X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=core%2Fs2smanager.lua;h=aba99ee07482c1ab4fda9f3ec16bb6179147e139;hb=dc0dc8f302b23f67af6425a8351f8478df5eeb60;hp=30ac736b341e0a7209f0d6c48c403e91b988702a;hpb=e87485fe7ef126da3d534ff6c8e5f25d23e5559a;p=prosody.git

diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index 30ac736b..aba99ee0 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -148,9 +148,10 @@ function new_incoming(conn)
 	return session;
 end
 
-function new_outgoing(from_host, to_host)
+function new_outgoing(from_host, to_host, connect)
 		local host_session = { to_host = to_host, from_host = from_host, host = from_host,
-		                       notopen = true, type = "s2sout_unauthed", direction = "outgoing" };
+		                       notopen = true, type = "s2sout_unauthed", direction = "outgoing",
+		                       open_stream = session_open_stream };
 		
 		hosts[from_host].s2sout[to_host] = host_session;
 		
@@ -161,8 +162,10 @@ function new_outgoing(from_host, to_host)
 			host_session.log = log;
 		end
 		
-		-- Kick the connection attempting machine
-		attempt_connection(host_session);
+		if connect ~= false then
+			-- Kick the connection attempting machine into life
+			attempt_connection(host_session);
+		end
 		
 		if not host_session.sends2s then
 			-- A sends2s which buffers data (until the stream is opened)
@@ -178,7 +181,6 @@ function new_outgoing(from_host, to_host)
 				buffer[#buffer+1] = data;
 				log("debug", "Buffered item %d: %s", #buffer, tostring(data));
 			end
-			
 		end
 
 		return host_session;
@@ -305,6 +307,11 @@ function make_connect(host_session, connect_host, connect_port)
 	local from_host, to_host = host_session.from_host, host_session.to_host;
 	
 	local conn, handler = socket.tcp()
+	
+	if not conn then
+		log("warn", "Failed to create outgoing connection, system error: %s", handler);
+		return false, handler;
+	end
 
 	conn:settimeout(0);
 	local success, err = conn:connect(connect_host, connect_port);
@@ -314,7 +321,7 @@ function make_connect(host_session, connect_host, connect_port)
 	end
 	
 	local cl = connlisteners_get("xmppserver");
-	conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1, hosts[from_host].ssl_ctx, false );
+	conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1 );
 	host_session.conn = conn;
 	
 	-- Register this outgoing connection so that xmppserver_listener knows about it
@@ -324,7 +331,8 @@ function make_connect(host_session, connect_host, connect_port)
 	local w, log = conn.write, host_session.log;
 	host_session.sends2s = function (t) log("debug", "sending: %s", (t.top_tag and t:top_tag()) or t:match("^[^>]*>?")); w(conn, tostring(t)); end
 	
-	conn:write(format([[<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' from='%s' to='%s' version='1.0' xml:lang='en'>]], from_host, to_host));
+	host_session:open_stream(from_host, to_host);
+	
 	log("debug", "Connection attempt in progress...");
 	add_task(connect_timeout, function ()
 		if host_session.conn ~= conn or
@@ -340,6 +348,13 @@ function make_connect(host_session, connect_host, connect_port)
 	return true;
 end
 
+function session_open_stream(session, from, to)
+	session.sends2s(st.stanza("stream:stream", {
+		xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback',
+		["xmlns:stream"]='http://etherx.jabber.org/streams',
+		from=from, to=to, version='1.0', ["xml:lang"]='en'}):top_tag());
+end
+
 function streamopened(session, attr)
 	local send = session.sends2s;
 	
@@ -374,7 +389,7 @@ function streamopened(session, attr)
 			local features = st.stanza("stream:features");
 			
 			if session.to_host then
-				hosts[session.to_host].events.fire_event("s2s-stream-features", { session = session, features = features });
+				hosts[session.to_host].events.fire_event("s2s-stream-features", { origin = session, features = features });
 			else
 				(session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", session.from_host or "unknown host");
 			end
@@ -438,6 +453,16 @@ function verify_dialback(id, to, from, key)
 end
 
 function make_authenticated(session, host)
+	if not session.secure then
+		local local_host = session.direction == "incoming" and session.to_host or session.from_host;
+		if config.get(local_host, "core", "s2s_require_encryption") then
+			session:close({
+				condition = "policy-violation",
+				text = "Encrypted server-to-server communication is required but was not "
+				       ..((session.direction == "outgoing" and "offered") or "used")
+			});
+		end
+	end
 	if session.type == "s2sout_unauthed" then
 		session.type = "s2sout";
 	elseif session.type == "s2sin_unauthed" then