Software `/` code `/` prosody

Annotate

plugins/mod_s2s.lua @ 13444:783706350faa

mod_s2s: Comment on why we avoid hostnames in stanza bounce messages

author	Kim Alvefur <zash@zash.se>
date	Sat, 24 Feb 2024 17:45:50 +0100
parent	13382:f70311588c77
child	13504:2159a206684e

rev	line source
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 -- Prosody IM
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	2 -- Copyright (C) 2008-2010 Matthew Wild
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 -- Copyright (C) 2008-2010 Waqas Hussain
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	4 --
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 -- This project is MIT/X11 licensed. Please see the
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 -- COPYING file in the source package for more information.
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 --
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	8
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	9 module:set_global();
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	10
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	11 local prosody = prosody;
844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	12 local hosts = prosody.hosts;
5013 ab693eea0869 mod_admin_adhoc, mod_admin_telnet, mod_bosh, mod_c2s, mod_component, mod_pep, mod_presence, mod_roster, mod_s2s: Import core_post_stanza from the global prosody table. Kim Alvefur <zash@zash.se> parents: 4997 diff changeset	13 local core_process_stanza = prosody.core_process_stanza;
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	14
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	15 local tostring, type = tostring, type;
4578 da0528c59c52 mod_s2s: Add missing local table.insert Kim Alvefur <zash@zash.se> parents: 4576 diff changeset	16 local t_insert = table.insert;
8461 0f05d6535dfa mod_s2s: Remove unused local [luacheck] Kim Alvefur <zash@zash.se> parents: 8268 diff changeset	17 local traceback = debug.traceback;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	18
12977 74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	19 local add_task = require "prosody.util.timer".add_task;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	20 local stop_timer = require "prosody.util.timer".stop;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	21 local st = require "prosody.util.stanza";
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	22 local initialize_filters = require "prosody.util.filters".initialize;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	23 local nameprep = require "prosody.util.encodings".stringprep.nameprep;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	24 local new_xmpp_stream = require "prosody.util.xmppstream".new;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	25 local s2s_new_incoming = require "prosody.core.s2smanager".new_incoming;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	26 local s2s_new_outgoing = require "prosody.core.s2smanager".new_outgoing;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	27 local s2s_destroy_session = require "prosody.core.s2smanager".destroy_session;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	28 local uuid_gen = require "prosody.util.uuid".generate;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	29 local async = require "prosody.util.async";
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	30 local runner = async.runner;
12977 74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	31 local connect = require "prosody.net.connect".connect;
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	32 local service = require "prosody.net.resolvers.service";
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	33 local resolver_chain = require "prosody.net.resolvers.chain";
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	34 local errors = require "prosody.util.error";
74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	35 local set = require "prosody.util.set";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	36
13209 c8d949cf6b09 plugins: Switch to :get_option_period() for time range options Kim Alvefur <zash@zash.se> parents: 13111 diff changeset	37 local connect_timeout = module:get_option_period("s2s_timeout", 90);
c8d949cf6b09 plugins: Switch to :get_option_period() for time range options Kim Alvefur <zash@zash.se> parents: 13111 diff changeset	38 local stream_close_timeout = module:get_option_period("s2s_close_timeout", 5);
5522 3912c9264ef0 mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually configurable through s2s_tcp_keepalives (thanks yeled) Matthew Wild <mwild1@gmail.com> parents: 5505 diff changeset	39 local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true));
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	40 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day...
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	41 local secure_domains, insecure_domains =
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	42 module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items;
12330 38b5b05407be various: Require encryption by default for real Kim Alvefur <zash@zash.se> parents: 12301 diff changeset	43 local require_encryption = module:get_option_boolean("s2s_require_encryption", true);
13213 50324f66ca2a plugins: Use integer config API with interval specification where sensible Kim Alvefur <zash@zash.se> parents: 13209 diff changeset	44 local stanza_size_limit = module:get_option_integer("s2s_stanza_size_limit", 1024*512, 10000);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	45
11525 5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	46 local measure_connections_inbound = module:metric(
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	47 "gauge", "connections_inbound", "",
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	48 "Established incoming s2s connections",
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	49 {"host", "type", "ip_family"}
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	50 );
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	51 local measure_connections_outbound = module:metric(
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	52 "gauge", "connections_outbound", "",
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	53 "Established outgoing s2s connections",
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	54 {"host", "type", "ip_family"}
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	55 );
6630 6735e2d735d6 mod_c2s, mod_s2s: Collect statistics on number of connections Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	56
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	57 local m_accepted_tcp_connections = module:metric(
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	58 "counter", "accepted_tcp", "",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	59 "Accepted incoming connections on the TCP layer"
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	60 );
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	61 local m_authn_connections = module:metric(
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	62 "counter", "authenticated", "",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	63 "Authenticated incoming connections",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	64 {"host", "direction", "mechanism"}
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	65 );
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	66 local m_initiated_connections = module:metric(
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	67 "counter", "initiated", "",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	68 "Initiated outbound connections",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	69 {"host"}
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	70 );
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	71 local m_closed_connections = module:metric(
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	72 "counter", "closed", "",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	73 "Closed connections",
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	74 {"host", "direction", "error"}
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	75 );
11608 b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	76 local m_tls_params = module:metric(
b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	77 "counter", "encrypted", "",
b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	78 "Encrypted connections",
b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	79 {"protocol"; "cipher"}
b2610460d9ab mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers Kim Alvefur <zash@zash.se> parents: 11560 diff changeset	80 );
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	81
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	82 local sessions = module:shared("sessions");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	83
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	84 local runner_callbacks = {};
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	85
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	86 local listener = {};
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	87
4752 27b724a698f8 mod_s2s: Add log() import Matthew Wild <mwild1@gmail.com> parents: 4630 diff changeset	88 local log = module._log;
27b724a698f8 mod_s2s: Add log() import Matthew Wild <mwild1@gmail.com> parents: 4630 diff changeset	89
10625 3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	90 local s2s_service_options = {
3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	91 default_port = 5269;
3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	92 use_ipv4 = module:get_option_boolean("use_ipv4", true);
3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	93 use_ipv6 = module:get_option_boolean("use_ipv6", true);
11415 a38f9e09ca31 mod_s2s: Add config setting to enable DANE Kim Alvefur <zash@zash.se> parents: 11367 diff changeset	94 use_dane = module:get_option_boolean("use_dane", false);
10625 3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	95 };
11707 61759372be26 mod_s2s: Clone 'extra' data to let resolvers add more to it Kim Alvefur <zash@zash.se> parents: 11705 diff changeset	96 local s2s_service_options_mt = { __index = s2s_service_options }
10625 3bfb20be844c mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver Matthew Wild <mwild1@gmail.com> parents: 10622 diff changeset	97
13298 b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	98 if module:get_option_boolean("use_dane", false) then
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	99 -- DANE is supported in net.connect but only for outgoing connections,
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	100 -- to authenticate incoming connections with DANE we need
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	101 module:depends("s2s_auth_dane_in");
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	102 end
b7c08f32112c mod_s2s: Automagically enable DANE for s2sin if 'use_dane' is enabled Kim Alvefur <zash@zash.se> parents: 13253 diff changeset	103
7662 946871f6e3c8 mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval Kim Alvefur <zash@zash.se> parents: 7642 diff changeset	104 module:hook("stats-update", function ()
11525 5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	105 measure_connections_inbound:clear()
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	106 measure_connections_outbound:clear()
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	107 -- TODO: init all expected metrics once?
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	108 -- or maybe create/delete them in host-activate/host-deactivate? requires
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	109 -- extra API in openmetrics.lua tho
8763 67ecff7be011 mod_s2s: Add a counter for IPv6. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 8545 diff changeset	110 for _, session in pairs(sessions) do
11525 5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	111 local is_inbound = string.sub(session.type, 4, 5) == "in"
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	112 local metric_family = is_inbound and measure_connections_inbound or measure_connections_outbound
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	113 local host = is_inbound and session.to_host or session.from_host or ""
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	114 local type_ = session.type or "other"
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	115
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	116 -- we want to expose both v4 and v6 counters in all cases to make
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	117 -- queries smoother
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	118 local is_ipv6 = session.ip and session.ip:match(":") and 1 or 0
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	119 local is_ipv4 = 1 - is_ipv6
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	120 metric_family:with_labels(host, type_, "ipv4"):add(is_ipv4)
5f99fcc43938 mod_s2s: Port to new OpenMetrics API Jonas Schäfer <jonas@wielicki.name> parents: 11419 diff changeset	121 metric_family:with_labels(host, type_, "ipv6"):add(is_ipv6)
7466 f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	122 end
7662 946871f6e3c8 mod_c2s, mod_s2s: Switch connection counting to 'amount' type and enumerate once per statistics interval Kim Alvefur <zash@zash.se> parents: 7642 diff changeset	123 end);
7466 f28fa742def3 mod_c2s, mod_s2s: Bootstrap connection count statistic on module load Kim Alvefur <zash@zash.se> parents: 7449 diff changeset	124
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	125 --- Handle stanzas to remote domains
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	126
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	127 local bouncy_stanzas = { message = true, presence = true, iq = true };
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	128 local function bounce_sendq(session, reason)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	129 local sendq = session.sendq;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	130 if not sendq then return; end
8545 248bab2bd0c9 mod_s2s: Don't use string concatenation when passing values to logging Kim Alvefur <zash@zash.se> parents: 8483 diff changeset	131 session.log("info", "Sending error replies for %d queued stanzas because of failed outgoing connection to %s", #sendq, session.to_host);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	132 local dummy = {
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	133 type = "s2sin";
8462 60d508f411a1 mod_s2s: Remove unused argument [luacheck] Kim Alvefur <zash@zash.se> parents: 8461 diff changeset	134 send = function ()
4755 844019f369a5 mod_s2s: Fix imports and remove some unused variables Matthew Wild <mwild1@gmail.com> parents: 4752 diff changeset	135 (session.log or log)("error", "Replying to to an s2s error reply, please report this! Traceback: %s", traceback());
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	136 end;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	137 dummy = true;
6626 071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	138 close = function ()
071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	139 (session.log or log)("error", "Attempting to close the dummy origin of s2s error replies, please report this! Traceback: %s", traceback());
071611bc4f1d mod_s2s: Catch attempt to close dummy origin of s2s error replies (fixes a top level error) Kim Alvefur <zash@zash.se> parents: 6608 diff changeset	140 end;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	141 };
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	142 -- FIXME Allow for more specific error conditions
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	143 -- TODO use util.error ?
