aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
Diffstat (limited to 'core')
-rw-r--r--core/s2smanager.lua178
-rw-r--r--core/sessionmanager.lua13
-rw-r--r--core/stanza_router.lua81
-rw-r--r--core/xmlhandlers.lua50
4 files changed, 297 insertions, 25 deletions
diff --git a/core/s2smanager.lua b/core/s2smanager.lua
new file mode 100644
index 00000000..1d718305
--- /dev/null
+++ b/core/s2smanager.lua
@@ -0,0 +1,178 @@
+
+local hosts = hosts;
+local sessions = sessions;
+local socket = require "socket";
+local format = string.format;
+local tostring, pairs, ipairs, getmetatable, print, newproxy, error, tonumber
+ = tostring, pairs, ipairs, getmetatable, print, newproxy, error, tonumber;
+
+local connlisteners_get = require "net.connlisteners".get;
+local wraptlsclient = require "net.server".wraptlsclient;
+local modulemanager = require "core.modulemanager";
+
+local uuid_gen = require "util.uuid".generate;
+
+local logger_init = require "util.logger".init;
+
+local log = logger_init("s2smanager");
+
+local md5_hash = require "util.hashes".md5;
+
+local dialback_secret = "This is very secret!!! Ha!";
+
+module "s2smanager"
+
+function connect_host(from_host, to_host)
+end
+
+function send_to_host(from_host, to_host, data)
+ if hosts[to_host] then
+ -- Write to connection
+ hosts[to_host].send(data);
+ log("debug", "stanza sent over s2s");
+ else
+ log("debug", "opening a new outgoing connection for this stanza");
+ local host_session = new_outgoing(from_host, to_host);
+ -- Store in buffer
+ host_session.sendq = { data };
+ end
+end
+
+function disconnect_host(host)
+
+end
+
+local open_sessions = 0;
+
+function new_incoming(conn)
+ local session = { conn = conn, priority = 0, type = "s2sin_unauthed", direction = "incoming" };
+ if true then
+ session.trace = newproxy(true);
+ getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; print("s2s session got collected, now "..open_sessions.." s2s sessions are allocated") end;
+ end
+ open_sessions = open_sessions + 1;
+ local w = conn.write;
+ session.send = function (t) w(tostring(t)); end
+ return session;
+end
+
+function new_outgoing(from_host, to_host)
+ local host_session = { to_host = to_host, from_host = from_host, notopen = true, type = "s2sout_unauthed", direction = "outgoing" };
+ hosts[to_host] = host_session;
+
+ local cl = connlisteners_get("xmppserver");
+
+ local conn, handler = socket.tcp()
+ --FIXME: Below parameters (ports/ip) are incorrect (use SRV)
+ conn:connect(to_host, 5269);
+ conn = wraptlsclient(cl, conn, to_host, 5269, 0, 1, hosts[from_host].ssl_ctx );
+ host_session.conn = conn;
+
+ -- Register this outgoing connection so that xmppserver_listener knows about it
+ -- otherwise it will assume it is a new incoming connection
+ cl.register_outgoing(conn, host_session);
+
+ do
+ local conn_name = "s2sout"..tostring(conn):match("[a-f0-9]*$");
+ host_session.log = logger_init(conn_name);
+ end
+
+ local w = conn.write;
+ host_session.send = function (t) w(tostring(t)); end
+
+ conn.write(format([[<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' from='%s' to='%s' version='1.0'>]], from_host, to_host));
+
+ return host_session;
+end
+
+function streamopened(session, attr)
+ session.log("debug", "s2s stream opened");
+ local send = session.send;
+
+ session.version = tonumber(attr.version) or 0;
+ if session.version >= 1.0 and not (attr.to and attr.from) then
+ print("to: "..tostring(attr.to).." from: "..tostring(attr.from));
+ --error(session.to_host.." failed to specify 'to' or 'from' hostname as per RFC");
+ log("warn", (session.to_host or "(unknown)").." failed to specify 'to' or 'from' hostname as per RFC");
+ end
+
+ if session.direction == "incoming" then
+ -- Send a reply stream header
+
+ for k,v in pairs(attr) do print("", tostring(k), ":::", tostring(v)); end
+
+ session.to_host = attr.to;
+ session.from_host = attr.from;
+
+ session.streamid = uuid_gen();
+ print(session, session.from_host, "incoming s2s stream opened");
