2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
12 local sessions = sessions;
13 local core_process_stanza = function(a, b) core_process_stanza(a, b); end
14 local add_task = require "util.timer".add_task;
15 local socket = require "socket";
16 local format = string.format;
17 local t_insert, t_sort = table.insert, table.sort;
18 local get_traceback = debug.traceback;
19 local tostring, pairs, ipairs, getmetatable, newproxy, type, error, tonumber, setmetatable
20 = tostring, pairs, ipairs, getmetatable, newproxy, type, error, tonumber, setmetatable;
22 local idna_to_ascii = require "util.encodings".idna.to_ascii;
23 local connlisteners_get = require "net.connlisteners".get;
24 local initialize_filters = require "util.filters".initialize;
25 local wrapclient = require "net.server".wrapclient;
26 local st = require "stanza";
27 local stanza = st.stanza;
28 local nameprep = require "util.encodings".stringprep.nameprep;
29 local cert_verify_identity = require "util.x509".verify_identity;
30 local new_ip = require "util.ip".new_ip;
31 local rfc3484_dest = require "util.rfc3484".destination;
33 local fire_event = prosody.events.fire_event;
34 local uuid_gen = require "util.uuid".generate;
36 local logger_init = require "util.logger".init;
38 local log = logger_init("s2smanager");
40 local sha256_hash = require "util.hashes".sha256;
42 local adns, dns = require "net.adns", require "net.dns";
43 local config = require "core.configmanager";
44 local connect_timeout = config.get("*", "core", "s2s_timeout") or 60;
45 local dns_timeout = config.get("*", "core", "dns_timeout") or 15;
46 local max_dns_depth = config.get("*", "core", "dns_max_depth") or 3;
49 dns.settimeout(dns_timeout);
51 local prosody = _G.prosody;
53 prosody.incoming_s2s = incoming_s2s;
54 local incoming_s2s = incoming_s2s;
58 function compare_srv_priorities(a,b)
59 return a.priority < b.priority or (a.priority == b.priority and a.weight > b.weight);
62 local bouncy_stanzas = { message = true, presence = true, iq = true };
63 local function bounce_sendq(session, reason)
64 local sendq = session.sendq;
66 session.log("info", "sending error replies for "..#sendq.." queued stanzas because of failed outgoing connection to "..tostring(session.to_host));
70 (session.log or log)("error", "Replying to to an s2s error reply, please report this! Traceback: %s", get_traceback());
74 for i, data in ipairs(sendq) do
75 local reply = data[2];
76 if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then
77 reply.attr.type = "error";
78 reply:tag("error", {type = "cancel"})
79 :tag("remote-server-not-found", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up();
81 reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"})
82 :text("Server-to-server connection failed: "..reason):up();
84 core_process_stanza(dummy, reply);
92 function send_to_host(from_host, to_host, data)
93 if not hosts[from_host] then
94 log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
97 local host = hosts[from_host].s2sout[to_host];
99 -- We have a connection to this host already
100 if host.type == "s2sout_unauthed" and (data.name ~= "db:verify" or not host.dialback_key) then
101 (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
103 -- Queue stanza until we are able to send it
104 if host.sendq then t_insert(host.sendq, {tostring(data), data.attr.type ~= "error" and data.attr.type ~= "result" and st.reply(data)});
105 else host.sendq = { {tostring(data), data.attr.type ~= "error" and data.attr.type ~= "result" and st.reply(data)} }; end
106 host.log("debug", "stanza [%s] queued ", data.name);
107 elseif host.type == "local" or host.type == "component" then
108 log("error", "Trying to send a stanza to ourselves??")