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	144 local error_type = "cancel";
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	145 local condition = "remote-server-not-found";
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	146 local reason_text;
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	147 if session.had_stream then -- set when a stream is opened by the remote
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	148 error_type, condition = "wait", "remote-server-timeout";
c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	149 end
10403 3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	150 if errors.is_err(reason) then
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	151 error_type, condition, reason_text = reason.type, reason.condition, reason.text;
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	152 elseif type(reason) == "string" then
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	153 reason_text = reason;
3b82e9df5a7a mod_s2s: Allow passing bounce reason as an util.error object (see #770) Kim Alvefur <zash@zash.se> parents: 10381 diff changeset	154 end
12462 11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	155 for i, stanza in ipairs(sendq) do
12493 e9ea5c88def0 mod_s2s: Don't bounce queued error stanzas (thanks Martin) Kim Alvefur <zash@zash.se> parents: 12480 diff changeset	156 if not stanza.attr.xmlns and bouncy_stanzas[stanza.name] and stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then
12462 11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	157 local reply = st.error_reply(
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	158 stanza,
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	159 error_type,
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	160 condition,
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	161 reason_text and ("Server-to-server connection failed: "..reason_text) or nil
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	162 );
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	163 core_process_stanza(dummy, reply);
12494 65316782862f mod_s2s: Log queued stanzas for which no error reply is produced Kim Alvefur <zash@zash.se> parents: 12493 diff changeset	164 else
65316782862f mod_s2s: Log queued stanzas for which no error reply is produced Kim Alvefur <zash@zash.se> parents: 12493 diff changeset	165 (session.log or log)("debug", "Not eligible for bouncing, discarding %s", stanza:top_tag());
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	166 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	167 sendq[i] = nil;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	168 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	169 session.sendq = nil;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	170 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	171
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	172 -- Handles stanzas to existing s2s sessions
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	173 function route_to_existing_session(event)
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	174 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	175 if not hosts[from_host] then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	176 log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	177 return false;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	178 end
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	179 if hosts[to_host] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	180 log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host);
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	181 return false;
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	182 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	183 local host = hosts[from_host].s2sout[to_host];
10483 c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	184 if not host then return end
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	185
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	186 -- We have a connection to this host already
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	187 if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	188 (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	189
10483 c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	190 -- Queue stanza until we are able to send it
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	191 if host.sendq then
12462 11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	192 t_insert(host.sendq, st.clone(stanza));
10483 c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	193 else
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	194 -- luacheck: ignore 122
12462 11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	195 host.sendq = { st.clone(stanza) };
10483 c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	196 end
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	197 host.log("debug", "stanza [%s] queued ", stanza.name);
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	198 return true;
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	199 elseif host.type == "local" or host.type == "component" then
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	200 log("error", "Trying to send a stanza to ourselves??")
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	201 log("error", "Traceback: %s", traceback());
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	202 log("error", "Stanza: %s", stanza);
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	203 return false;
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	204 else
c12a24f0a385 mod_s2s: Invert condition to return early and reduce indentation Kim Alvefur <zash@zash.se> parents: 10482 diff changeset	205 if host.sends2s(stanza) then
4630 9502c0224caf mod_s2s: Queuing a stanza constitutes handling it. Paul Aurich <paul@darkrain42.org> parents: 4625 diff changeset	206 return true;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	207 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	208 end
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	209 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	210
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	211 -- Create a new outgoing session for a stanza
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	212 function route_to_new_session(event)
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	213 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	214 log("debug", "opening a new outgoing connection for this stanza");
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	215 local host_session = s2s_new_outgoing(from_host, to_host);
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	216 host_session.version = 1;
4580 351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	217
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	218 -- Store in buffer
351936a8de4a mod_s2s: Split send_to_host() into two route/remote hooks, one for already exsisting sessions and one for non-existent. Kim Alvefur <zash@zash.se> parents: 4578 diff changeset	219 host_session.bounce_sendq = bounce_sendq;
12462 11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	220 host_session.sendq = { st.clone(stanza) };
10111 0f335815244f plugins: Remove tostring call from logging Kim Alvefur <zash@zash.se> parents: 9854 diff changeset	221 log("debug", "stanza [%s] queued until connection complete", stanza.name);
11707 61759372be26 mod_s2s: Clone 'extra' data to let resolvers add more to it Kim Alvefur <zash@zash.se> parents: 11705 diff changeset	222 -- FIXME Cleaner solution to passing extra data from resolvers to net.server
61759372be26 mod_s2s: Clone 'extra' data to let resolvers add more to it Kim Alvefur <zash@zash.se> parents: 11705 diff changeset	223 -- This mt-clone allows resolvers to add extra data, currently used for DANE TLSA records
12207 65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	224 module:context(from_host):fire_event("s2sout-created", { session = host_session });
12206 77ac0d96ac24 mod_s2s: Enable outgoing Direct TLS connections Kim Alvefur <zash@zash.se> parents: 11867 diff changeset	225 local xmpp_extra = setmetatable({}, s2s_service_options_mt);
12207 65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	226 local resolver = service.new(to_host, "xmpp-server", "tcp", xmpp_extra);
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	227 if host_session.ssl_ctx then
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	228 local sslctx = host_session.ssl_ctx;
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	229 local xmpps_extra = setmetatable({ default_port = false; servername = to_host; sslctx = sslctx }, s2s_service_options_mt);
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	230 resolver = resolver_chain.new({
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	231 service.new(to_host, "xmpps-server", "tcp", xmpps_extra);
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	232 resolver;
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	233 });
65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	234 end
13110 d5f322dd424b mod_s2s: Add event where resolver for s2sout can be tweaked Kim Alvefur <zash@zash.se> parents: 12679 diff changeset	235
d5f322dd424b mod_s2s: Add event where resolver for s2sout can be tweaked Kim Alvefur <zash@zash.se> parents: 12679 diff changeset	236 local pre_event = { session = host_session; resolver = resolver };
d5f322dd424b mod_s2s: Add event where resolver for s2sout can be tweaked Kim Alvefur <zash@zash.se> parents: 12679 diff changeset	237 module:context(from_host):fire_event("s2sout-pre-connect", pre_event);
d5f322dd424b mod_s2s: Add event where resolver for s2sout can be tweaked Kim Alvefur <zash@zash.se> parents: 12679 diff changeset	238 resolver = pre_event.resolver;
12207 65e252940337 mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls Kim Alvefur <zash@zash.se> parents: 12206 diff changeset	239 connect(resolver, listener, nil, { session = host_session });
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	240 m_initiated_connections:with_labels(from_host):add(1)
4581 d2eb5962d235 mod_s2s: return true when we sent the stanza, or initiated a new s2sout Kim Alvefur <zash@zash.se> parents: 4580 diff changeset	241 return true;
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	242 end
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	243
5669 9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	244 local function keepalive(event)
11226 b3ae48362f78 mod_s2s: Prevent whitespace keepalives the stream has been opened Kim Alvefur <zash@zash.se> parents: 11118 diff changeset	245 local session = event.session;
b3ae48362f78 mod_s2s: Prevent whitespace keepalives the stream has been opened Kim Alvefur <zash@zash.se> parents: 11118 diff changeset	246 if not session.notopen then
11237 49aeae836ad1 mod_s2s: Fix copypaste mistake in b3ae48362f78 Kim Alvefur <zash@zash.se> parents: 11226 diff changeset	247 return event.session.sends2s(' ');
11226 b3ae48362f78 mod_s2s: Prevent whitespace keepalives the stream has been opened Kim Alvefur <zash@zash.se> parents: 11118 diff changeset	248 end
5669 9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	249 end
9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	250
5713 5cf6dedf36f4 mod_s2s: Add missing global hook for read-timeout Kim Alvefur <zash@zash.se> parents: 5669 diff changeset	251 module:hook("s2s-read-timeout", keepalive, -1);
5cf6dedf36f4 mod_s2s: Add missing global hook for read-timeout Kim Alvefur <zash@zash.se> parents: 5669 diff changeset	252
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	253 function module.add_host(module)
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	254 if module:get_option_boolean("disallow_s2s", false) then
7359 a5a080c12c96 Update every link to the documentation to use HTTPS Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 7278 diff changeset	255 module:log("warn", "The 'disallow_s2s' config option is deprecated, please see https://prosody.im/doc/s2s#disabling");
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	256 return nil, "This host has disallow_s2s set";
3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	257 end
5454 5f69fddf6fb9 mod_s2s: Adjust priority of route/remote hooks to negative values (like most other internal hooks) Kim Alvefur <zash@zash.se> parents: 5423 diff changeset	258 module:hook("route/remote", route_to_existing_session, -1);
5f69fddf6fb9 mod_s2s: Adjust priority of route/remote hooks to negative values (like most other internal hooks) Kim Alvefur <zash@zash.se> parents: 5423 diff changeset	259 module:hook("route/remote", route_to_new_session, -10);
12810 871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	260 module:hook("s2sout-stream-features", function (event)
871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	261 if stanza_size_limit then
871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	262 event.features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" })
13093 93c68c454cb8 mod_c2s,mod_s2s: Fix tag name for SLA (thanks mjk) Kim Alvefur <zash@zash.se> parents: 12977 diff changeset	263 :text_tag("max-bytes", string.format("%d", stanza_size_limit)):up();
12810 871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	264 end
871d2c95b403 mod_s2s: Advertise stream features on bidi connections Kim Alvefur <zash@zash.se> parents: 12808 diff changeset	265 end);
12811 ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	266 module:hook_tag("urn:xmpp:bidi", "bidi", function(session, stanza)
ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	267 -- Advertising features on bidi connections where no <stream:features> is sent in the other direction
ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	268 local limits = stanza:get_child("limits", "urn:xmpp:stream-limits:0");
ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	269 if limits then
13093 93c68c454cb8 mod_c2s,mod_s2s: Fix tag name for SLA (thanks mjk) Kim Alvefur <zash@zash.se> parents: 12977 diff changeset	270 session.outgoing_stanza_size_limit = tonumber(limits:get_child_text("max-bytes"));
12811 ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	271 end
ccc0bdad82cc mod_s2s: Retrieve stanza size limit from peer for bidi connections Kim Alvefur <zash@zash.se> parents: 12810 diff changeset	272 end, 100);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	273 module:hook("s2s-authenticated", make_authenticated, -1);
5669 9345c161481f mod_c2s, mod_s2s: Fire an event on read timeouts Kim Alvefur <zash@zash.se> parents: 5661 diff changeset	274 module:hook("s2s-read-timeout", keepalive, -1);