+ send("<?xml version='1.0'?>");
+ send(format("<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' id='%s' from='%s'>", session.streamid, session.to_host));
+ if session.from_host then
+ -- Need to perform dialback to check identity
+ print("to: "..tostring(attr.to).." from: "..tostring(attr.from));
+ print("Need to do dialback here you know!!");
+ end
+ elseif session.direction == "outgoing" then
+ -- If we are just using the connection for verifying dialback keys, we won't try and auth it
+ if not session.dialback_verifying then
+ -- generate dialback key
+ if not attr.id then error("stream response did not give us a streamid!!!"); end
+ session.streamid = attr.id;
+ session.dialback_key = generate_dialback(session.streamid, session.to_host, session.from_host);
+ session.send(format("<db:result from='%s' to='%s'>%s</db:result>", session.from_host, session.to_host, session.dialback_key));
+ session.log("info", "sent dialback key on outgoing s2s stream");
+ else
+ mark_connected(session);
+ end
+ end
+ --[[
+ local features = {};
+ modulemanager.fire_event("stream-features-s2s", session, features);
+
+ send("<stream:features>");
+
+ for _, feature in ipairs(features) do
+ send(tostring(feature));
+ end
+
+ send("</stream:features>");]]
+ log("info", "s2s stream opened successfully");
+ session.notopen = nil;
+end
+
+function generate_dialback(id, to, from)
+ return md5_hash(id..to..from..dialback_secret); -- FIXME: See XEP-185 and XEP-220
+end
+
+function verify_dialback(id, to, from, key)
+ return key == generate_dialback(id, to, from);
+end
+
+function make_authenticated(session)
+ if session.type == "s2sout_unauthed" then
+ session.type = "s2sout";
+ elseif session.type == "s2sin_unauthed" then
+ session.type = "s2sin";
+ else
+ return false;
+ end
+ session.log("info", "connection is now authenticated");
+
+ mark_connected(session);
+
+ return true;
+end
+
+function mark_connected(session)
+ local sendq, send = session.sendq, session.send;
+ if sendq then
+ session.log("debug", "sending queued stanzas across new connection");
+ for _, data in ipairs(sendq) do
+ session.log("debug", "sending: %s", tostring(data));
+ send(data);
+ end
+ end
+end
+
+return _M; \ No newline at end of file
diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua
index d140ebe0..2b7659d2 100644
--- a/core/sessionmanager.lua
+++ b/core/sessionmanager.lua
@@ -11,7 +11,7 @@ local sessions = sessions;
local modulemanager = require "core.modulemanager";
local log = require "util.logger".init("sessionmanager");
local error = error;
-local uuid_generate = require "util.uuid".uuid_generate;
+local uuid_generate = require "util.uuid".generate;
local rm_load_roster = require "core.rostermanager".load_roster;
local newproxy = newproxy;
@@ -35,14 +35,15 @@ end
function destroy_session(session)
session.log("info", "Destroying session");
- if session.username then
+ if session.host and session.username then
if session.resource then
hosts[session.host].sessions[session.username].sessions[session.resource] = nil;
end
-
- if not next(hosts[session.host].sessions[session.username].sessions) then
- log("debug", "All resources of %s are now offline", session.username);
- hosts[session.host].sessions[session.username] = nil;
+ if hosts[session.host] and hosts[session.host].sessions[session.username] then
+ if not next(hosts[session.host].sessions[session.username].sessions) then
+ log("debug", "All resources of %s are now offline", session.username);
+ hosts[session.host].sessions[session.username] = nil;
+ end
end
end
session.conn = nil;
diff --git a/core/stanza_router.lua b/core/stanza_router.lua
index 52ab20e8..2dcd612f 100644
--- a/core/stanza_router.lua
+++ b/core/stanza_router.lua
@@ -9,9 +9,14 @@ local log = require "util.logger".init("stanzarouter")
local st = require "util.stanza";
local send = require "core.sessionmanager".send_to_session;
--- local send_s2s = require "core.s2smanager".send_to_host;