109 log("error", "Traceback: %s", get_traceback());
110 log("error", "Stanza: %s", tostring(data));
113 (host.log or log)("debug", "going to send stanza to "..to_host.." from "..from_host);
115 if host.from_host ~= from_host then
116 log("error", "WARNING! This might, possibly, be a bug, but it might not...");
117 log("error", "We are going to send from %s instead of %s", tostring(host.from_host), tostring(from_host));
120 host.log("debug", "stanza sent over "..host.type);
123 log("debug", "opening a new outgoing connection for this stanza");
124 local host_session = new_outgoing(from_host, to_host);
127 host_session.sendq = { {tostring(data), data.attr.type ~= "error" and data.attr.type ~= "result" and st.reply(data)} };
128 log("debug", "stanza [%s] queued until connection complete", tostring(data.name));
129 if (not host_session.connecting) and (not host_session.conn) then
130 log("warn", "Connection to %s failed already, destroying session...", to_host);
131 if not destroy_session(host_session, "Connection failed") then
132 -- Already destroyed, we need to bounce our stanza
133 bounce_sendq(host_session, host_session.destruction_reason);
141 local open_sessions = 0;
143 function new_incoming(conn)
144 local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} };
146 session.trace = newproxy(true);
147 getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; end;
149 open_sessions = open_sessions + 1;
150 local w, log = conn.write, logger_init("s2sin"..tostring(conn):match("[a-f0-9]+$"));
152 local filter = initialize_filters(session);
153 session.sends2s = function (t)
154 log("debug", "sending: %s", t.top_tag and t:top_tag() or t:match("^([^>]*>?)"));
156 t = filter("stanzas/out", t);
159 t = filter("bytes/out", tostring(t));
165 incoming_s2s[session] = true;
166 add_task(connect_timeout, function ()
167 if session.conn ~= conn or
168 session.type == "s2sin" then
169 return; -- Ok, we're connect[ed|ing]
171 -- Not connected, need to close session and clean up
172 (session.log or log)("debug", "Destroying incomplete session %s->%s due to inactivity",
173 session.from_host or "(unknown)", session.to_host or "(unknown)");
174 session:close("connection-timeout");
179 function new_outgoing(from_host, to_host, connect)
180 local host_session = { to_host = to_host, from_host = from_host, host = from_host,
181 notopen = true, type = "s2sout_unauthed", direction = "outgoing",
182 open_stream = session_open_stream };
184 hosts[from_host].s2sout[to_host] = host_session;
186 host_session.close = destroy_session; -- This gets replaced by xmppserver_listener later
190 local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$");
191 log = logger_init(conn_name);
192 host_session.log = log;
195 initialize_filters(host_session);
197 if connect ~= false then
198 -- Kick the connection attempting machine into life
199 if not attempt_connection(host_session) then
200 -- Intentionally not returning here, the
201 -- session is needed, connected or not
202 destroy_session(host_session);
206 if not host_session.sends2s then
207 -- A sends2s which buffers data (until the stream is opened)
208 -- note that data in this buffer will be sent before the stream is authed
209 -- and will not be ack'd in any way, successful or otherwise
211 function host_session.sends2s(data)
214 host_session.send_buffer = buffer;
216 log("debug", "Buffering data on unconnected s2sout to %s", to_host);
217 buffer[#buffer+1] = data;
218 log("debug", "Buffered item %d: %s", #buffer, tostring(data));
226 function attempt_connection(host_session, err)
227 local from_host, to_host = host_session.from_host, host_session.to_host;
228 local connect_host, connect_port = to_host and idna_to_ascii(to_host), 5269;
230 if not connect_host then
234 if not err then -- This is our first attempt
235 log("debug", "First attempt to connect to %s, starting with SRV lookup...", to_host);
236 host_session.connecting = true;
238 handle = adns.lookup(function (answer)
240 host_session.connecting = nil;
242 log("debug", to_host.." has SRV records, handling...");
243 local srv_hosts = {};
244 host_session.srv_hosts = srv_hosts;
245 for _, record in ipairs(answer) do
246 t_insert(srv_hosts, record.srv);
