2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
12 local core_process_stanza = function(a, b) core_process_stanza(a, b); end
13 local format = string.format;
14 local t_insert, t_sort = table.insert, table.sort;
15 local get_traceback = debug.traceback;
16 local tostring, pairs, ipairs, getmetatable, newproxy, type, error, tonumber, setmetatable
17 = tostring, pairs, ipairs, getmetatable, newproxy, type, error, tonumber, setmetatable;
19 local initialize_filters = require "util.filters".initialize;
20 local wrapclient = require "net.server".wrapclient;
21 local st = require "stanza";
22 local stanza = st.stanza;
23 local nameprep = require "util.encodings".stringprep.nameprep;
24 local cert_verify_identity = require "util.x509".verify_identity;
25 local new_ip = require "util.ip".new_ip;
26 local rfc3484_dest = require "util.rfc3484".destination;
28 local fire_event = prosody.events.fire_event;
29 local uuid_gen = require "util.uuid".generate;
31 local logger_init = require "util.logger".init;
33 local log = logger_init("s2smanager");
35 local sha256_hash = require "util.hashes".sha256;
37 local adns, dns = require "net.adns", require "net.dns";
38 local config = require "core.configmanager";
39 local dns_timeout = config.get("*", "core", "dns_timeout") or 15;
40 local max_dns_depth = config.get("*", "core", "dns_max_depth") or 3;
41 local cfg_sources = config.get("*", "core", "s2s_interface")
42 or config.get("*", "core", "interface");
45 --FIXME: s2sout should create its own resolver w/ timeout
46 dns.settimeout(dns_timeout);
48 local prosody = _G.prosody;
50 prosody.incoming_s2s = incoming_s2s;
51 local incoming_s2s = incoming_s2s;
55 local open_sessions = 0;
57 function new_incoming(conn)
58 local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} };
60 session.trace = newproxy(true);
61 getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; end;
63 open_sessions = open_sessions + 1;
64 session.log = logger_init("s2sin"..tostring(conn):match("[a-f0-9]+$"));
65 incoming_s2s[session] = true;
69 function new_outgoing(from_host, to_host, connect)
70 local host_session = { to_host = to_host, from_host = from_host, host = from_host,
71 notopen = true, type = "s2sout_unauthed", direction = "outgoing" };
72 hosts[from_host].s2sout[to_host] = host_session;
73 local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$");
74 host_session.log = logger_init(conn_name);
78 function make_authenticated(session, host)
79 if not session.secure then
80 local local_host = session.direction == "incoming" and session.to_host or session.from_host;
81 if config.get(local_host, "core", "s2s_require_encryption") then
83 condition = "policy-violation",
84 text = "Encrypted server-to-server communication is required but was not "
85 ..((session.direction == "outgoing" and "offered") or "used")
89 if session.type == "s2sout_unauthed" then
90 session.type = "s2sout";
91 elseif session.type == "s2sin_unauthed" then
92 session.type = "s2sin";
94 if not session.hosts[host] then session.hosts[host] = {}; end
95 session.hosts[host].authed = true;
97 elseif session.type == "s2sin" and host then
98 if not session.hosts[host] then session.hosts[host] = {}; end
99 session.hosts[host].authed = true;
103 session.log("debug", "connection %s->%s is now authenticated", session.from_host or "(unknown)", session.to_host or "(unknown)");
105 mark_connected(session);
110 -- Stream is authorised, and ready for normal stanzas
111 function mark_connected(session)
112 local sendq, send = session.sendq, session.sends2s;
114 local from, to = session.from_host, session.to_host;
116 session.log("info", session.direction.." s2s connection "..from.."->"..to.." complete");
118 local event_data = { session = session };
119 if session.type == "s2sout" then
120 prosody.events.fire_event("s2sout-established", event_data);
121 hosts[session.from_host].events.fire_event("s2sout-established", event_data);
123 prosody.events.fire_event("s2sin-established", event_data);
124 hosts[session.to_host].events.fire_event("s2sin-established", event_data);
127 if session.direction == "outgoing" then
129 session.log("debug", "sending "..#sendq.." queued stanzas across new outgoing connection to "..session.to_host);
130 for i, data in ipairs(sendq) do
137 session.ip_hosts = nil;
138 session.srv_hosts = nil;
142 local resting_session = { -- Resting, not dead
144 type = "s2s_destroyed";
145 open_stream = function (session)
146 session.log("debug", "Attempt to open stream on resting session");
148 close = function (session)
149 session.log("debug", "Attempt to close already-closed session");
151 filter = function (type, data) return data; end;
152 }; resting_session.__index = resting_session;
154 function retire_session(session, reason)
155 local log = session.log or log;
156 for k in pairs(session) do
157 if k ~= "trace" and k ~= "log" and k ~= "id" then
162 session.destruction_reason = reason;
164 function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end
165 function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end
166 return setmetatable(session, resting_session);
169 function destroy_session(session, reason)
170 if session.destroyed then return; end
171 (session.log or log)("debug", "Destroying "..tostring(session.direction).." session "..tostring(session.from_host).."->"..tostring(session.to_host)..(reason and (": "..reason) or ""));
173 if session.direction == "outgoing" then
174 hosts[session.from_host].s2sout[session.to_host] = nil;
175 session:bounce_sendq(reason);
176 elseif session.direction == "incoming" then
177 incoming_s2s[session] = nil;
180 local event_data = { session = session, reason = reason };
181 if session.type == "s2sout" then
182 prosody.events.fire_event("s2sout-destroyed", event_data);
183 if hosts[session.from_host] then
184 hosts[session.from_host].events.fire_event("s2sout-destroyed", event_data);
186 elseif session.type == "s2sin" then
187 prosody.events.fire_event("s2sin-destroyed", event_data);
188 if hosts[session.to_host] then
189 hosts[session.to_host].events.fire_event("s2sin-destroyed", event_data);
193 retire_session(session, reason); -- Clean session until it is GC'd