13382 f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	275 module:hook("smacks-ack-delayed", function (event)
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	276 if event.origin.type == "s2sin" or event.origin.type == "s2sout" then
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	277 event.origin:close("connection-timeout");
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	278 return true;
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	279 end
f70311588c77 mod_s2s: Close connection on smacks timeout Kim Alvefur <zash@zash.se> parents: 13298 diff changeset	280 end, -1);
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	281 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) -- luacheck: ignore 212/stanza
12808 12bd40b8e105 mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits Advertisement Kim Alvefur <zash@zash.se> parents: 12807 diff changeset	282 local limits = stanza:get_child("limits", "urn:xmpp:stream-limits:0");
12806 751bdd412915 mod_s2s: Record stanza size limit advertised by other servers Kim Alvefur <zash@zash.se> parents: 12805 diff changeset	283 if limits then
13093 93c68c454cb8 mod_c2s,mod_s2s: Fix tag name for SLA (thanks mjk) Kim Alvefur <zash@zash.se> parents: 12977 diff changeset	284 session.outgoing_stanza_size_limit = tonumber(limits:get_child_text("max-bytes"));
12806 751bdd412915 mod_s2s: Record stanza size limit advertised by other servers Kim Alvefur <zash@zash.se> parents: 12805 diff changeset	285 end
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	286 if session.type == "s2sout" then
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	287 -- Stream is authenticated and we are seem to be done with feature negotiation,
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	288 -- so the stream is ready for stanzas. RFC 6120 Section 4.3
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	289 mark_connected(session);
6403 166d1bd8fc38 core.stanza_router, mod_s2s: Move handling of S2S features to mod_s2s from stanza_router Kim Alvefur <zash@zash.se> parents: 6382 diff changeset	290 return true;
10457 0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	291 elseif require_encryption and not session.secure then
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	292 session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host);
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	293 session:close({
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	294 condition = "policy-violation",
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	295 text = "Encrypted server-to-server communication is required but was not offered",
0c44090cb168 mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied Kim Alvefur <zash@zash.se> parents: 10456 diff changeset	296 }, nil, "Could not establish encrypted connection to remote server");
10459 7456eaa83b15 mod_s2s: Prevent unhandled stanza handler from complaining about stream features on aborted connections Kim Alvefur <zash@zash.se> parents: 10457 diff changeset	297 return true;
6426 e5945fb5b71f mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present Kim Alvefur <zash@zash.se> parents: 6403 diff changeset	298 elseif not session.dialback_verifying then
e5945fb5b71f mod_s2s: Close s2s connections that can not proceed due to mod_dialback not being present Kim Alvefur <zash@zash.se> parents: 6403 diff changeset	299 session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up");
10311 1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	300 session:close({
1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	301 condition = "unsupported-feature",
1bb1e16f24b0 mod_s2s: Close with a stream error in case neither SASL or Dialback are available Kim Alvefur <zash@zash.se> parents: 10249 diff changeset	302 text = "No viable authentication method offered",
10426 dd4eb84d92a8 mod_s2s: Add error text for error replies on some s2s failures (#770) Kim Alvefur <zash@zash.se> parents: 10425 diff changeset	303 }, nil, "No viable authentication method offered by remote server");
10459 7456eaa83b15 mod_s2s: Prevent unhandled stanza handler from complaining about stream features on aborted connections Kim Alvefur <zash@zash.se> parents: 10457 diff changeset	304 return true;
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	305 end
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	306 end, -1);
11683 41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	307
41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	308 function module.unload()
11684 8b0baf3003fb mod_s2s: Don't close connections on reload Kim Alvefur <zash@zash.se> parents: 11683 diff changeset	309 if module.reloading then return end
11683 41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	310 for _, session in pairs(sessions) do
12681 16ea01745dbe mod_s2s: Simplify conditionals since all sessions should have .host now Kim Alvefur <zash@zash.se> parents: 12680 diff changeset	311 if session.host == module.host then
11683 41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	312 session:close("host-gone");
41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	313 end
41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	314 end
41b144a93897 mod_s2s: Close connections attached to a host being deactivated Kim Alvefur <zash@zash.se> parents: 11682 diff changeset	315 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	316 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	317
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	318 -- Stream is authorised, and ready for normal stanzas
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	319 function mark_connected(session)
8267 42fad8465537 mod_s2s: Use a separate resolver object for each outgoing session Matthew Wild <mwild1@gmail.com> parents: 8234 diff changeset	320
6683 873ad1023eb0 mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed Kim Alvefur <zash@zash.se> parents: 6600 diff changeset	321 local sendq = session.sendq;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	322
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	323 local from, to = session.from_host, session.to_host;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	324
5800 3a48acbcb7f3 mod_s2s: Captitalize log messages that begin with a stream direction Kim Alvefur <zash@zash.se> parents: 5776 diff changeset	325 session.log("info", "%s s2s connection %s->%s complete", session.direction:gsub("^.", string.upper), from, to);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	326
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	327 local event_data = { session = session };
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	328 if session.type == "s2sout" then
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	329 module:fire_event("s2sout-established", event_data);
f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	330 module:context(from):fire_event("s2sout-established", event_data);
10247 5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	331
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	332 if session.incoming then
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	333 session.send = function(stanza)
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	334 return module:context(from):fire_event("route/remote", { from_host = from, to_host = to, stanza = stanza });
10247 5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	335 end;
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	336 end
5de65f30fe5e mod_s2s: Add function to send replies on s2sout connections that support incoming traffic Kim Alvefur <zash@zash.se> parents: 10246 diff changeset	337
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	338 else
10248 d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	339 if session.outgoing and not hosts[to].s2sout[from] then
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	340 session.log("debug", "Setting up to handle route from %s to %s", to, from);
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	341 hosts[to].s2sout[from] = session; -- luacheck: ignore 122
d7cadd118053 mod_s2s: Insert s2sin into outgoing routing table when bidirectional Kim Alvefur <zash@zash.se> parents: 10247 diff changeset	342 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	343 local host_session = hosts[to];
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	344 session.send = function(stanza)
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	345 return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza });
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	346 end;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	347
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	348 module:fire_event("s2sin-established", event_data);
f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	349 module:context(to):fire_event("s2sin-established", event_data);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	350 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	351
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	352 if session.direction == "outgoing" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	353 if sendq then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	354 session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host);
6683 873ad1023eb0 mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed Kim Alvefur <zash@zash.se> parents: 6600 diff changeset	355 local send = session.sends2s;
12462 11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	356 for i, stanza in ipairs(sendq) do
11765f0605ec mod_s2s: Store real stanzas in session.sendq, rather than strings Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	357 send(stanza);
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	358 sendq[i] = nil;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	359 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	360 session.sendq = nil;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	361 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	362 end
11678 f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	363
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	364 if session.connect_timeout then
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	365 stop_timer(session.connect_timeout);
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	366 session.connect_timeout = nil;
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	367 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	368 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	369
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	370 function make_authenticated(event)
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	371 local session, host = event.session, event.host;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	372 if not session.secure then
5594 ad66ee47b674 mod_s2s: Fix interaction between s2s_secure_auth and s2s_require_encryption, in particular ensure that when s2s_require_encryption is NOT set, do not require encryption on s2s_insecure_domains. Matthew Wild <mwild1@gmail.com> parents: 5533 diff changeset	373 if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	374 session:close({
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	375 condition = "policy-violation",
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	376 text = "Encrypted server-to-server communication is required but was not "
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	377 ..((session.direction == "outgoing" and "offered") or "used")
10426 dd4eb84d92a8 mod_s2s: Add error text for error replies on some s2s failures (#770) Kim Alvefur <zash@zash.se> parents: 10425 diff changeset	378 }, nil, "Could not establish encrypted connection to remote server");
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	379 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	380 end
12474 8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	381
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	382 if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	383 session:close({
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	384 condition = "policy-violation";
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	385 text = "Failed to verify certificate (internal error)";
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	386 });
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	387 return;
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	388 end
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	389
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	390 if hosts[host] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	391 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	392 end
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	393 if session.type == "s2sout_unauthed" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	394 session.type = "s2sout";
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	395 elseif session.type == "s2sin_unauthed" then
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	396 session.type = "s2sin";
10246 19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	397 elseif session.type ~= "s2sin" and session.type ~= "s2sout" then
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	398 return false;
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	399 end
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	400
19d7a2e7b9c4 mod_s2s: Handle authentication of s2sin and s2sout the same way Kim Alvefur <zash@zash.se> parents: 10240 diff changeset	401 if session.incoming and host then
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	402 if not session.hosts[host] then session.hosts[host] = {}; end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	403 session.hosts[host].authed = true;
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	404 end
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	405 session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host);
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	406
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	407 local local_host = session.direction == "incoming" and session.to_host or session.from_host
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	408 m_authn_connections:with_labels(local_host, session.direction, event.mechanism or "other"):add(1)
15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	409
6146 ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	410 if (session.type == "s2sout" and session.external_auth ~= "succeeded") or session.type == "s2sin" then
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	411 -- Stream either used dialback for authentication or is an incoming stream.
