Diff

plugins/mod_admin_telnet.lua @ 6172:0205b97bb355

mod_admin_telnet: Add s2s:show_tls() for showing ciphers used on s2s connections
author Kim Alvefur <zash@zash.se>
date Sun, 11 May 2014 18:51:08 +0200
parent 6171:c69fca37f338
child 6173:1600438c0c14
line wrap: on
line diff
--- a/plugins/mod_admin_telnet.lua	Sun May 11 19:03:23 2014 +0200
+++ b/plugins/mod_admin_telnet.lua	Sun May 11 18:51:08 2014 +0200
@@ -223,6 +223,7 @@
 		print [[c2s:close(jid) - Close all sessions for the specified JID]]
 	elseif section == "s2s" then
 		print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]]
+		print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]]
 		print [[s2s:close(from, to) - Close a connection from one domain to another]]
 		print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]]
 	elseif section == "module" then
@@ -517,6 +518,22 @@
 	return table.concat(line, " ");
 end
 
+local function tls_info(session, line)
+	line = line or {};
+	if session.secure then
+		local sock = session.conn and session.conn.socket and session.conn:socket();
+		if sock and sock.info then
+			local info = sock:info();
+			line[#line+1] = ("(%s with %s)"):format(info.protocol, info.cipher);
+		else
+			line[#line+1] = "(cipher info unavailable)";
+		end
+	else
+		line[#line+1] = "(insecure)";
+	end
+	return table.concat(line, " ");
+end
+
 def_env.c2s = {};
 
 local function show_c2s(callback)
@@ -591,8 +608,9 @@
 
 
 def_env.s2s = {};
-function def_env.s2s:show(match_jid)
+function def_env.s2s:show(match_jid, annotate)
 	local print = self.session.print;
+	annotate = annotate or session_flags;
 
 	local count_in, count_out = 0,0;
 	local s2s_list = { };
@@ -610,7 +628,7 @@
 			remotehost, localhost = session.from_host or "?", session.to_host or "?";
 		end
 		local sess_lines = { l = localhost, r = remotehost,
-			session_flags(session, { "", direction, remotehost or "?",
+			annotate(session, { "", direction, remotehost or "?",
 				"["..session.type..tostring(session):match("[a-f0-9]*$").."]" })};
 
 		if (not match_jid) or remotehost:match(match_jid) or localhost:match(match_jid) then
@@ -666,6 +684,10 @@
 	return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections";
 end
 
+function def_env.s2s:show_tls(match_jid)
+	return self:show(match_jid, tls_info);
+end
+
 local function print_subject(print, subject)
 	for _, entry in ipairs(subject) do
 		print(