248 if #srv_hosts == 1 and srv_hosts[1].target == "." then
249 log("debug", to_host.." does not provide a XMPP service");
250 destroy_session(host_session, err); -- Nothing to see here
253 t_sort(srv_hosts, compare_srv_priorities);
255 local srv_choice = srv_hosts[1];
256 host_session.srv_choice = 1;
258 connect_host, connect_port = srv_choice.target or to_host, srv_choice.port or connect_port;
259 log("debug", "Best record found, will connect to %s:%d", connect_host, connect_port);
262 log("debug", to_host.." has no SRV records, falling back to A");
264 -- Try with SRV, or just the plain hostname if no SRV
265 local ok, err = try_connect(host_session, connect_host, connect_port);
267 if not attempt_connection(host_session, err) then
268 -- No more attempts will be made
269 destroy_session(host_session, err);
272 end, "_xmpp-server._tcp."..connect_host..".", "SRV");
274 return true; -- Attempt in progress
275 elseif host_session.ip_hosts then
276 return try_connect(host_session, connect_host, connect_port, err);
277 elseif host_session.srv_hosts and #host_session.srv_hosts > host_session.srv_choice then -- Not our first attempt, and we also have SRV
278 host_session.srv_choice = host_session.srv_choice + 1;
279 local srv_choice = host_session.srv_hosts[host_session.srv_choice];
280 connect_host, connect_port = srv_choice.target or to_host, srv_choice.port or connect_port;
281 host_session.log("info", "Connection failed (%s). Attempt #%d: This time to %s:%d", tostring(err), host_session.srv_choice, connect_host, connect_port);
283 host_session.log("info", "Out of connection options, can't connect to %s", tostring(host_session.to_host));
284 -- We're out of options
288 if not (connect_host and connect_port) then
289 -- Likely we couldn't resolve DNS
290 log("warn", "Hmm, we're without a host (%s) and port (%s) to connect to for %s, giving up :(", tostring(connect_host), tostring(connect_port), tostring(to_host));
294 return try_connect(host_session, connect_host, connect_port);
297 function try_next_ip(host_session)
298 host_session.connecting = nil;
299 host_session.ip_choice = host_session.ip_choice + 1;
300 local ip = host_session.ip_hosts[host_session.ip_choice];
301 local ok, err= make_connect(host_session, ip.ip, ip.port);
303 if not attempt_connection(host_session, err or "closed") then
304 err = err and (": "..err) or "";
305 destroy_session(host_session, "Connection failed"..err);
310 function try_connect(host_session, connect_host, connect_port, err)
311 host_session.connecting = true;
315 host_session.ip_hosts = IPs;
316 local handle4, handle6;
317 local has_other = false;
321 local cfg_sources = config.get("*", "core", "interface") or connlisteners_get("xmppserver").default_interface;
322 if type(cfg_sources) == "string" then
323 cfg_sources = { cfg_sources };
325 for i, source in ipairs(cfg_sources) do
326 if source == "*" then
327 sources[i] = new_ip("0.0.0.0", "IPv4");
329 sources[i] = new_ip(source, (source:find(":") and "IPv6") or "IPv4");
334 handle4 = adns.lookup(function (reply, err)
337 -- COMPAT: This is a compromise for all you CNAME-(ab)users :)
338 if not (reply and reply[#reply] and reply[#reply].a) then
339 local count = max_dns_depth;
340 reply = dns.peek(connect_host, "CNAME", "IN");
341 while count > 0 and reply and reply[#reply] and not reply[#reply].a and reply[#reply].cname do
342 log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[#reply].cname), count);
343 reply = dns.peek(reply[#reply].cname, "A", "IN") or dns.peek(reply[#reply].cname, "CNAME", "IN");
347 -- end of CNAME resolving
349 if reply and reply[#reply] and reply[#reply].a then
350 for _, ip in ipairs(reply) do
351 log("debug", "DNS reply for %s gives us %s", connect_host, ip.a);
352 IPs[#IPs+1] = new_ip(ip.a, "IPv4");
358 rfc3484_dest(host_session.ip_hosts, sources);
360 IPs[i] = {ip = IPs[i], port = connect_port};
362 host_session.ip_choice = 0;
363 try_next_ip(host_session);
365 log("debug", "DNS lookup failed to get a response for %s", connect_host);
366 host_session.ip_hosts = nil;
367 if not attempt_connection(host_session, "name resolution failed") then -- Retry if we can
368 log("debug", "No other records to try for %s - destroying", host_session.to_host);
