diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/s2smanager.lua | 178 | ||||
| -rw-r--r-- | core/sessionmanager.lua | 13 | ||||
| -rw-r--r-- | core/stanza_router.lua | 81 | ||||
| -rw-r--r-- | core/xmlhandlers.lua | 50 |
4 files changed, 297 insertions, 25 deletions
diff --git a/core/s2smanager.lua b/core/s2smanager.lua new file mode 100644 index 00000000..1d718305 --- /dev/null +++ b/core/s2smanager.lua @@ -0,0 +1,178 @@ + +local hosts = hosts; +local sessions = sessions; +local socket = require "socket"; +local format = string.format; +local tostring, pairs, ipairs, getmetatable, print, newproxy, error, tonumber + = tostring, pairs, ipairs, getmetatable, print, newproxy, error, tonumber; + +local connlisteners_get = require "net.connlisteners".get; +local wraptlsclient = require "net.server".wraptlsclient; +local modulemanager = require "core.modulemanager"; + +local uuid_gen = require "util.uuid".generate; + +local logger_init = require "util.logger".init; + +local log = logger_init("s2smanager"); + +local md5_hash = require "util.hashes".md5; + +local dialback_secret = "This is very secret!!! Ha!"; + +module "s2smanager" + +function connect_host(from_host, to_host) +end + +function send_to_host(from_host, to_host, data) + if hosts[to_host] then + -- Write to connection + hosts[to_host].send(data); + log("debug", "stanza sent over s2s"); + else + log("debug", "opening a new outgoing connection for this stanza"); + local host_session = new_outgoing(from_host, to_host); + -- Store in buffer + host_session.sendq = { data }; + end +end + +function disconnect_host(host) + +end + +local open_sessions = 0; + +function new_incoming(conn) + local session = { conn = conn, priority = 0, type = "s2sin_unauthed", direction = "incoming" }; + if true then + session.trace = newproxy(true); + getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; print("s2s session got collected, now "..open_sessions.." s2s sessions are allocated") end; + end + open_sessions = open_sessions + 1; + local w = conn.write; + session.send = function (t) w(tostring(t)); end + return session; +end + +function new_outgoing(from_host, to_host) + local host_session = { to_host = to_host, from_host = from_host, notopen = true, type = "s2sout_unauthed", direction = "outgoing" }; + hosts[to_host] = host_session; + + local cl = connlisteners_get("xmppserver"); + + local conn, handler = socket.tcp() + --FIXME: Below parameters (ports/ip) are incorrect (use SRV) + conn:connect(to_host, 5269); + conn = wraptlsclient(cl, conn, to_host, 5269, 0, 1, hosts[from_host].ssl_ctx ); + host_session.conn = conn; + + -- Register this outgoing connection so that xmppserver_listener knows about it + -- otherwise it will assume it is a new incoming connection + cl.register_outgoing(conn, host_session); + + do + local conn_name = "s2sout"..tostring(conn):match("[a-f0-9]*$"); + host_session.log = logger_init(conn_name); + end + + local w = conn.write; + host_session.send = function (t) w(tostring(t)); end + + conn.write(format([[<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' from='%s' to='%s' version='1.0'>]], from_host, to_host)); + + return host_session; +end + +function streamopened(session, attr) + session.log("debug", "s2s stream opened"); + local send = session.send; + + session.version = tonumber(attr.version) or 0; + if session.version >= 1.0 and not (attr.to and attr.from) then + print("to: "..tostring(attr.to).." from: "..tostring(attr.from)); + --error(session.to_host.." failed to specify 'to' or 'from' hostname as per RFC"); + log("warn", (session.to_host or "(unknown)").." failed to specify 'to' or 'from' hostname as per RFC"); + end + + if session.direction == "incoming" then + -- Send a reply stream header + + for k,v in pairs(attr) do print("", tostring(k), ":::", tostring(v)); end + + session.to_host = attr.to; + session.from_host = attr.from; + + session.streamid = uuid_gen(); + print(session, session.from_host, "incoming s2s stream opened"); + send("<?xml version='1.0'?