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	412 mark_connected(session);
ac4f8770d9aa mod_s2s: Follow XMPP Core on when a stream is to be considered ready Kim Alvefur <zash@zash.se> parents: 6085 diff changeset	413 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	414
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	415 return true;
4818 3bda6fc02652 mod_s2s: Become a shared module (yay) Matthew Wild <mwild1@gmail.com> parents: 4814 diff changeset	416 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	417
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	418 --- Helper to check that a session peer's certificate is valid
11558 d0e9ffccdef9 mod_dialback: Remove d-w-d feature Kim Alvefur <zash@zash.se> parents: 11540 diff changeset	419 local function check_cert_status(session)
5387 1130887e0d41 mod_s2s: session.from_host does not allways exist on incoming connections, true and nil or "our hostname" does not evaluate to what we want here Kim Alvefur <zash@zash.se> parents: 5368 diff changeset	420 local host = session.direction == "outgoing" and session.to_host or session.from_host
12480 7e9ebdc75ce4 net: isolate LuaSec-specifics Jonas Schäfer <jonas@wielicki.name> parents: 12476 diff changeset	421 local conn = session.conn
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	422 local cert
12480 7e9ebdc75ce4 net: isolate LuaSec-specifics Jonas Schäfer <jonas@wielicki.name> parents: 12476 diff changeset	423 if conn.ssl_peercertificate then
7e9ebdc75ce4 net: isolate LuaSec-specifics Jonas Schäfer <jonas@wielicki.name> parents: 12476 diff changeset	424 cert = conn:ssl_peercertificate()
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	425 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	426
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	427 return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	428 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	429
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	430 --- XMPP stream event handlers
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	431
11772 e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	432 local function session_secure(session)
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	433 session.secure = true;
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	434 session.encrypted = true;
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	435
12480 7e9ebdc75ce4 net: isolate LuaSec-specifics Jonas Schäfer <jonas@wielicki.name> parents: 12476 diff changeset	436 local info = session.conn:ssl_info();
11772 e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	437 if type(info) == "table" then
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	438 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher);
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	439 session.compressed = info.compression;
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	440 m_tls_params:with_labels(info.protocol, info.cipher):add(1)
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	441 else
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	442 (session.log or log)("info", "Stream encrypted");
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	443 end
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	444 end
e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	445
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	446 local stream_callbacks = { default_ns = "jabber:server" };
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	447
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	448 function stream_callbacks.handlestanza(session, stanza)
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	449 stanza = session.filter("stanzas/in", stanza);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	450 session.thread:run(stanza);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	451 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	452
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	453 local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	454
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	455 function stream_callbacks.streamopened(session, attr)
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	456 -- run _streamopened in async context
10809 86ea811ee25b mod_s2s: Improve signaling of stream open events Kim Alvefur <zash@zash.se> parents: 10648 diff changeset	457 session.thread:run({ stream = "opened", attr = attr });
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	458 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	459
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	460 function stream_callbacks._streamopened(session, attr)
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	461 session.version = tonumber(attr.version) or 0;
10115 c0bd5daa9c7f mod_s2s: Distinguish between high and low level errors in bounces Kim Alvefur <zash@zash.se> parents: 10111 diff changeset	462 session.had_stream = true; -- Had a stream opened at least once
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	463
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	464 -- TODO: Rename session.secure to session.encrypted
12602 9184fe3d489a mod_tls: Record STARTTLS state so it can be shown in Shell Kim Alvefur <zash@zash.se> parents: 12494 diff changeset	465 if session.secure == false then -- Set by mod_tls during STARTTLS handshake
9184fe3d489a mod_tls: Record STARTTLS state so it can be shown in Shell Kim Alvefur <zash@zash.se> parents: 12494 diff changeset	466 session.starttls = "completed";
11772 e2155e2703dd mod_s2s: Factor out procedure for newly encrypted sessions Kim Alvefur <zash@zash.se> parents: 11770 diff changeset	467 session_secure(session);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	468 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	469
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	470 if session.direction == "incoming" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	471 -- Send a reply stream header
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	472
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	473 -- Validate to/from
10381 66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	474 local to, from = attr.to, attr.from;
66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	475 if to then to = nameprep(attr.to); end
66fa45d24481 mod_s2s: Only nameprep stream to/from addresses if they are present Kim Alvefur <zash@zash.se> parents: 10311 diff changeset	476 if from then from = nameprep(attr.from); end
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	477 if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts)
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	478 session:close({ condition = "improper-addressing", text = "Invalid 'to' address" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	479 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	480 end
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	481 if not from and attr.from then -- COMPAT: Some servers do not reliably set 'from' (especially on stream restarts)
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	482 session:close({ condition = "improper-addressing", text = "Invalid 'from' address" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	483 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	484 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	485
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	486 -- Set session.[from/to]_host if they have not been set already and if
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	487 -- this session isn't already authenticated
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	488 if session.type == "s2sin_unauthed" and from and not session.from_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	489 session.from_host = from;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	490 elseif from ~= session.from_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	491 session:close({ condition = "improper-addressing", text = "New stream 'from' attribute does not match original" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	492 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	493 end
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	494 if session.type == "s2sin_unauthed" and to and not session.to_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	495 session.to_host = to;
12679 7d4a95ba9b6c mod_s2s: Fix firing buffer drain events Kim Alvefur <zash@zash.se> parents: 12474 diff changeset	496 session.host = to;
4589 8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	497 elseif to ~= session.to_host then
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	498 session:close({ condition = "improper-addressing", text = "New stream 'to' attribute does not match original" });
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	499 return;
8553d822f417 mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated Matthew Wild <mwild1@gmail.com> parents: 4587 diff changeset	500 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	501
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	502 -- For convenience we'll put the sanitised values into these variables
c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	503 to, from = session.to_host, session.from_host;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	504
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	505 session.streamid = uuid_gen();
4590 883611842d3a mod_s2s: Log the entire stream header. Kim Alvefur <zash@zash.se> parents: 4587 diff changeset	506 (session.log or log)("debug", "Incoming s2s received %s", st.stanza("stream:stream", attr):top_tag());
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	507 if to then
c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	508 if not hosts[to] then
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	509 -- Attempting to connect to a host we don't serve
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	510 session:close({
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	511 condition = "host-unknown";
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	512 text = "This host does not serve "..to
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	513 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	514 return;
4834 878f75ccc4fb mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users Matthew Wild <mwild1@gmail.com> parents: 4822 diff changeset	515 elseif not hosts[to].modules.s2s then
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	516 -- Attempting to connect to a host that disallows s2s
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	517 session:close({
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	518 condition = "policy-violation";
4834 878f75ccc4fb mod_s2s, mod_auth_anonymous, hostmanager: Remove disallow_s2s flag, deprecate the config option of the same name (disable mod_s2s instead), and add 'allow_anonymous_s2s' to separately control s2s for anonymous users Matthew Wild <mwild1@gmail.com> parents: 4822 diff changeset	519 text = "Server-to-server communication is disabled for this host";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	520 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	521 return;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	522 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	523 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	524
5390 b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	525 if hosts[from] then
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	526 session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" });
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	527 return;
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	528 end
b3c8757ee4f4 mod_s2s: Prevent s2s to and from hosts we serve locally Kim Alvefur <zash@zash.se> parents: 5389 diff changeset	529
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	530 if session.secure and not session.cert_chain_status then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	531 if check_cert_status(session) == false then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	532 return;
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	533 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	534 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	535
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	536 session:open_stream(session.to_host, session.from_host)
11609 6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	537 if session.destroyed then
6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	538 -- sending the stream opening could have failed during an opportunistic write
6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	539 return
6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	540 end
6dcc45a2e3bc mod_s2s: Bail if connection is destroyed after attempting to open stream Kim Alvefur <zash@zash.se> parents: 11608 diff changeset	541
6684 53635a91c95c mod_s2s: Mark stream as opened directly after opening stream, prevents session.close opening it again Kim Alvefur <zash@zash.se> parents: 6683 diff changeset	542 session.notopen = nil;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	543 if session.version >= 1.0 then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	544 local features = st.stanza("stream:features");
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	545
4820 c65edd3bb334 mod_s2s: Cache to_host and from_host in local variables, and use these instead of repeated lookups Matthew Wild <mwild1@gmail.com> parents: 4819 diff changeset	546 if to then
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	547 module:context(to):fire_event("s2s-stream-features", { origin = session, features = features });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	548 else
5975 0d219631d47b mod_s2s: Include IP in log messages, if host is unavailable Florian Zeitz <florob@babelmonkeys.de> parents: 5769 diff changeset	549 (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host");
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	550 module:fire_event("s2s-stream-features-legacy", { origin = session, features = features });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	551 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	552
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	553 if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then
12805 d96e24bd54e1 mod_s2s: Advertise stanza size limit to other servers Kim Alvefur <zash@zash.se> parents: 12681 diff changeset	554 if stanza_size_limit then
d96e24bd54e1 mod_s2s: Advertise stanza size limit to other servers Kim Alvefur <zash@zash.se> parents: 12681 diff changeset	555 features:reset();
12808 12bd40b8e105 mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits Advertisement Kim Alvefur <zash@zash.se> parents: 12807 diff changeset	556 features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" })
13093 93c68c454cb8 mod_c2s,mod_s2s: Fix tag name for SLA (thanks mjk) Kim Alvefur <zash@zash.se> parents: 12977 diff changeset	557 :text_tag("max-bytes", string.format("%d", stanza_size_limit)):up();
12805 d96e24bd54e1 mod_s2s: Advertise stanza size limit to other servers Kim Alvefur <zash@zash.se> parents: 12681 diff changeset	558 end
d96e24bd54e1 mod_s2s: Advertise stanza size limit to other servers Kim Alvefur <zash@zash.se> parents: 12681 diff changeset	559
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	560 log("debug", "Sending stream features: %s", features);
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	561 session.sends2s(features);
7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	562 else