369 err = err and (": "..err) or "";
370 destroy_session(host_session, "DNS resolution failed"..err); -- End of the line, we can't
376 end, connect_host, "A", "IN");
378 handle6 = adns.lookup(function (reply, err)
381 if reply and reply[#reply] and reply[#reply].aaaa then
382 for _, ip in ipairs(reply) do
383 log("debug", "DNS reply for %s gives us %s", connect_host, ip.aaaa);
384 IPs[#IPs+1] = new_ip(ip.aaaa, "IPv6");
390 rfc3484_dest(host_session.ip_hosts, sources);
392 IPs[i] = {ip = IPs[i], port = connect_port};
394 host_session.ip_choice = 0;
395 try_next_ip(host_session);
397 log("debug", "DNS lookup failed to get a response for %s", connect_host);
398 host_session.ip_hosts = nil;
399 if not attempt_connection(host_session, "name resolution failed") then -- Retry if we can
400 log("debug", "No other records to try for %s - destroying", host_session.to_host);
401 err = err and (": "..err) or "";
402 destroy_session(host_session, "DNS resolution failed"..err); -- End of the line, we can't
408 end, connect_host, "AAAA", "IN");
411 elseif host_session.ip_hosts and #host_session.ip_hosts > host_session.ip_choice then -- Not our first attempt, and we also have IPs left to try
412 try_next_ip(host_session);
414 host_session.ip_hosts = nil;
415 if not attempt_connection(host_session, "out of IP addresses") then -- Retry if we can
416 log("debug", "No other records to try for %s - destroying", host_session.to_host);
417 err = err and (": "..err) or "";
418 destroy_session(host_session, "Connecting failed"..err); -- End of the line, we can't
426 function make_connect(host_session, connect_host, connect_port)
427 (host_session.log or log)("info", "Beginning new connection attempt to %s ([%s]:%d)", host_session.to_host, connect_host.addr, connect_port);
428 -- Ok, we're going to try to connect
430 local from_host, to_host = host_session.from_host, host_session.to_host;
433 if connect_host.proto == "IPv4" then
434 conn, handler = socket.tcp();
435 elseif socket.tcp6 then
436 conn, handler = socket.tcp6();
440 log("warn", "Failed to create outgoing connection, system error: %s", handler);
441 return false, handler;
445 local success, err = conn:connect(connect_host.addr, connect_port);
446 if not success and err ~= "timeout" then
447 log("warn", "s2s connect() to %s (%s:%d) failed: %s", host_session.to_host, connect_host.addr, connect_port, err);
451 local cl = connlisteners_get("xmppserver");
452 conn = wrapclient(conn, connect_host.addr, connect_port, cl, cl.default_mode or 1 );
453 host_session.conn = conn;
455 local filter = initialize_filters(host_session);
456 local w, log = conn.write, host_session.log;
457 host_session.sends2s = function (t)
458 log("debug", "sending: %s", (t.top_tag and t:top_tag()) or t:match("^[^>]*>?"));
460 t = filter("stanzas/out", t);
463 t = filter("bytes/out", tostring(t));
465 return w(conn, tostring(t));
470 -- Register this outgoing connection so that xmppserver_listener knows about it
471 -- otherwise it will assume it is a new incoming connection
472 cl.register_outgoing(conn, host_session);
474 host_session:open_stream(from_host, to_host);
476 log("debug", "Connection attempt in progress...");
477 add_task(connect_timeout, function ()
478 if host_session.conn ~= conn or
479 host_session.type == "s2sout" or
480 host_session.connecting then
481 return; -- Ok, we're connect[ed|ing]
483 -- Not connected, need to close session and clean up
484 (host_session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity",
485 host_session.from_host or "(unknown)", host_session.to_host or "(unknown)");
486 host_session:close("connection-timeout");
491 function session_open_stream(session, from, to)
492 session.sends2s(st.stanza("stream:stream", {
493 xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback',
494 ["xmlns:stream"]='http://etherx.jabber.org/streams',
495 from=from, to=to, version='1.0', ["xml:lang"]='en'}):top_tag());
498 local function check_cert_status(session)
499 local conn = session.conn:socket()
501 if conn.getpeercertificate then
502 cert = conn:getpeercertificate()
506 local chain_valid, errors = conn:getpeerverification()
507 -- Is there any interest in printing out all/the number of errors here?