+local send_s2s = require "core.s2smanager".send_to_host;
local user_exists = require "core.usermanager".user_exists;
+local s2s_verify_dialback = require "core.s2smanager".verify_dialback;
+local s2s_make_authenticated = require "core.s2smanager".make_authenticated;
+local format = string.format;
+local tostring = tostring;
+
local jid_split = require "util.jid".split;
local print = print;
@@ -21,7 +26,7 @@ function core_process_stanza(origin, stanza)
if stanza.name == "iq" and not(#stanza.tags == 1 and stanza.tags[1].attr.xmlns) then
if stanza.attr.type == "set" or stanza.attr.type == "get" then
error("Invalid IQ");
- elseif #stanza.tags > 1 or not(stanza.attr.type == "error" or stanza.attr.type == "result") then
+ elseif #stanza.tags > 1 and not(stanza.attr.type == "error" or stanza.attr.type == "result") then
error("Invalid IQ");
end
end
@@ -33,17 +38,18 @@ function core_process_stanza(origin, stanza)
end
local to = stanza.attr.to;
- stanza.attr.from = origin.full_jid; -- quick fix to prevent impersonation (FIXME this would be incorrect when the origin is not c2s)
-- TODO also, stazas should be returned to their original state before the function ends
+ if origin.type == "c2s" then
+ stanza.attr.from = origin.full_jid; -- quick fix to prevent impersonation (FIXME this would be incorrect when the origin is not c2s)
+ end
- -- TODO presence subscriptions
if not to then
core_handle_stanza(origin, stanza);
elseif hosts[to] and hosts[to].type == "local" then
core_handle_stanza(origin, stanza);
elseif stanza.name == "iq" and not select(3, jid_split(to)) then
core_handle_stanza(origin, stanza);
- elseif origin.type == "c2s" then
+ elseif origin.type == "c2s" or origin.type == "s2sin" then
core_route_stanza(origin, stanza);
end
end
@@ -98,6 +104,58 @@ function core_handle_stanza(origin, stanza)
log("debug", "Routing stanza to local");
handle_stanza(session, stanza);
end
+ elseif origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
+ if stanza.attr.xmlns == "jabber:server:dialback" then
+ if stanza.name == "verify" then
+ -- We are being asked to verify the key, to ensure it was generated by us
+ log("debug", "verifying dialback key...");
+ local attr = stanza.attr;
+ print(tostring(attr.to), tostring(attr.from))
+ print(tostring(origin.to_host), tostring(origin.from_host))
+ -- FIXME: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34
+ --if attr.from ~= origin.to_host then error("invalid-from"); end
+ local type = "invalid";
+ if s2s_verify_dialback(attr.id, attr.from, attr.to, stanza[1]) then
+ type = "valid"
+ end
+ origin.send(format("<db:verify from='%s' to='%s' id='%s' type='%s'>%s</db:verify>", attr.to, attr.from, attr.id, type, stanza[1]));
+ elseif stanza.name == "result" and origin.type == "s2sin_unauthed" then
+ -- he wants to be identified through dialback
+ -- We need to check the key with the Authoritative server
+ local attr = stanza.attr;
+ origin.from_host = attr.from;
+ origin.to_host = attr.to;
+ origin.dialback_key = stanza[1];
+ log("debug", "asking %s if key %s belongs to them", attr.from, stanza[1]);
+ send_s2s(attr.to, attr.from, format("<db:verify from='%s' to='%s' id='%s'>%s</db:verify>", attr.to, attr.from, origin.streamid, stanza[1]));
+ hosts[attr.from].dialback_verifying = origin;
+ end
+ end
+ elseif origin.type == "s2sout_unauthed" or origin.type == "s2sout" then
+ if stanza.attr.xmlns == "jabber:server:dialback" then
+ if stanza.name == "result" then
+ if stanza.attr.type == "valid" then
+ s2s_make_authenticated(origin);
+ else
+ -- FIXME
+ error("dialback failed!");
+ end
+ elseif stanza.name == "verify" and origin.dialback_verifying then
+ local valid;
+ local attr = stanza.attr;
+ if attr.type == "valid" then
+ s2s_make_authenticated(origin.dialback_verifying);
+ valid = "valid";
+ else
+ -- Warn the original connection that is was not verified successfully
+ log("warn", "dialback for "..(origin.dialback_verifying.from_host or "(unknown)").." failed");
