prosody
0205b97bb355
plugins/mod_admin_telnet.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_admin_telnet.lua @ 6172:0205b97bb355

mod_admin_telnet: Add s2s:show_tls() for showing ciphers used on s2s connections
author Kim Alvefur <zash@zash.se>
date Sun, 11 May 2014 18:51:08 +0200
parent 6171:c69fca37f338
child 6173:1600438c0c14
comparison
equal deleted inserted replaced
6171:c69fca37f338 6172:0205b97bb355
221 print [[c2s:show_insecure() - Show all unencrypted client connections]] 221 print [[c2s:show_insecure() - Show all unencrypted client connections]]
222 print [[c2s:show_secure() - Show all encrypted client connections]] 222 print [[c2s:show_secure() - Show all encrypted client connections]]
223 print [[c2s:close(jid) - Close all sessions for the specified JID]] 223 print [[c2s:close(jid) - Close all sessions for the specified JID]]
224 elseif section == "s2s" then 224 elseif section == "s2s" then
225 print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]] 225 print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]]
226 print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]]
226 print [[s2s:close(from, to) - Close a connection from one domain to another]] 227 print [[s2s:close(from, to) - Close a connection from one domain to another]]
227 print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]] 228 print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]]
228 elseif section == "module" then 229 elseif section == "module" then
229 print [[module:load(module, host) - Load the specified module on the specified host (or all hosts if none given)]] 230 print [[module:load(module, host) - Load the specified module on the specified host (or all hosts if none given)]]
230 print [[module:reload(module, host) - The same, but unloads and loads the module (saving state if the module supports it)]] 231 print [[module:reload(module, host) - The same, but unloads and loads the module (saving state if the module supports it)]]
515 line[#line+1] = "(IPv6)"; 516 line[#line+1] = "(IPv6)";
516 end 517 end
517 return table.concat(line, " "); 518 return table.concat(line, " ");
518 end 519 end
519 520
521 local function tls_info(session, line)
522 line = line or {};
523 if session.secure then
524 local sock = session.conn and session.conn.socket and session.conn:socket();
525 if sock and sock.info then
526 local info = sock:info();
527 line[#line+1] = ("(%s with %s)"):format(info.protocol, info.cipher);
528 else
529 line[#line+1] = "(cipher info unavailable)";
530 end
531 else
532 line[#line+1] = "(insecure)";
533 end
534 return table.concat(line, " ");
535 end
536
520 def_env.c2s = {}; 537 def_env.c2s = {};
521 538
522 local function show_c2s(callback) 539 local function show_c2s(callback)
523 for hostname, host in pairs(hosts) do 540 for hostname, host in pairs(hosts) do
524 for username, user in pairs(host.sessions or {}) do 541 for username, user in pairs(host.sessions or {}) do
589 return true, "Total: "..count.." sessions closed"; 606 return true, "Total: "..count.." sessions closed";
590 end 607 end
591 608
592 609
593 def_env.s2s = {}; 610 def_env.s2s = {};
594 function def_env.s2s:show(match_jid) 611 function def_env.s2s:show(match_jid, annotate)
595 local print = self.session.print; 612 local print = self.session.print;
613 annotate = annotate or session_flags;
596 614
597 local count_in, count_out = 0,0; 615 local count_in, count_out = 0,0;
598 local s2s_list = { }; 616 local s2s_list = { };
599 617
600 local s2s_sessions = module:shared"/*/s2s/sessions"; 618 local s2s_sessions = module:shared"/*/s2s/sessions";
608 direction = "<-"; 626 direction = "<-";
609 count_in = count_in + 1; 627 count_in = count_in + 1;
610 remotehost, localhost = session.from_host or "?", session.to_host or "?"; 628 remotehost, localhost = session.from_host or "?", session.to_host or "?";
611 end 629 end
612 local sess_lines = { l = localhost, r = remotehost, 630 local sess_lines = { l = localhost, r = remotehost,
613 session_flags(session, { "", direction, remotehost or "?", 631 annotate(session, { "", direction, remotehost or "?",
614 "["..session.type..tostring(session):match("[a-f0-9]*$").."]" })}; 632 "["..session.type..tostring(session):match("[a-f0-9]*$").."]" })};
615 633
616 if (not match_jid) or remotehost:match(match_jid) or localhost:match(match_jid) then 634 if (not match_jid) or remotehost:match(match_jid) or localhost:match(match_jid) then
617 table.insert(s2s_list, sess_lines); 635 table.insert(s2s_list, sess_lines);
618 local print = function (s) table.insert(sess_lines, " "..s); end 636 local print = function (s) table.insert(sess_lines, " "..s); end
662 for _, sess_lines in ipairs(s2s_list) do 680 for _, sess_lines in ipairs(s2s_list) do
663 if sess_lines.l ~= lasthost then print(sess_lines.l); lasthost=sess_lines.l end 681 if sess_lines.l ~= lasthost then print(sess_lines.l); lasthost=sess_lines.l end
664 for _, line in ipairs(sess_lines) do print(line); end 682 for _, line in ipairs(sess_lines) do print(line); end
665 end 683 end
666 return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections"; 684 return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections";
685 end
686
687 function def_env.s2s:show_tls(match_jid)
688 return self:show(match_jid, tls_info);
667 end 689 end
668 690
669 local function print_subject(print, subject) 691 local function print_subject(print, subject)
670 for _, entry in ipairs(subject) do 692 for _, entry in ipairs(subject) do
671 print( 693 print(