508 if not chain_valid then
509 (session.log or log)("debug", "certificate chain validation result: invalid");
510 session.cert_chain_status = "invalid";
512 (session.log or log)("debug", "certificate chain validation result: valid");
513 session.cert_chain_status = "valid";
516 if session.direction == "incoming" then
517 host = session.from_host;
519 host = session.to_host;
522 -- We'll go ahead and verify the asserted identity if the
523 -- connecting server specified one.
525 if cert_verify_identity(host, "xmpp-server", cert) then
526 session.cert_identity_status = "valid"
528 session.cert_identity_status = "invalid"
535 function streamopened(session, attr)
536 local send = session.sends2s;
538 -- TODO: #29: SASL/TLS on s2s streams
539 session.version = tonumber(attr.version) or 0;
541 -- TODO: Rename session.secure to session.encrypted
542 if session.secure == false then
543 session.secure = true;
546 if session.direction == "incoming" then
547 -- Send a reply stream header
548 session.to_host = attr.to and nameprep(attr.to);
549 session.from_host = attr.from and nameprep(attr.from);
551 session.streamid = uuid_gen();
552 (session.log or log)("debug", "Incoming s2s received %s", st.stanza("stream:stream", attr):top_tag());
553 if session.to_host then
554 if not hosts[session.to_host] then
555 -- Attempting to connect to a host we don't serve
557 condition = "host-unknown";
558 text = "This host does not serve "..session.to_host
561 elseif hosts[session.to_host].disallow_s2s then
562 -- Attempting to connect to a host that disallows s2s
564 condition = "policy-violation";
565 text = "Server-to-server communication is not allowed to this host";
571 if session.secure and not session.cert_chain_status then check_cert_status(session); end
573 send("<?xml version='1.0'?>");
574 send(stanza("stream:stream", { xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback',
575 ["xmlns:stream"]='http://etherx.jabber.org/streams', id=session.streamid, from=session.to_host, to=session.from_host, version=(session.version > 0 and "1.0" or nil) }):top_tag());
576 if session.version >= 1.0 then
577 local features = st.stanza("stream:features");
579 if session.to_host then
580 hosts[session.to_host].events.fire_event("s2s-stream-features", { origin = session, features = features });
582 (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", session.from_host or "unknown host");
585 log("debug", "Sending stream features: %s", tostring(features));
588 elseif session.direction == "outgoing" then
589 -- If we are just using the connection for verifying dialback keys, we won't try and auth it
590 if not attr.id then error("stream response did not give us a streamid!!!"); end
591 session.streamid = attr.id;
593 if session.secure and not session.cert_chain_status then check_cert_status(session); end
595 -- Send unauthed buffer
596 -- (stanzas which are fine to send before dialback)
597 -- Note that this is *not* the stanza queue (which
598 -- we can only send if auth succeeds) :)
599 local send_buffer = session.send_buffer;
600 if send_buffer and #send_buffer > 0 then
601 log("debug", "Sending s2s send_buffer now...");
602 for i, data in ipairs(send_buffer) do
603 session.sends2s(tostring(data));
604 send_buffer[i] = nil;
607 session.send_buffer = nil;
609 -- If server is pre-1.0, don't wait for features, just do dialback
610 if session.version < 1.0 then
611 if not session.dialback_verifying then
612 log("debug", "Initiating dialback...");
613 initiate_dialback(session);
615 mark_connected(session);
619 session.notopen = nil;
622 function streamclosed(session)
623 (session.log or log)("debug", "Received </stream:stream>");
627 function initiate_dialback(session)
628 -- generate dialback key
629 session.dialback_key = generate_dialback(session.streamid, session.to_host, session.from_host);
630 session.sends2s(format("<db:result from='%s' to='%s'>%s</db:result>", session.from_host, session.to_host, session.dialback_key));
631 session.log("info", "sent dialback key on outgoing s2s stream");