>"); + send(format("<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' id='%s' from='%s'>", session.streamid, session.to_host)); + if session.from_host then + -- Need to perform dialback to check identity + print("to: "..tostring(attr.to).." from: "..tostring(attr.from)); + print("Need to do dialback here you know!!"); + end + elseif session.direction == "outgoing" then + -- If we are just using the connection for verifying dialback keys, we won't try and auth it + if not session.dialback_verifying then + -- generate dialback key + if not attr.id then error("stream response did not give us a streamid!!!"); end + session.streamid = attr.id; + session.dialback_key = generate_dialback(session.streamid, session.to_host, session.from_host); + session.send(format("<db:result from='%s' to='%s'>%s</db:result>", session.from_host, session.to_host, session.dialback_key)); + session.log("info", "sent dialback key on outgoing s2s stream"); + else + mark_connected(session); + end + end + --[[ + local features = {}; + modulemanager.fire_event("stream-features-s2s", session, features); + + send("<stream:features>"); + + for _, feature in ipairs(features) do + send(tostring(feature)); + end + + send("</stream:features>");]] + log("info", "s2s stream opened successfully"); + session.notopen = nil; +end + +function generate_dialback(id, to, from) + return md5_hash(id..to..from..dialback_secret); -- FIXME: See XEP-185 and XEP-220 +end + +function verify_dialback(id, to, from, key) + return key == generate_dialback(id, to, from); +end + +function make_authenticated(session) + if session.type == "s2sout_unauthed" then + session.type = "s2sout"; + elseif session.type == "s2sin_unauthed" then + session.type = "s2sin"; + else + return false; + end + session.log("info", "connection is now authenticated"); + + mark_connected(session); + + return true; +end + +function mark_connected(session) + local sendq, send = session.sendq, session.send; + if sendq then + session.log("debug", "sending queued stanzas across new connection"); + for _, data in ipairs(sendq) do + session.log("debug", "sending: %s", tostring(data)); + send(data); + end + end +end + +return _M;
\ No newline at end of file diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index d140ebe0..2b7659d2 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -11,7 +11,7 @@ local sessions = sessions; local modulemanager = require "core.modulemanager"; local log = require "util.logger".init("sessionmanager"); local error = error; -local uuid_generate = require "util.uuid".uuid_generate; +local uuid_generate = require "util.uuid".generate; local rm_load_roster = require "core.rostermanager".load_roster; local newproxy = newproxy; @@ -35,14 +35,15 @@ end function destroy_session(session) session.log("info", "Destroying session"); - if session.username then + if session.host and session.username then if session.resource then hosts[session.host].sessions[session.username].sessions[session.resource] = nil; end - - if not next(hosts[session.host].sessions[session.username].sessions) then - log("debug", "All resources of %s are now offline", session.username); - hosts[session.host].sessions[session.username] = nil; + if hosts[session.host] and hosts[session.host].sessions[session.username] then + if not next(hosts[session.host].sessions[session.username].sessions) then + log("debug", "All resources of %s are now offline", session.username); + hosts[session.host].sessions[session.username] = nil; + end end end session.conn = nil; diff --git a/core/stanza_router.lua b/core/stanza_router.lua index 52ab20e8..2dcd612f 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -9,9 +9,14 @@ local log = require "util.logger".init("stanzarouter") local st = require "util.stanza"; local send = require "core.sessionmanager".send_to_session; --- local send_s2s = require "core.s2smanager".send_to_host; +local send_s2s = require "core.s2smanager".send_to_host; local user_exists = require "core.usermanager".user_exists; +local s2s_verify_dialback = require "core.s2smanager".verify_dialback; +local s2s_make_authenticated = require "core.s2smanager".make_authenticated; +local format = string.format; +local tostring = tostring; + local jid_split = require "util.jid".split; local print = print; @@ -21,7 +26,7 @@ function core_process_stanza(origin, stanza) if stanza.name == "iq" and not(#stanza.tags == 1 and stanza.tags[1].attr.xmlns) then if stanza.attr.type == "set" or stanza.attr.type == "get" then error("Invalid IQ"); - elseif #stanza.tags > 1 or not(stanza.attr.type == "error" or stanza.attr.type == "result") then + elseif #stanza.tags > 1 and not(stanza.attr.type == "error" or stanza.attr.type == "result") then error("Invalid IQ"); end end @@ -33,17 +38,18 @@ function core_process_stanza(origin, stanza) end local to = stanza.attr.to; - stanza.attr.from = origin.full_jid; -- quick fix to prevent impersonation (FIXME this would be incorrect when the origin is not c2s) -- TODO also, stazas should be returned to their original state before the function ends + if origin.type == "c2s" then + stanza.attr.from = origin.full_jid; -- quick fix to prevent impersonation (FIXME this would be incorrect when the origin is not c2s) + end - -- TODO presence subscriptions if not to then core_handle_stanza(origin, stanza); elseif hosts[to] and hosts[to].type == "local" then core_handle_stanza(origin, stanza); elseif stanza.name == "iq" and not select(3, jid_split(to)) then core_handle_stanza(origin, stanza); - elseif origin.type == "c2s" then + elseif origin.type == "c2s" or origin.type == "s2sin" then core_route_stanza(origin, stanza); end end @@ -98,6 +104,58 @@ function core_handle_stanza(origin, stanza) log("debug", "Routing stanza to local"); handle_stanza(session, stanza); end + elseif origin.type == "s2sin_unauthed" or origin.type == "s2sin" then + if stanza.attr.xmlns == "jabber:server:dialback" then + if stanza.name == "verify" then + -- We are being asked to verify the key, to ensure it was generated by us + log("debug", "verifying dialback key..."); + local attr = stanza.attr; + print(tostring(attr.to), tostring(attr.from)) + print(tostring(origin.to_host), tostring(origin.from_host)) + -- FIXME: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34 + --if attr.from ~= origin.to_host then error("invalid-from"); end + local type = "invalid"; + if s2s_verify_dialback(attr.id, attr.from, attr.to, stanza[1]) then + type = "valid" + end + origin.send(format("<db:verify from='%s' to='%s' id='%s' type='%s'>%s</db:verify>", attr.to, attr.from, attr.id, type, stanza[1])); + elseif stanza.name == "result" and origin.type == "s2sin_unauthed" then + -- he wants to be identified through dialback + -- We need to check the key with the Authoritative server + local attr = stanza.attr; + origin.from_host = attr.from; + origin.to_host = attr.to; + origin.dialback_key = stanza[1]; + log("debug", "asking %s if key %s belongs to them", attr.from, stanza[1]); + send_s2s(attr.to, attr.from, format("<db:verify from='%s' to='%s' id='%s'>%s</db:verify>", attr.to, attr.from, origin.streamid, stanza[1])); + hosts[attr.from].dialback_verifying = origin; + end + end + elseif origin.type == "s2sout_unauthed" or origin.type == "s2sout" then + if stanza.attr.xmlns == "jabber:server:dialback" then + if stanza.name == "result" then + if stanza.attr.type == "valid" then + s2s_make_authenticated(origin); + else + -- FIXME + error("dialback failed!"); + end + elseif stanza.name == "verify" and origin.dialback_verifying then + local valid; + local attr = stanza.attr; + if attr.type == "valid" then + s2s_make_authenticated(origin.dialback_verifying); + valid = "valid"; + else + -- Warn the original connection that is was not verified successfully + log("warn", "dialback for "..