7865 a8cc495a65dc mod_s2s: Clarify that it is stream features that can't be offered (here too) Kim Alvefur <zash@zash.se> parents: 7679 diff changeset	563 (session.log or log)("warn", "No stream features to offer, giving up");
a8cc495a65dc mod_s2s: Clarify that it is stream features that can't be offered (here too) Kim Alvefur <zash@zash.se> parents: 7679 diff changeset	564 session:close({ condition = "undefined-condition", text = "No stream features to offer" });
6846 7eb166fa1f26 mod_c2s, mod_s2s: Close incoming connections if there are no features to offer on incomplete streams (fixes #285) Kim Alvefur <zash@zash.se> parents: 6685 diff changeset	565 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	566 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	567 elseif session.direction == "outgoing" then
6359 c74670b3be53 mod_s2s: Mark stream as opened earlier for outgoing connections, fixes double stream headers on policy failures Kim Alvefur <zash@zash.se> parents: 5975 diff changeset	568 session.notopen = nil;
6378 3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	569 if not attr.id then
7677 8613086779fa mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered protocol issues Matthew Wild <mwild1@gmail.com> parents: 7100 diff changeset	570 log("warn", "Stream response did not give us a stream id!");
6378 3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	571 session:close({ condition = "undefined-condition", text = "Missing stream ID" });
3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	572 return;
3cec0eef0b70 mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error Kim Alvefur <zash@zash.se> parents: 6364 diff changeset	573 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	574 session.streamid = attr.id;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	575
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	576 if session.secure and not session.cert_chain_status then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	577 if check_cert_status(session) == false then
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	578 return;
12474 8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	579 else
8fac32810144 mod_s2s: Improve robustness of outgoing s2s certificate verification Matthew Wild <mwild1@gmail.com> parents: 12362 diff changeset	580 session.authenticated_remote = true;
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	581 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	582 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	583
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	584 -- If server is pre-1.0, don't wait for features, just do dialback
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	585 if session.version < 1.0 then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	586 if not session.dialback_verifying then
11668 f18fbae6d9fe mod_s2s: Use module API to fire events Kim Alvefur <zash@zash.se> parents: 11624 diff changeset	587 module:context(session.from_host):fire_event("s2sout-authenticate-legacy", { origin = session });
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	588 else
5362 612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event Matthew Wild <mwild1@gmail.com> parents: 5351 diff changeset	589 mark_connected(session);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	590 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	591 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	592 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	593 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	594
10810 8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	595 function stream_callbacks._streamclosed(session)
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	596 (session.log or log)("debug", "Received </stream:stream>");
4988 29bdf68ad142 mod_s2s: Adjust session:close() in line with mod_c2s's - fixes waiting for </stream:stream> if it has already been sent by the peer Matthew Wild <mwild1@gmail.com> parents: 4969 diff changeset	597 session:close(false);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	598 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	599
10810 8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	600 function stream_callbacks.streamclosed(session, attr)
8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	601 -- run _streamclosed in async context
8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	602 session.thread:run({ stream = "closed", attr = attr });
8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	603 end
8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	604
11682 7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	605 -- Some stream conditions indicate a problem on our end, e.g. that we sent
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	606 -- something invalid. Those should be investigated. Others are problems or
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	607 -- events in the remote host that don't affect us, or simply that the
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	608 -- connection was closed for being idle.
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	609 local stream_condition_severity = {
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	610 ["bad-format"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	611 ["bad-namespace-prefix"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	612 ["conflict"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	613 ["connection-timeout"] = "debug";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	614 ["host-gone"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	615 ["host-unknown"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	616 ["improper-addressing"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	617 ["internal-server-error"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	618 ["invalid-from"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	619 ["invalid-namespace"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	620 ["invalid-xml"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	621 ["not-authorized"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	622 ["not-well-formed"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	623 ["policy-violation"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	624 ["remote-connection-failed"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	625 ["reset"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	626 ["resource-constraint"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	627 ["restricted-xml"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	628 ["see-other-host"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	629 ["system-shutdown"] = "info";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	630 ["undefined-condition"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	631 ["unsupported-encoding"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	632 ["unsupported-feature"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	633 ["unsupported-stanza-type"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	634 ["unsupported-version"] = "warn";
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	635 }
7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	636
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	637 function stream_callbacks.error(session, error, data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	638 if error == "no-stream" then
6364 4e93e8768c36 mod_c2s, mod_s2s: Log received invalid stream headers Matthew Wild <mwild1@gmail.com> parents: 6362 diff changeset	639 session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}")));
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	640 session:close("invalid-namespace");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	641 elseif error == "parse-error" then
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	642 session.log("debug", "Server-to-server XML parse error: %s", error);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	643 session:close("not-well-formed");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	644 elseif error == "stream-error" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	645 local condition, text = "undefined-condition";
8233 4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	646 for child in data:childtags(nil, xmlns_xmpp_streams) do
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	647 if child.name ~= "text" then
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	648 condition = child.name;
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	649 else
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	650 text = child:get_text();
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	651 end
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	652 if condition ~= "undefined-condition" and text then
4e7269c53659 mod_component, mod_s2s: Iterate over child tags instead of child nodes (can include text) in stream error (same as 176b7f4e4ac9) Kim Alvefur <zash@zash.se> parents: 7677 diff changeset	653 break;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	654 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	655 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	656 text = condition .. (text and (" ("..text..")") or "");
11682 7843f1ca3b33 mod_s2s: Vary log level by remote stream error Kim Alvefur <zash@zash.se> parents: 11678 diff changeset	657 session.log(stream_condition_severity[condition] or "info", "Session closed by remote with error: %s", text);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	658 session:close(nil, text);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	659 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	660 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	661
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	662 --- Session methods
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	663 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
10632 c9de8275aaf2 mod_s2s: Comment on the various 'reason' arguments passed to :close Kim Alvefur <zash@zash.se> parents: 10625 diff changeset	664 -- reason: stream error to send to the remote server
c9de8275aaf2 mod_s2s: Comment on the various 'reason' arguments passed to :close Kim Alvefur <zash@zash.se> parents: 10625 diff changeset	665 -- remote_reason: stream error received from the remote server
10648 2bd17e043275 mod_s2s: Fix typo in comment [codespell] Kim Alvefur <zash@zash.se> parents: 10632 diff changeset	666 -- bounce_reason: stanza error to pass to bounce_sendq because stream- and stanza errors are different
10425 42cf93ff4618 s2s: Allow passing a custom error for bouncing queued stanzas (#770) Kim Alvefur <zash@zash.se> parents: 10421 diff changeset	667 local function session_close(session, reason, remote_reason, bounce_reason)
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	668 local log = session.log or log;
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	669 if not session.conn then
11670 7f6c816a2c09 mod_s2s: Log debug message on attempted close of an connectionless session Kim Alvefur <zash@zash.se> parents: 11669 diff changeset	670 log("debug", "Attempt to close without associated connection with reason %q", reason);
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	671 return
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	672 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	673
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	674 local conn = session.conn;
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	675 conn:pause_writes(); -- until :close
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	676 if session.notopen then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	677 if session.direction == "incoming" then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	678 session:open_stream(session.to_host, session.from_host);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	679 else
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	680 session:open_stream(session.from_host, session.to_host);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	681 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	682 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	683
11704 0a8671f32424 mod_s2s: Guard against missing 'to' on incoming stream Kim Alvefur <zash@zash.se> parents: 11684 diff changeset	684 local this_host = session.direction == "outgoing" and session.from_host or session.to_host
11859 14cf34d35c30 mod_s2s: Don't pass unknown hostnames as stats label Kim Alvefur <zash@zash.se> parents: 11775 diff changeset	685 if not hosts[this_host] then this_host = ":unknown"; end
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	686
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	687 if reason then -- nil == no err, initiated by us, false == initiated by remote
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	688 local stream_error;
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	689 local condition, text, extra
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	690 if type(reason) == "string" then -- assume stream error
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	691 condition = reason
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	692 elseif type(reason) == "table" and not st.is_stanza(reason) then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	693 condition = reason.condition or "undefined-condition"
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	694 text = reason.text
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	695 extra = reason.extra
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	696 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	697 if condition then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	698 stream_error = st.stanza("stream:error"):tag(condition, stream_xmlns_attr):up();
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	699 if text then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	700 stream_error:tag("text", stream_xmlns_attr):text(text):up();
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	701 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	702 if extra then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	703 stream_error:add_child(extra);
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	704 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	705 end
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	706 if this_host and condition then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	707 m_closed_connections:with_labels(this_host, session.direction, condition):add(1)
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	708 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	709 if st.is_stanza(stream_error) then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	710 -- to and from are never unknown on outgoing connections
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	711 log("debug", "Disconnecting %s->%s[%s], <stream:error> is: %s",
11867 bb20cfd4884f mod_s2s: Fix logging of <stream:error> consistency with other mods Kim Alvefur <zash@zash.se> parents: 11859 diff changeset	712 session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, stream_error);
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	713 session.sends2s(stream_error);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	714 end
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	715 else
11705 7132acfd287e mod_s2s: Handle measurement where the local host is unknown Kim Alvefur <zash@zash.se> parents: 11704 diff changeset	716 m_closed_connections:with_labels(this_host or ":unknown", session.direction, reason == false and ":remote-choice" or ":local-choice"):add(1)
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	717 end
