core/s2smanager.lua

   1 -- Prosody IM
   2 -- Copyright (C) 2008-2010 Matthew Wild
   3 -- Copyright (C) 2008-2010 Waqas Hussain
   4 --
   5 -- This project is MIT/X11 licensed. Please see the
   6 -- COPYING file in the source package for more information.
   7 --
   8
   9
  10
  11 local hosts = hosts;
  12 local core_process_stanza = function(a, b) core_process_stanza(a, b); end
  13 local format = string.format;
  14 local t_insert, t_sort = table.insert, table.sort;
  15 local get_traceback = debug.traceback;
  16 local tostring, pairs, ipairs, getmetatable, newproxy, type, error, tonumber, setmetatable
  17     = tostring, pairs, ipairs, getmetatable, newproxy, type, error, tonumber, setmetatable;
  18
  19 local initialize_filters = require "util.filters".initialize;
  20 local wrapclient = require "net.server".wrapclient;
  21 local st = require "stanza";
  22 local stanza = st.stanza;
  23 local nameprep = require "util.encodings".stringprep.nameprep;
  24 local cert_verify_identity = require "util.x509".verify_identity;
  25 local new_ip = require "util.ip".new_ip;
  26 local rfc3484_dest = require "util.rfc3484".destination;
  27
  28 local fire_event = prosody.events.fire_event;
  29 local uuid_gen = require "util.uuid".generate;
  30
  31 local logger_init = require "util.logger".init;
  32
  33 local log = logger_init("s2smanager");
  34
  35 local sha256_hash = require "util.hashes".sha256;
  36
  37 local adns, dns = require "net.adns", require "net.dns";
  38 local config = require "core.configmanager";
  39 local dns_timeout = config.get("*", "core", "dns_timeout") or 15;
  40 local cfg_sources = config.get("*", "core", "s2s_interface")
  41         or config.get("*", "core", "interface");
  42 local sources;
  43
  44 --FIXME: s2sout should create its own resolver w/ timeout
  45 dns.settimeout(dns_timeout);
  46
  47 local prosody = _G.prosody;
  48 incoming_s2s = {};
  49 prosody.incoming_s2s = incoming_s2s;
  50 local incoming_s2s = incoming_s2s;
  51
  52 module "s2smanager"
  53
  54 local open_sessions = 0;
  55
  56 function new_incoming(conn)
  57         local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} };
  58         if true then
  59                 session.trace = newproxy(true);
  60                 getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; end;
  61         end
  62         open_sessions = open_sessions + 1;
  63         session.log = logger_init("s2sin"..tostring(conn):match("[a-f0-9]+$"));
  64         incoming_s2s[session] = true;
  65         return session;
  66 end
  67
  68 function new_outgoing(from_host, to_host, connect)
  69         local host_session = { to_host = to_host, from_host = from_host, host = from_host,
  70                                notopen = true, type = "s2sout_unauthed", direction = "outgoing" };
  71         hosts[from_host].s2sout[to_host] = host_session;
  72         local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$");
  73         host_session.log = logger_init(conn_name);
  74         return host_session;
  75 end
  76
  77 function make_authenticated(session, host)
  78         if not session.secure then
  79                 local local_host = session.direction == "incoming" and session.to_host or session.from_host;
  80                 if config.get(local_host, "core", "s2s_require_encryption") then
  81                         session:close({
  82                                 condition = "policy-violation",
  83                                 text = "Encrypted server-to-server communication is required but was not "
  84                                        ..((session.direction == "outgoing" and "offered") or "used")
  85                         });
  86                 end
  87         end
  88         if session.type == "s2sout_unauthed" then
  89                 session.type = "s2sout";
  90         elseif session.type == "s2sin_unauthed" then
  91                 session.type = "s2sin";
  92                 if host then
  93                         if not session.hosts[host] then session.hosts[host] = {}; end
  94                         session.hosts[host].authed = true;
  95                 end
  96         elseif session.type == "s2sin" and host then
  97                 if not session.hosts[host] then session.hosts[host] = {}; end
  98                 session.hosts[host].authed = true;
  99         else
 100                 return false;
 101         end
 102         session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host or "(unknown)", session.to_host or "(unknown)", host);
 103
 104         mark_connected(session);
 105
 106         return true;
 107 end
 108
 109 -- Stream is authorised, and ready for normal stanzas
 110 function mark_connected(session)
 111         local sendq, send = session.sendq, session.sends2s;
 112
 113         local from, to = session.from_host, session.to_host;
 114
 115         session.log("info", session.direction.." s2s connection "..from.."->"..to.." complete");
 116
 117         local event_data = { session = session };
 118         if session.type == "s2sout" then
 119                 prosody.events.fire_event("s2sout-established", event_data);
 120                 hosts[session.from_host].events.fire_event("s2sout-established", event_data);
 121         else
 122                 prosody.events.fire_event("s2sin-established", event_data);
 123                 hosts[session.to_host].events.fire_event("s2sin-established", event_data);
 124         end
 125
 126         if session.direction == "outgoing" then
 127                 if sendq then
 128                         session.log("debug", "sending "..#sendq.." queued stanzas across new outgoing connection to "..session.to_host);
 129                         for i, data in ipairs(sendq) do
 130                                 send(data[1]);
 131                                 sendq[i] = nil;
 132                         end
 133                         session.sendq = nil;
 134                 end
 135
 136                 session.ip_hosts = nil;
 137                 session.srv_hosts = nil;
 138         end
 139 end
 140
 141 local resting_session = { -- Resting, not dead
 142                 destroyed = true;
 143                 type = "s2s_destroyed";
 144                 open_stream = function (session)
 145                         session.log("debug", "Attempt to open stream on resting session");
 146                 end;
 147                 close = function (session)
 148                         session.log("debug", "Attempt to close already-closed session");
 149                 end;
 150                 filter = function (type, data) return data; end;
 151         }; resting_session.__index = resting_session;
 152
 153 function retire_session(session, reason)
 154         local log = session.log or log;
 155         for k in pairs(session) do
 156                 if k ~= "trace" and k ~= "log" and k ~= "id" then
 157                         session[k] = nil;
 158                 end
 159         end
 160
 161         session.destruction_reason = reason;
 162
 163         function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end
 164         function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end
 165         return setmetatable(session, resting_session);
 166 end
 167
 168 function destroy_session(session, reason)
 169         if session.destroyed then return; end
 170         (session.log or log)("debug", "Destroying "..tostring(session.direction).." session "..tostring(session.from_host).."->"..tostring(session.to_host)..(reason and (": "..reason) or ""));
 171
 172         if session.direction == "outgoing" then
 173                 hosts[session.from_host].s2sout[session.to_host] = nil;
 174                 session:bounce_sendq(reason);
 175         elseif session.direction == "incoming" then
 176                 incoming_s2s[session] = nil;
 177         end
 178
 179         local event_data = { session = session, reason = reason };
 180         if session.type == "s2sout" then
 181                 prosody.events.fire_event("s2sout-destroyed", event_data);
 182                 if hosts[session.from_host] then
 183                         hosts[session.from_host].events.fire_event("s2sout-destroyed", event_data);
 184                 end
 185         elseif session.type == "s2sin" then
 186                 prosody.events.fire_event("s2sin-destroyed", event_data);
 187                 if hosts[session.to_host] then
 188                         hosts[session.to_host].events.fire_event("s2sin-destroyed", event_data);
 189                 end
 190         end
 191
 192         retire_session(session, reason); -- Clean session until it is GC'd
 193         return true;
 194 end
 195
 196 return _M;