634 function generate_dialback(id, to, from)
635 return sha256_hash(id..to..from..hosts[from].dialback_secret, true);
638 function verify_dialback(id, to, from, key)
639 return key == generate_dialback(id, to, from);
642 function make_authenticated(session, host)
643 if not session.secure then
644 local local_host = session.direction == "incoming" and session.to_host or session.from_host;
645 if config.get(local_host, "core", "s2s_require_encryption") then
647 condition = "policy-violation",
648 text = "Encrypted server-to-server communication is required but was not "
649 ..((session.direction == "outgoing" and "offered") or "used")
653 if session.type == "s2sout_unauthed" then
654 session.type = "s2sout";
655 elseif session.type == "s2sin_unauthed" then
656 session.type = "s2sin";
658 if not session.hosts[host] then session.hosts[host] = {}; end
659 session.hosts[host].authed = true;
661 elseif session.type == "s2sin" and host then
662 if not session.hosts[host] then session.hosts[host] = {}; end
663 session.hosts[host].authed = true;
667 session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host or "(unknown)", session.to_host or "(unknown)", host);
669 mark_connected(session);
674 -- Stream is authorised, and ready for normal stanzas
675 function mark_connected(session)
676 local sendq, send = session.sendq, session.sends2s;
678 local from, to = session.from_host, session.to_host;
680 session.log("info", session.direction.." s2s connection "..from.."->"..to.." complete");
682 local send_to_host = send_to_host;
683 function session.send(data) return send_to_host(to, from, data); end
685 local event_data = { session = session };
686 if session.type == "s2sout" then
687 prosody.events.fire_event("s2sout-established", event_data);
688 hosts[session.from_host].events.fire_event("s2sout-established", event_data);
690 prosody.events.fire_event("s2sin-established", event_data);
691 hosts[session.to_host].events.fire_event("s2sin-established", event_data);
694 if session.direction == "outgoing" then
696 session.log("debug", "sending "..#sendq.." queued stanzas across new outgoing connection to "..session.to_host);
697 for i, data in ipairs(sendq) do
704 session.srv_hosts = nil;
708 local resting_session = { -- Resting, not dead
710 type = "s2s_destroyed";
711 open_stream = function (session)
712 session.log("debug", "Attempt to open stream on resting session");
714 close = function (session)
715 session.log("debug", "Attempt to close already-closed session");
717 filter = function (type, data) return data; end;
718 }; resting_session.__index = resting_session;
720 function retire_session(session, reason)
721 local log = session.log or log;
722 for k in pairs(session) do
723 if k ~= "trace" and k ~= "log" and k ~= "id" then
728 session.destruction_reason = reason;
730 function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end
731 function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end
732 return setmetatable(session, resting_session);
735 function destroy_session(session, reason)
736 if session.destroyed then return; end
737 (session.log or log)("debug", "Destroying "..tostring(session.direction).." session "..tostring(session.from_host).."->"..tostring(session.to_host)..(reason and (": "..reason) or ""));
739 if session.direction == "outgoing" then
740 hosts[session.from_host].s2sout[session.to_host] = nil;
741 bounce_sendq(session, reason);
742 elseif session.direction == "incoming" then
743 incoming_s2s[session] = nil;
746 local event_data = { session = session, reason = reason };
747 if session.type == "s2sout" then
748 prosody.events.fire_event("s2sout-destroyed", event_data);
749 if hosts[session.from_host] then
750 hosts[session.from_host].events.fire_event("s2sout-destroyed", event_data);
752 elseif session.type == "s2sin" then
753 prosody.events.fire_event("s2sin-destroyed", event_data);
754 if hosts[session.to_host] then
755 hosts[session.to_host].events.fire_event("s2sin-destroyed", event_data);
759 retire_session(session, reason); -- Clean session until it is GC'd