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	718
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	719 session.sends2s("</stream:stream>");
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	720 function session.sends2s() return false; end
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	721
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	722 -- luacheck: ignore 422/reason 412/reason
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	723 -- FIXME reason should be managed in a place common to c2s, s2s, bosh, component etc
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	724 local reason = remote_reason or (reason and (reason.text or reason.condition)) or reason;
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	725 session.log("info", "%s s2s stream %s->%s closed: %s", session.direction:gsub("^.", string.upper),
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	726 session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed");
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	727
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	728 conn:resume_writes();
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	729
11678 f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	730 if session.connect_timeout then
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	731 stop_timer(session.connect_timeout);
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	732 session.connect_timeout = nil;
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	733 end
f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	734
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	735 -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	736 if reason == nil and not session.notopen and session.direction == "incoming" then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	737 add_task(stream_close_timeout, function ()
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	738 if not session.destroyed then
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	739 session.log("warn", "Failed to receive a stream close response, closing connection anyway...");
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	740 s2s_destroy_session(session, reason, bounce_reason);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	741 conn:close();
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	742 end
11669 bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	743 end);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	744 else
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	745 s2s_destroy_session(session, reason, bounce_reason);
bca75f34d374 mod_s2s: Drop level of indentation by inverting a condition and early return Kim Alvefur <zash@zash.se> parents: 11668 diff changeset	746 conn:close(); -- Close immediately, as this is an outgoing connection or is not authed
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	747 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	748 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	749
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	750 function session_stream_attrs(session, from, to, attr) -- luacheck: ignore 212/session
5533 df3c78221f26 mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338 Matthew Wild <mwild1@gmail.com> parents: 5522 diff changeset	751 if not from or (hosts[from] and hosts[from].modules.dialback) then
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	752 attr["xmlns:db"] = 'jabber:server:dialback';
901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	753 end
6602 61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	754 if not from then
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	755 attr.from = '';
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	756 end
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	757 if not to then
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	758 attr.to = '';
61b6a4fc65f1 Merge 0.9->0.10 Matthew Wild <mwild1@gmail.com> parents: 6473 6600 diff changeset	759 end
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	760 end
901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	761
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	762 -- Session initialization logic shared by incoming and outgoing
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	763 local function initialize_session(session)
10850 bd2814f900dd mod_c2s,mod_s2s: Make stanza size limits configurable Kim Alvefur <zash@zash.se> parents: 10849 diff changeset	764 local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit);
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	765
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	766 session.thread = runner(function (stanza)
10809 86ea811ee25b mod_s2s: Improve signaling of stream open events Kim Alvefur <zash@zash.se> parents: 10648 diff changeset	767 if st.is_stanza(stanza) then
86ea811ee25b mod_s2s: Improve signaling of stream open events Kim Alvefur <zash@zash.se> parents: 10648 diff changeset	768 core_process_stanza(session, stanza);
86ea811ee25b mod_s2s: Improve signaling of stream open events Kim Alvefur <zash@zash.se> parents: 10648 diff changeset	769 elseif stanza.stream == "opened" then
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	770 stream_callbacks._streamopened(session, stanza.attr);
10810 8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	771 elseif stanza.stream == "closed" then
8a0a923e1ced mod_s2s: Run stream close in async context Kim Alvefur <zash@zash.se> parents: 10809 diff changeset	772 stream_callbacks._streamclosed(session, stanza.attr);
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	773 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	774 end, runner_callbacks, session);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	775
6255 6167f8bc5a6b mod_s2s: Decide on log function once Kim Alvefur <zash@zash.se> parents: 6146 diff changeset	776 local log = session.log or log;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	777 session.stream = stream;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	778
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	779 session.notopen = true;
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	780
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	781 function session.reset_stream()
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	782 session.notopen = true;
6362 f5f44504e18b mod_s2s: Reset stream ID when resetting stream [compliance] Kim Alvefur <zash@zash.se> parents: 6359 diff changeset	783 session.streamid = nil;
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	784 session.stream:reset();
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	785 end
5351 901ed253bbf7 mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams Kim Alvefur <zash@zash.se> parents: 5345 diff changeset	786
6085 2f911644f527 mod_s2s: Replace open_stream() with function that only adds s2s/dialback attributes to stream header Kim Alvefur <zash@zash.se> parents: 6069 diff changeset	787 session.stream_attrs = session_stream_attrs;
6069 446148cad35e mod_s2s: Revert e626ee2fe106 change, it broke Dialback Kim Alvefur <zash@zash.se> parents: 6063 diff changeset	788
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	789 local filter = initialize_filters(session);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	790 local conn = session.conn;
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	791 local w = conn.write;
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	792
11773 c5f2b63cf6ff mod_s2s: Handle connections having TLS from the start Kim Alvefur <zash@zash.se> parents: 11772 diff changeset	793 if conn:ssl() then
12602 9184fe3d489a mod_tls: Record STARTTLS state so it can be shown in Shell Kim Alvefur <zash@zash.se> parents: 12494 diff changeset	794 -- Direct TLS was used
11773 c5f2b63cf6ff mod_s2s: Handle connections having TLS from the start Kim Alvefur <zash@zash.se> parents: 11772 diff changeset	795 session_secure(session);
c5f2b63cf6ff mod_s2s: Handle connections having TLS from the start Kim Alvefur <zash@zash.se> parents: 11772 diff changeset	796 end
c5f2b63cf6ff mod_s2s: Handle connections having TLS from the start Kim Alvefur <zash@zash.se> parents: 11772 diff changeset	797
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	798 function session.sends2s(t)
9069 22e5f11c778a sessionmanager, mod_s2s: Bring debug line for outgoing stanzas in line with that for incoming Kim Alvefur <zash@zash.se> parents: 9068 diff changeset	799 log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?"));
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	800 if t.name then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	801 t = filter("stanzas/out", t);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	802 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	803 if t then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	804 t = filter("bytes/out", tostring(t));
12807 f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	805 if session.outgoing_stanza_size_limit and #t > session.outgoing_stanza_size_limit then
f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	806 log("warn", "Attempt to send a stanza exceeding session limit of %dB (%dB)!", session.outgoing_stanza_size_limit, #t);
f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	807 -- TODO Pass identifiable error condition back to allow appropriate handling
f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	808 return false
f0f7b0c61465 mod_s2s: Avoid sending too large stanzas Kim Alvefur <zash@zash.se> parents: 12806 diff changeset	809 end
6256 d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	810 if t then
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	811 return w(conn, t);
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	812 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	813 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	814 end
d05627c89c99 mod_s2s: Move filter initialization to common place Kim Alvefur <zash@zash.se> parents: 6255 diff changeset	815
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	816 function session.data(data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	817 data = filter("bytes/in", data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	818 if data then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	819 local ok, err = stream:feed(data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	820 if ok then return; end
10111 0f335815244f plugins: Remove tostring call from logging Kim Alvefur <zash@zash.se> parents: 9854 diff changeset	821 log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
10849 19e7092e062c mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Kim Alvefur <zash@zash.se> parents: 10810 diff changeset	822 if err == "stanza-too-large" then
11770 d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	823 session:close({
d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	824 condition = "policy-violation",
d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	825 text = "XML stanza is too big",
d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	826 extra = st.stanza("stanza-too-big", { xmlns = 'urn:xmpp:errors' }),
d2a9aa1c7ac8 mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk) Kim Alvefur <zash@zash.se> parents: 11742 diff changeset	827 }, nil, "Received invalid XML from remote server");
10849 19e7092e062c mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Kim Alvefur <zash@zash.se> parents: 10810 diff changeset	828 else
19e7092e062c mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Kim Alvefur <zash@zash.se> parents: 10810 diff changeset	829 session:close("not-well-formed", nil, "Received invalid XML from remote server");
19e7092e062c mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Kim Alvefur <zash@zash.se> parents: 10810 diff changeset	830 end
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	831 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	832 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	833
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	834 session.close = session_close;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	835
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	836 local handlestanza = stream_callbacks.handlestanza;
9412 063977461363 mod_s2s: Silence all warnings instead of ignoring the entire module Kim Alvefur <zash@zash.se> parents: 9070 diff changeset	837 function session.dispatch_stanza(session, stanza) -- luacheck: ignore 432/session
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	838 return handlestanza(session, stanza);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	839 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	840
6259 36f611624987 mod_s2s: Fire a 's2s-created' event when new s2s connections are initialized Kim Alvefur <zash@zash.se> parents: 6257 diff changeset	841 module:fire_event("s2s-created", { session = session });
36f611624987 mod_s2s: Fire a 's2s-created' event when new s2s connections are initialized Kim Alvefur <zash@zash.se> parents: 6257 diff changeset	842
11678 f90a337d81a8 mod_s2s: Remove connection timeout once it's no longer needed Kim Alvefur <zash@zash.se> parents: 11670 diff changeset	843 session.connect_timeout = add_task(connect_timeout, function ()
4960 8950510ddb2e mod_s2s: Make unauthed session timeout a little more aggressive... otherwise it's possible for sessions to slip under the net and never get killed off Matthew Wild <mwild1@gmail.com> parents: 4906 diff changeset	844 if session.type == "s2sin" or session.type == "s2sout" then
8950510ddb2e mod_s2s: Make unauthed session timeout a little more aggressive... otherwise it's possible for sessions to slip under the net and never get killed off Matthew Wild <mwild1@gmail.com> parents: 4906 diff changeset	845 return; -- Ok, we're connected
5307 d80e56d8805c mod_s2s: Don't try to close sessions that were destroyed before timeout Kim Alvefur <zash@zash.se> parents: 5281 diff changeset	846 elseif session.type == "s2s_destroyed" then
d80e56d8805c mod_s2s: Don't try to close sessions that were destroyed before timeout Kim Alvefur <zash@zash.se> parents: 5281 diff changeset	847 return; -- Session already destroyed
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	848 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	849 -- Not connected, need to close session and clean up
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	850 (session.log or log)("debug", "Destroying incomplete session %s->%s due to inactivity",
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	851 session.from_host or "(unknown)", session.to_host or "(unknown)");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	852 session:close("connection-timeout");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	853 end);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	854 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	855
7451 464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	856 function runner_callbacks:ready()
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	857 self.data.log("debug", "Runner %s ready (%s)", self.thread, coroutine.status(self.thread));
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	858 self.data.conn:resume();
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	859 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	860
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	861 function runner_callbacks:waiting()
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	862 self.data.log("debug", "Runner %s waiting (%s)", self.thread, coroutine.status(self.thread));
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	863 self.data.conn:pause();
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	864 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	865