+ valid = "invalid";
+ end
+ origin.dialback_verifying.send(format("<db:result from='%s' to='%s' id='%s' type='%s'>%s</db:result>", attr.from, attr.to, attr.id, valid, origin.dialback_verifying.dialback_key));
+ end
+ end
+ else
+ log("warn", "Unhandled origin: %s", origin.type);
end
end
@@ -202,13 +260,14 @@ function core_route_stanza(origin, stanza)
end
end
end
- else
+ elseif origin.type == "c2s" then
-- Remote host
- if host_session then
- -- Send to session
- else
- -- Need to establish the connection
- end
+ --stanza.attr.xmlns = "jabber:server";
+ stanza.attr.xmlns = nil;
+ log("debug", "sending s2s stanza: %s", tostring(stanza));
+ send_s2s(origin.host, host, stanza);
+ else
+ log("warn", "received stanza from unhandled connection type: %s", origin.type);
end
stanza.attr.to = to; -- reset
end
diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua
index b1af299f..3037a848 100644
--- a/core/xmlhandlers.lua
+++ b/core/xmlhandlers.lua
@@ -3,6 +3,10 @@ require "util.stanza"
local st = stanza;
local tostring = tostring;
+local pairs = pairs;
+local ipairs = ipairs;
+local type = type;
+local print = print;
local format = string.format;
local m_random = math.random;
local t_insert = table.insert;
@@ -11,18 +15,24 @@ local t_concat = table.concat;
local t_concatall = function (t, sep) local tt = {}; for _, s in ipairs(t) do t_insert(tt, tostring(s)); end return t_concat(tt, sep); end
local sm_destroy_session = import("core.sessionmanager", "destroy_session");
+local default_log = require "util.logger".init("xmlhandlers");
+
local error = error;
module "xmlhandlers"
+local ns_prefixes = {
+ ["http://www.w3.org/XML/1998/namespace"] = "xml";
+ }
+
function init_xmlhandlers(session, streamopened)
local ns_stack = { "" };
local curr_ns = "";
local curr_tag;
local chardata = {};
local xml_handlers = {};
- local log = session.log;
- local print = function (...) log("info", "xmlhandlers", t_concatall({...}, "\t")); end
+ local log = session.log or default_log;
+ --local print = function (...) log("info", "xmlhandlers", t_concatall({...}, "\t")); end
local send = session.send;
@@ -33,8 +43,27 @@ function init_xmlhandlers(session, streamopened)
stanza:text(t_concat(chardata));
chardata = {};
end
- curr_ns,name = name:match("^(.+):(%w+)$");
- if not stanza then
+ curr_ns,name = name:match("^(.+)|([%w%-]+)$");
+ if curr_ns ~= "jabber:server" then
+ attr.xmlns = curr_ns;
+ end
+
+ -- FIXME !!!!!
+ for i, k in ipairs(attr) do
+ if type(k) == "string" then
+ local ns, nm = k:match("^([^|]+)|?([^|]-)$")
+ if ns and nm then
+ ns = ns_prefixes[ns];
+ if ns then
+ attr[ns..":"..nm] = attr[k];
+ attr[i] = ns..":"..nm;
+ attr[k] = nil;
+ end
+ end
+ end
+ end
+
+ if not stanza then --if we are not currently inside a stanza
if session.notopen then
if name == "stream" then
streamopened(session, attr);
@@ -45,11 +74,14 @@ function init_xmlhandlers(session, streamopened)
if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
error("Client sent invalid top-level stanza");
end
- attr.xmlns = curr_ns;
+
stanza = st.stanza(name, attr); --{ to = attr.to, type = attr.type, id = attr.id, xmlns = curr_ns });
curr_tag = stanza;
- else
- attr.xmlns = curr_ns;
+ else -- we are inside a stanza, so add a tag
+ attr.xmlns = nil;
+ if curr_ns ~= "jabber:server" and curr_ns ~= "jabber:client" then
+ attr.xmlns = curr_ns;
+ end
stanza:tag(name, attr);
end
end
@@ -59,12 +91,14 @@ function init_xmlhandlers(session, streamopened)
end
end
function xml_handlers:EndElement(name)
- curr_ns,name = name:match("^(.+):(%w+)$");
+ curr_ns,name = name:match("^(.+)|([%w%-]+)$");
if (not stanza) or #stanza.last_add < 0 or (#stanza.last_add > 0 and name ~= stanza.last_add[#stanza.last_add].name) then
if name == "stream" then
log("debug", "Stream closed");
sm_destroy_session(session);
return;
+ elseif name == "error" then
+ error("Stream error: "..tostring(name)..": "..tostring(stanza));
else
error("XML parse error in client stream");
end