prosody
612467e263af
core/s2smanager.lua
Software / code / prosody
Comparison
core/s2smanager.lua @ 5362:612467e263af
s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 22 Mar 2013 14:18:23 +0000 |
| parent | 5349:0d11e393201f |
| child | 5366:c1357b7fbca3 |
comparison
equal
deleted
inserted
replaced
| 5361:38e7a5fafb28 | 5362:612467e263af |
|---|---|
| 7 -- | 7 -- |
| 8 | 8 |
| 9 | 9 |
| 10 | 10 |
| 11 local hosts = hosts; | 11 local hosts = hosts; |
| 12 local tostring, pairs, ipairs, getmetatable, newproxy, setmetatable | 12 local tostring, pairs, getmetatable, newproxy, setmetatable |
| 13 = tostring, pairs, ipairs, getmetatable, newproxy, setmetatable; | 13 = tostring, pairs, getmetatable, newproxy, setmetatable; |
| 14 | 14 |
| 15 local logger_init = require "util.logger".init; | 15 local logger_init = require "util.logger".init; |
| 16 | 16 |
| 17 local log = logger_init("s2smanager"); | 17 local log = logger_init("s2smanager"); |
| 18 | |
| 19 local config = require "core.configmanager"; | |
| 20 | 18 |
| 21 local prosody = _G.prosody; | 19 local prosody = _G.prosody; |
| 22 incoming_s2s = {}; | 20 incoming_s2s = {}; |
| 23 prosody.incoming_s2s = incoming_s2s; | 21 prosody.incoming_s2s = incoming_s2s; |
| 24 local incoming_s2s = incoming_s2s; | 22 local incoming_s2s = incoming_s2s; |
| 45 notopen = true, type = "s2sout_unauthed", direction = "outgoing" }; | 43 notopen = true, type = "s2sout_unauthed", direction = "outgoing" }; |
| 46 hosts[from_host].s2sout[to_host] = host_session; | 44 hosts[from_host].s2sout[to_host] = host_session; |
| 47 local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$"); | 45 local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$"); |
| 48 host_session.log = logger_init(conn_name); | 46 host_session.log = logger_init(conn_name); |
| 49 return host_session; | 47 return host_session; |
| 50 end | |
| 51 | |
| 52 function make_authenticated(session, host) | |
| 53 if not session.secure then | |
| 54 local local_host = session.direction == "incoming" and session.to_host or session.from_host; | |
| 55 if config.get(local_host, "core", "s2s_require_encryption") then | |
| 56 session:close({ | |
| 57 condition = "policy-violation", | |
| 58 text = "Encrypted server-to-server communication is required but was not " | |
| 59 ..((session.direction == "outgoing" and "offered") or "used") | |
| 60 }); | |
| 61 end | |
| 62 end | |
| 63 if session.type == "s2sout_unauthed" then | |
| 64 session.type = "s2sout"; | |
| 65 elseif session.type == "s2sin_unauthed" then | |
| 66 session.type = "s2sin"; | |
| 67 if host then | |
| 68 if not session.hosts[host] then session.hosts[host] = {}; end | |
| 69 session.hosts[host].authed = true; | |
| 70 end | |
| 71 elseif session.type == "s2sin" and host then | |
| 72 if not session.hosts[host] then session.hosts[host] = {}; end | |
| 73 session.hosts[host].authed = true; | |
| 74 else | |
| 75 return false; | |
| 76 end | |
| 77 session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host); | |
| 78 | |
| 79 mark_connected(session); | |
| 80 | |
| 81 return true; | |
| 82 end | |
| 83 | |
| 84 -- Stream is authorised, and ready for normal stanzas | |
| 85 function mark_connected(session) | |
| 86 local sendq, send = session.sendq, session.sends2s; | |
| 87 | |
| 88 local from, to = session.from_host, session.to_host; | |
| 89 | |
| 90 session.log("info", "%s s2s connection %s->%s complete", session.direction, from, to); | |
| 91 | |
| 92 local event_data = { session = session }; | |
| 93 if session.type == "s2sout" then | |
| 94 fire_event("s2sout-established", event_data); | |
| 95 hosts[from].events.fire_event("s2sout-established", event_data); | |
| 96 else | |
| 97 local host_session = hosts[to]; | |
| 98 session.send = function(stanza) | |
| 99 return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza }); | |
| 100 end; | |
| 101 | |
| 102 fire_event("s2sin-established", event_data); | |
| 103 hosts[to].events.fire_event("s2sin-established", event_data); | |
| 104 end | |
| 105 | |
| 106 if session.direction == "outgoing" then | |
| 107 if sendq then | |
| 108 session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host); | |
| 109 for i, data in ipairs(sendq) do | |
| 110 send(data[1]); | |
| 111 sendq[i] = nil; | |
| 112 end | |
| 113 session.sendq = nil; | |
| 114 end | |
| 115 | |
| 116 session.ip_hosts = nil; | |
| 117 session.srv_hosts = nil; | |
| 118 end | |
| 119 end | 48 end |
| 120 | 49 |
| 121 local resting_session = { -- Resting, not dead | 50 local resting_session = { -- Resting, not dead |
| 122 destroyed = true; | 51 destroyed = true; |
| 123 type = "s2s_destroyed"; | 52 type = "s2s_destroyed"; |