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	866 function runner_callbacks:error(err)
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	867 (self.data.log or log)("error", "Traceback[s2s]: %s", err);
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	868 end
464a8a8de625 mod_s2s: Add util.async support Kim Alvefur <zash@zash.se> parents: 7450 diff changeset	869
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	870 function listener.onconnect(conn)
5522 3912c9264ef0 mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually configurable through s2s_tcp_keepalives (thanks yeled) Matthew Wild <mwild1@gmail.com> parents: 5505 diff changeset	871 conn:setoption("keepalive", opt_keepalives);
4906 89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	872 local session = sessions[conn];
89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	873 if not session then -- New incoming connection
89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	874 session = s2s_new_incoming(conn);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	875 sessions[conn] = session;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	876 session.log("debug", "Incoming s2s connection");
12280 74f8739b967a mod_s2s: Add new early s2s-connected events Kim Alvefur <zash@zash.se> parents: 12207 diff changeset	877 module:fire_event("s2sin-connected", { session = session })
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	878 initialize_session(session);
11526 15a3db955ad3 s2s et al.: Add counters for connection state transitions Jonas Schäfer <jonas@wielicki.name> parents: 11525 diff changeset	879 m_accepted_tcp_connections:with_labels():add(1)
4906 89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	880 else -- Outgoing session connected
12280 74f8739b967a mod_s2s: Add new early s2s-connected events Kim Alvefur <zash@zash.se> parents: 12207 diff changeset	881 module:fire_event("s2sout-connected", { session = session })
4906 89df1f03546a mod_s2s, s2sout.lib: Send stream header in onconnect() Matthew Wild <mwild1@gmail.com> parents: 4873 diff changeset	882 session:open_stream(session.from_host, session.to_host);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	883 end
12280 74f8739b967a mod_s2s: Add new early s2s-connected events Kim Alvefur <zash@zash.se> parents: 12207 diff changeset	884 module:fire_event("s2s-connected", { session = session })
5661 f226a0d23e85 mod_s2s: Set s2s_session.ip Kim Alvefur <zash@zash.se> parents: 5638 diff changeset	885 session.ip = conn:ip();
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	886 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	887
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	888 function listener.onincoming(conn, data)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	889 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	890 if session then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	891 session.data(data);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	892 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	893 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	894
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	895 function listener.onstatus(conn, status)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	896 if status == "ssl-handshake-complete" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	897 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	898 if session and session.direction == "outgoing" then
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	899 session.log("debug", "Sending stream header...");
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	900 session:open_stream(session.from_host, session.to_host);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	901 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	902 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	903 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	904
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	905 function listener.ondisconnect(conn, err)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	906 local session = sessions[conn];
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	907 if session then
5274 0d08c0965824 mod_s2s: Remove connection from sessions table as soon as we learn it is disconnected. Fixes a connection/session leak. Matthew Wild <mwild1@gmail.com> parents: 5173 diff changeset	908 sessions[conn] = nil;
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	909 (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed");
10473 b2dd1219a321 mod_s2s: Improve TLS handshake error messages Kim Alvefur <zash@zash.se> parents: 10472 diff changeset	910 if session.secure == false and err then
b2dd1219a321 mod_s2s: Improve TLS handshake error messages Kim Alvefur <zash@zash.se> parents: 10472 diff changeset	911 -- TODO util.error-ify this
b2dd1219a321 mod_s2s: Improve TLS handshake error messages Kim Alvefur <zash@zash.se> parents: 10472 diff changeset	912 err = "Error during negotiation of encrypted connection: "..err;
b2dd1219a321 mod_s2s: Improve TLS handshake error messages Kim Alvefur <zash@zash.se> parents: 10472 diff changeset	913 end
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	914 s2s_destroy_session(session, err);
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	915 end
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	916 module:fire_event("s2s-closed", { session = session; conn = conn });
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	917 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	918
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	919 function listener.onfail(data, err)
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	920 local session = data and data.session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	921 if session then
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	922 if err and session.direction == "outgoing" and session.notopen then
15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	923 (session.log or log)("debug", "s2s connection attempt failed: %s", err);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	924 end
8483 6d47b74926dd mod_s2s: Remove tostring() in logging since this is handled by util.format now Kim Alvefur <zash@zash.se> parents: 8463 diff changeset	925 (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed");
4969 15183193c6a6 mod_s2s: Don't call ondisconnect manually, don't call conn:close() 3 times (!) and merge its logic and streamdisconnected into session_close - including now waiting for a reply </stream:stream> if there is the chance of further stanzas requiring delivery arriving. session.sends2s() on a half-closed stream returns false. Matthew Wild <mwild1@gmail.com> parents: 4968 diff changeset	926 s2s_destroy_session(session, err);
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	927 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	928 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	929
5638 c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	930 function listener.onreadtimeout(conn)
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	931 local session = sessions[conn];
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	932 if session then
12679 7d4a95ba9b6c mod_s2s: Fix firing buffer drain events Kim Alvefur <zash@zash.se> parents: 12474 diff changeset	933 return (hosts[session.host] or prosody).events.fire_event("s2s-read-timeout", { session = session });
5638 c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	934 end
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	935 end
c5b7f4858014 mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died Kim Alvefur <zash@zash.se> parents: 5636 diff changeset	936
11740 b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	937 function listener.ondrain(conn)
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	938 local session = sessions[conn];
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	939 if session then
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	940 return (hosts[session.host] or prosody).events.fire_event("s2s-ondrain", { session = session });
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	941 end
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	942 end
b92f2abe0bda mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Kim Alvefur <zash@zash.se> parents: 11707 diff changeset	943
11742 9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	944 function listener.onpredrain(conn)
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	945 local session = sessions[conn];
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	946 if session then
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	947 return (hosts[session.host] or prosody).events.fire_event("s2s-pre-ondrain", { session = session });
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	948 end
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	949 end
9c450185bac1 mod_c2s,mod_s2s: Fire event just before writes Kim Alvefur <zash@zash.se> parents: 11740 diff changeset	950
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	951 function listener.register_outgoing(conn, session)
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	952 sessions[conn] = session;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	953 initialize_session(session);
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	954 end
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	955
6380 4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	956 function listener.ondetach(conn)
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	957 sessions[conn] = nil;
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	958 end
4220ffb87b22 net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) Matthew Wild <mwild1@gmail.com> parents: 6378 diff changeset	959
10120 756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	960 function listener.onattach(conn, data)
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	961 local session = data and data.session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	962 if session then
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	963 session.conn = conn;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	964 sessions[conn] = session;
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	965 initialize_session(session);
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	966 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	967 end
756b8821007a mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections Kim Alvefur <zash@zash.se> parents: 10115 diff changeset	968
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	969 -- Complete the sentence "Your certificate " with what's wrong
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	970 local function friendly_cert_error(session) --> string
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	971 if session.cert_chain_status == "invalid" then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	972 if session.cert_chain_errors then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	973 local cert_errors = set.new(session.cert_chain_errors[1]);
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	974 if cert_errors:contains("certificate has expired") then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	975 return "has expired";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	976 elseif cert_errors:contains("self signed certificate") then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	977 return "is self-signed";
13253 68d540df46b8 mod_s2s: Fix reporting of DANE mismatch Kim Alvefur <zash@zash.se> parents: 13213 diff changeset	978 elseif cert_errors:contains("no matching DANE TLSA records") then
68d540df46b8 mod_s2s: Fix reporting of DANE mismatch Kim Alvefur <zash@zash.se> parents: 13213 diff changeset	979 return "does not match any DANE TLSA records";
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	980 end
12472 48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	981
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	982 local chain_errors = set.new(session.cert_chain_errors[2]);
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	983 for i, e in pairs(session.cert_chain_errors) do
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	984 if i > 2 then chain_errors:add_list(e); end
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	985 end
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	986 if chain_errors:contains("certificate has expired") then
48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	987 return "has an expired certificate chain";
13253 68d540df46b8 mod_s2s: Fix reporting of DANE mismatch Kim Alvefur <zash@zash.se> parents: 13213 diff changeset	988 elseif chain_errors:contains("no matching DANE TLSA records") then
12473 bb85be686a01 mod_s2s: Distinguish DANE TLSA errors from generic cert chain errors Kim Alvefur <zash@zash.se> parents: 12472 diff changeset	989 return "does not match any DANE TLSA records";
12472 48121960983e mod_s2s: Recognise and report errors with CA or intermediate certs Kim Alvefur <zash@zash.se> parents: 12462 diff changeset	990 end
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	991 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	992 return "is not trusted"; -- for some other reason
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	993 elseif session.cert_identity_status == "invalid" then
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	994 return "is not valid for this name";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	995 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	996 -- this should normally be unreachable except if no s2s auth module was loaded
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	997 return "could not be validated";
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	998 end
698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	999
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1000 function check_auth_policy(event)
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1001 local host, session = event.host, event.session;
5368 ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1002 local must_secure = secure_auth;
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1003
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1004 if not must_secure and secure_domains[host] then
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1005 must_secure = true;
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1006 elseif must_secure and insecure_domains[host] then
ab31dbb3a415 mod_s2s: Fix variable usage in check_auth_policy (thanks Florob) Matthew Wild <mwild1@gmail.com> parents: 5365 diff changeset	1007 must_secure = false;
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1008 end
5776 bd0ff8ae98a8 Remove all trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 5770 diff changeset	1009
5767 3a30ad76a86a mod_s2s: Improve policy check Kim Alvefur <zash@zash.se> parents: 5766 diff changeset	1010 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
10455 698ff3610e57 mod_s2s: Improve error in bounces due to cert validation problems Kim Alvefur <zash@zash.se> parents: 10426 diff changeset	1011 local reason = friendly_cert_error(session);
10472 676e6a1b23d4 mod_s2s: Log from session logger Kim Alvefur <zash@zash.se> parents: 10471 diff changeset	1012 session.log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason);
10456 2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1013 -- XEP-0178 recommends closing outgoing connections without warning
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1014 -- but does not give a rationale for this.
