Software / code / prosody
Changeset
6172:0205b97bb355
mod_admin_telnet: Add s2s:show_tls() for showing ciphers used on s2s connections
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 11 May 2014 18:51:08 +0200 |
| parents | 6171:c69fca37f338 |
| children | 6173:1600438c0c14 |
| files | plugins/mod_admin_telnet.lua |
| diffstat | 1 files changed, 24 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_admin_telnet.lua Sun May 11 19:03:23 2014 +0200 +++ b/plugins/mod_admin_telnet.lua Sun May 11 18:51:08 2014 +0200 @@ -223,6 +223,7 @@ print [[c2s:close(jid) - Close all sessions for the specified JID]] elseif section == "s2s" then print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]] + print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]] print [[s2s:close(from, to) - Close a connection from one domain to another]] print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]] elseif section == "module" then @@ -517,6 +518,22 @@ return table.concat(line, " "); end +local function tls_info(session, line) + line = line or {}; + if session.secure then + local sock = session.conn and session.conn.socket and session.conn:socket(); + if sock and sock.info then + local info = sock:info(); + line[#line+1] = ("(%s with %s)"):format(info.protocol, info.cipher); + else + line[#line+1] = "(cipher info unavailable)"; + end + else + line[#line+1] = "(insecure)"; + end + return table.concat(line, " "); +end + def_env.c2s = {}; local function show_c2s(callback) @@ -591,8 +608,9 @@ def_env.s2s = {}; -function def_env.s2s:show(match_jid) +function def_env.s2s:show(match_jid, annotate) local print = self.session.print; + annotate = annotate or session_flags; local count_in, count_out = 0,0; local s2s_list = { }; @@ -610,7 +628,7 @@ remotehost, localhost = session.from_host or "?", session.to_host or "?"; end local sess_lines = { l = localhost, r = remotehost, - session_flags(session, { "", direction, remotehost or "?", + annotate(session, { "", direction, remotehost or "?", "["..session.type..tostring(session):match("[a-f0-9]*$").."]" })}; if (not match_jid) or remotehost:match(match_jid) or localhost:match(match_jid) then @@ -666,6 +684,10 @@ return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections"; end +function def_env.s2s:show_tls(match_jid) + return self:show(match_jid, tls_info); +end + local function print_subject(print, subject) for _, entry in ipairs(subject) do print(