(origin.dialback_verifying.from_host or "(unknown)").." failed"); + valid = "invalid"; + end + origin.dialback_verifying.send(format("<db:result from='%s' to='%s' id='%s' type='%s'>%s</db:result>", attr.from, attr.to, attr.id, valid, origin.dialback_verifying.dialback_key)); + end + end + else + log("warn", "Unhandled origin: %s", origin.type); end end @@ -202,13 +260,14 @@ function core_route_stanza(origin, stanza) end end end - else + elseif origin.type == "c2s" then -- Remote host - if host_session then - -- Send to session - else - -- Need to establish the connection - end + --stanza.attr.xmlns = "jabber:server"; + stanza.attr.xmlns = nil; + log("debug", "sending s2s stanza: %s", tostring(stanza)); + send_s2s(origin.host, host, stanza); + else + log("warn", "received stanza from unhandled connection type: %s", origin.type); end stanza.attr.to = to; -- reset end diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua index b1af299f..3037a848 100644 --- a/core/xmlhandlers.lua +++ b/core/xmlhandlers.lua @@ -3,6 +3,10 @@ require "util.stanza" local st = stanza; local tostring = tostring; +local pairs = pairs; +local ipairs = ipairs; +local type = type; +local print = print; local format = string.format; local m_random = math.random; local t_insert = table.insert; @@ -11,18 +15,24 @@ local t_concat = table.concat; local t_concatall = function (t, sep) local tt = {}; for _, s in ipairs(t) do t_insert(tt, tostring(s)); end return t_concat(tt, sep); end local sm_destroy_session = import("core.sessionmanager", "destroy_session"); +local default_log = require "util.logger".init("xmlhandlers"); + local error = error; module "xmlhandlers" +local ns_prefixes = { + ["http://www.w3.org/XML/1998/namespace"] = "xml"; + } + function init_xmlhandlers(session, streamopened) local ns_stack = { "" }; local curr_ns = ""; local curr_tag; local chardata = {}; local xml_handlers = {}; - local log = session.log; - local print = function (...) log("info", "xmlhandlers", t_concatall({...}, "\t")); end + local log = session.log or default_log; + --local print = function (...) log("info", "xmlhandlers", t_concatall({...}, "\t")); end local send = session.send; @@ -33,8 +43,27 @@ function init_xmlhandlers(session, streamopened) stanza:text(t_concat(chardata)); chardata = {}; end - curr_ns,name = name:match("^(.+):(%w+)$"); - if not stanza then + curr_ns,name = name:match("^(.+)|([%w%-]+)$"); + if curr_ns ~= "jabber:server" then + attr.xmlns = curr_ns; + end + + -- FIXME !!!!! + for i, k in ipairs(attr) do + if type(k) == "string" then + local ns, nm = k:match("^([^|]+)|?([^|]-)$") + if ns and nm then + ns = ns_prefixes[ns]; + if ns then + attr[ns..":"..nm] = attr[k]; + attr[i] = ns..":"..nm; + attr[k] = nil; + end + end + end + end + + if not stanza then --if we are not currently inside a stanza if session.notopen then if name == "stream" then streamopened(session, attr); @@ -45,11 +74,14 @@ function init_xmlhandlers(session, streamopened) if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then error("Client sent invalid top-level stanza"); end - attr.xmlns = curr_ns; + stanza = st.stanza(name, attr); --{ to = attr.to, type = attr.type, id = attr.id, xmlns = curr_ns }); curr_tag = stanza; - else - attr.xmlns = curr_ns; + else -- we are inside a stanza, so add a tag + attr.xmlns = nil; + if curr_ns ~= "jabber:server" and curr_ns ~= "jabber:client" then + attr.xmlns = curr_ns; + end stanza:tag(name, attr); end end @@ -59,12 +91,14 @@ function init_xmlhandlers(session, streamopened) end end function xml_handlers:EndElement(name) - curr_ns,name = name:match("^(.+):(%w+)$"); + curr_ns,name = name:match("^(.+)|([%w%-]+)$"); if (not stanza) or #stanza.last_add < 0 or (#stanza.last_add > 0 and name ~= stanza.last_add[#stanza.last_add].name) then if name == "stream" then log("debug", "Stream closed"); sm_destroy_session(session); return; + elseif name == "error" then + error("Stream error: "..tostring(name)..": "..tostring(stanza)); else error("XML parse error in client stream"); end |