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1015 -- In practice most cases are configuration mistakes or forgotten
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1016 -- certificate renewals. We think it's better to let the other party
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1017 -- know about the problem so that they can fix it.
13444 783706350faa mod_s2s: Comment on why we avoid hostnames in stanza bounce messages Kim Alvefur <zash@zash.se> parents: 13382 diff changeset	1018 --
783706350faa mod_s2s: Comment on why we avoid hostnames in stanza bounce messages Kim Alvefur <zash@zash.se> parents: 13382 diff changeset	1019 -- Note: Bounce message must not include name of server, as it may leak half your JID in semi-anon MUCs.
10456 2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1020 session:close({ condition = "not-authorized", text = "Your server's certificate "..reason },
2ab1cbb1c6b0 mod_s2s: Send stream errors for cert problems on outgoing connections Kim Alvefur <zash@zash.se> parents: 10455 diff changeset	1021 nil, "Remote server's certificate "..reason);
5363 f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1022 return false;
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1023 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1024 end
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1025
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1026 module:hook("s2s-check-certificate", check_auth_policy, -1);
f29c26da7ecc mod_s2s: Add controls for certificate validation via the s2s_secure_auth option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout) Matthew Wild <mwild1@gmail.com> parents: 5362 diff changeset	1027
5281 815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1028 module:hook("server-stopping", function(event)
12298 cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1029 -- Close ports
12977 74b9e05af71e plugins: Prefix module imports with prosody namespace Kim Alvefur <zash@zash.se> parents: 12811 diff changeset	1030 local pm = require "prosody.core.portmanager";
12298 cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1031 for _, netservice in pairs(module.items["net-provider"]) do
cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1032 pm.unregister_service(netservice.name, netservice);
cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1033 end
cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1034
12299 ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1035 -- Stop opening new connections
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1036 for host in pairs(prosody.hosts) do
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1037 if prosody.hosts[host].modules.s2s then
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1038 module:context(host):unhook("route/remote", route_to_new_session);
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1039 end
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1040 end
ff36ac5c7d2b mod_s2s: Disable creation of new outgoing connections during shutdown Kim Alvefur <zash@zash.se> parents: 12298 diff changeset	1041
12311 bc30e1b9ad89 mod_c2s,mod_s2s: Fix error on shutdown (Thanks Martin) Kim Alvefur <zash@zash.se> parents: 12309 diff changeset	1042 local wait, done = async.waiter(1, true);
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1043 module:hook("s2s-closed", function ()
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1044 if next(sessions) == nil then done(); end
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1045 end, 1)
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1046
12298 cb459f8fa740 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions Kim Alvefur <zash@zash.se> parents: 12280 diff changeset	1047 -- Close sessions
5281 815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1048 local reason = event.reason;
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1049 for _, session in pairs(sessions) do
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1050 session:close{ condition = "system-shutdown", text = reason };
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1051 end
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1052
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1053 -- Wait for them to close properly if they haven't already
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1054 if next(sessions) ~= nil then
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1055 module:log("info", "Waiting for sessions to close");
12309 926a6c5d13e7 mod_c2s,mod_s2s: Wrap callback to improve tracebacks Kim Alvefur <zash@zash.se> parents: 12301 diff changeset	1056 add_task(stream_close_timeout + 1, function () done() end);
12301 4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1057 wait();
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1058 end
4f1fe6eb1ddb mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps Kim Alvefur <zash@zash.se> parents: 12299 diff changeset	1059
7100 301d58705667 mod_c2s, mod_s2s: Lower priority of session shutdown to negative, so that plugins hooking at the default priority run first (fixes #601) Kim Alvefur <zash@zash.se> parents: 6684 diff changeset	1060 end, -200);
5281 815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1061
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1062
815c689f85ad prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to respective plugins Kim Alvefur <zash@zash.se> parents: 5274 diff changeset	1063
5120 bcabea740c00 mod_{admin_telnet,c2s,component,http,net_multiplex,s2s}: Use module:provides() instead of module:add_item(). Waqas Hussain <waqas20@gmail.com> parents: 5013 diff changeset	1064 module:provides("net", {
4610 171051f9dd00 mod_c2s: Use module:add_item() to add the net-provider for portmanager Matthew Wild <mwild1@gmail.com> parents: 4601 diff changeset	1065 name = "s2s";
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1066 listener = listener;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1067 default_port = 5269;
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1068 encryption = "starttls";
11367 9525c4b4e5de mod_s2s: Clarify comment about unused TLS settings Kim Alvefur <zash@zash.se> parents: 11238 diff changeset	1069 ssl_config = {
9525c4b4e5de mod_s2s: Clarify comment about unused TLS settings Kim Alvefur <zash@zash.se> parents: 11238 diff changeset	1070 -- FIXME This only applies to Direct TLS, which we don't use yet.
9525c4b4e5de mod_s2s: Clarify comment about unused TLS settings Kim Alvefur <zash@zash.se> parents: 11238 diff changeset	1071 -- This gets applied for real in mod_tls
9852 6ea3cafb6ac3 core.certmanager: Do not ask for client certificates by default Kim Alvefur <zash@zash.se> parents: 9784 diff changeset	1072 verify = { "peer", "client_once", };
6ea3cafb6ac3 core.certmanager: Do not ask for client certificates by default Kim Alvefur <zash@zash.se> parents: 9784 diff changeset	1073 };
4620 e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	1074 multiplex = {
10465 09697a673015 mod_net_multiplex: Add support for using ALPN Kim Alvefur <zash@zash.se> parents: 10459 diff changeset	1075 protocol = "xmpp-server";
4620 e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	1076 pattern = "^<.:stream.%sxmlns%s=%s(['\"])jabber:server%1.*>";
e9dc6ae68c69 mod_c2s, mod_s2s: Add multiplex support Matthew Wild <mwild1@gmail.com> parents: 4610 diff changeset	1077 };
4555 3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1078 });
3dce04129693 s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua Matthew Wild <mwild1@gmail.com> parents: diff changeset	1079
11774 4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1080
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1081 module:provides("net", {
11775 af9c7f3f4735 mod_s2s: Rename Direct TLS listener 's2s_direct_tls' Kim Alvefur <zash@zash.se> parents: 11774 diff changeset	1082 name = "s2s_direct_tls";
11774 4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1083 listener = listener;
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1084 encryption = "ssl";
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1085 ssl_config = {
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1086 verify = { "peer", "client_once", };
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1087 };
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1088 multiplex = {
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1089 protocol = "xmpp-server";
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1090 pattern = "^<.:stream.%sxmlns%s=%s(['\"])jabber:server%1.*>";
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1091 };
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1092 });
4625093b0768 mod_s2s: Add a Direct TLS listener Kim Alvefur <zash@zash.se> parents: 11773 diff changeset	1093

prosody

783706350faa

plugins/mod_s2s.lua

Software / code / prosody

Annotate

plugins/mod_s2s.lua @ 13444:783706350faa

Software `/` code `/` prosody