
ab31dbb3a415
mod_s2s: Fix variable usage in check_auth_policy (thanks Florob)
Matthew Wild <mwild1@gmail.com>
parents:
5365
diff
changeset
|
894 elseif must_secure and insecure_domains[host] then |
ab31dbb3a415
mod_s2s: Fix variable usage in check_auth_policy (thanks Florob)
Matthew Wild <mwild1@gmail.com>
parents:
5365
diff
changeset
|
895 must_secure = false; |
5363
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
896 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5770
diff
changeset
|
897 |
5767 | 898 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then |
10455
698ff3610e57
mod_s2s: Improve error in bounces due to cert validation problems
Kim Alvefur <zash@zash.se>
parents:
10426
diff
changeset
|
899 local reason = friendly_cert_error(session); |
10472
676e6a1b23d4
mod_s2s: Log from session logger
Kim Alvefur <zash@zash.se>
parents:
10471
diff
changeset
|
900 session.log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason); |
10456
2ab1cbb1c6b0
mod_s2s: Send stream errors for cert problems on outgoing connections
Kim Alvefur <zash@zash.se>
parents:
10455
diff
changeset
|
901 -- XEP-0178 recommends closing outgoing connections without warning |
2ab1cbb1c6b0
mod_s2s: Send stream errors for cert problems on outgoing connections
Kim Alvefur <zash@zash.se>
parents:
10455
diff
changeset
|
902 -- but does not give a rationale for this. |
2ab1cbb1c6b0
mod_s2s: Send stream errors for cert problems on outgoing connections
Kim Alvefur <zash@zash.se>
parents:
10455
diff
changeset
|
903 -- In practice most cases are configuration mistakes or forgotten |
2ab1cbb1c6b0
mod_s2s: Send stream errors for cert problems on outgoing connections
Kim Alvefur <zash@zash.se>
parents:
10455
diff
changeset
|
904 -- certificate renewals. We think it's better to let the other party |
2ab1cbb1c6b0
mod_s2s: Send stream errors for cert problems on outgoing connections
Kim Alvefur <zash@zash.se>
parents:
10455
diff
changeset
|
905 -- know about the problem so that they can fix it. |
2ab1cbb1c6b0
mod_s2s: Send stream errors for cert problems on outgoing connections
Kim Alvefur <zash@zash.se>
parents:
10455
diff
changeset
|
906 session:close({ condition = "not-authorized", text = "Your server's certificate "..reason }, |
2ab1cbb1c6b0
mod_s2s: Send stream errors for cert problems on outgoing connections
Kim Alvefur <zash@zash.se>
parents:
10455
diff
changeset
|
907 nil, "Remote server's certificate "..reason); |
5363
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
908 return false; |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
909 end |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
910 end |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
911 |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
912 module:hook("s2s-check-certificate", check_auth_policy, -1); |
f29c26da7ecc
mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
913 |
5281
815c689f85ad
prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins
Kim Alvefur <zash@zash.se>
parents:
5274
diff
changeset
|
914 module:hook("server-stopping", function(event) |
815c689f85ad
prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins
Kim Alvefur <zash@zash.se>
parents:
5274
diff
changeset
|
915 local reason = event.reason; |
815c689f85ad
prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins
Kim Alvefur <zash@zash.se>
parents:
5274
diff
changeset
|
916 for _, session in pairs(sessions) do |
815c689f85ad
prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins
Kim Alvefur <zash@zash.se>
parents:
5274
diff
changeset
|
917 session:close{ condition = "system-shutdown", text = reason }; |
815c689f85ad
prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins
Kim Alvefur <zash@zash.se>
parents:
5274
diff
changeset
|
918 end |
7100
301d58705667
mod_c2s, mod_s2s: Lower priority of session shutdown to negative, so that plugins hooking at the default priority run first (fixes #601)
Kim Alvefur <zash@zash.se>
parents:
6684
diff
changeset
|
919 end, -200); |
5281
815c689f85ad
prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins
Kim Alvefur <zash@zash.se>
parents:
5274
diff
changeset
|
920 |
815c689f85ad
prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins
Kim Alvefur <zash@zash.se>
parents:
5274
diff
changeset
|
921 |
815c689f85ad
prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins
Kim Alvefur <zash@zash.se>
parents:
5274
diff
changeset
|
922 |
5120
bcabea740c00
mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item().
Waqas Hussain <waqas20@gmail.com>
parents:
5013
diff
changeset
|
923 module:provides("net", { |
4610
171051f9dd00
mod_c2s: Use module:add_item() to add the net-provider for portmanager
Matthew Wild <mwild1@gmail.com>
parents:
4601
diff
changeset
|
924 name = "s2s"; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
925 listener = listener; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
926 default_port = 5269; |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
927 encryption = "starttls"; |
11367
9525c4b4e5de
mod_s2s: Clarify comment about unused TLS settings
Kim Alvefur <zash@zash.se>
parents:
11238
diff
changeset
|
928 ssl_config = { |
9525c4b4e5de
mod_s2s: Clarify comment about unused TLS settings
Kim Alvefur <zash@zash.se>
parents:
11238
diff
changeset
|
929 -- FIXME This only applies to Direct TLS, which we don't use yet. |
9525c4b4e5de
mod_s2s: Clarify comment about unused TLS settings
Kim Alvefur <zash@zash.se>
parents:
11238
diff
changeset
|
930 -- This gets applied for real in mod_tls |
9852
6ea3cafb6ac3
core.certmanager: Do not ask for client certificates by default
Kim Alvefur <zash@zash.se>
parents:
9784
diff
changeset
|
931 verify = { "peer", "client_once", }; |
6ea3cafb6ac3
core.certmanager: Do not ask for client certificates by default
Kim Alvefur <zash@zash.se>
parents:
9784
diff
changeset
|
932 }; |
4620
e9dc6ae68c69
mod_c2s, mod_s2s: Add multiplex support
Matthew Wild <mwild1@gmail.com>
parents:
4610
diff
changeset
|
933 multiplex = { |
10465
09697a673015
mod_net_multiplex: Add support for using ALPN
Kim Alvefur <zash@zash.se>
parents:
10459
diff
changeset
|
934 protocol = "xmpp-server"; |
4620
e9dc6ae68c69
mod_c2s, mod_s2s: Add multiplex support
Matthew Wild <mwild1@gmail.com>
parents:
4610
diff
changeset
|
935 pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>"; |
e9dc6ae68c69
mod_c2s, mod_s2s: Add multiplex support
Matthew Wild <mwild1@gmail.com>
parents:
4610
diff
changeset
|
936 }; |
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
937 }); |
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
938 |