aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_c2s.lua
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/mod_c2s.lua')
-rw-r--r--plugins/mod_c2s.lua99
1 files changed, 67 insertions, 32 deletions
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index c8f54fa7..e29ea6a0 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -8,15 +8,15 @@
module:set_global();
-local add_task = require "util.timer".add_task;
-local new_xmpp_stream = require "util.xmppstream".new;
-local nameprep = require "util.encodings".stringprep.nameprep;
-local sessionmanager = require "core.sessionmanager";
-local statsmanager = require "core.statsmanager";
-local st = require "util.stanza";
+local add_task = require "prosody.util.timer".add_task;
+local new_xmpp_stream = require "prosody.util.xmppstream".new;
+local nameprep = require "prosody.util.encodings".stringprep.nameprep;
+local sessionmanager = require "prosody.core.sessionmanager";
+local statsmanager = require "prosody.core.statsmanager";
+local st = require "prosody.util.stanza";
local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session;
-local uuid_generate = require "util.uuid".generate;
-local async = require "util.async";
+local uuid_generate = require "prosody.util.uuid".generate;
+local async = require "prosody.util.async";
local runner = async.runner;
local tostring, type = tostring, type;
@@ -25,10 +25,16 @@ local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
local log = module._log;
-local c2s_timeout = module:get_option_number("c2s_timeout", 300);
-local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5);
+local c2s_timeout = module:get_option_period("c2s_timeout", "5 minutes");
+local stream_close_timeout = module:get_option_period("c2s_close_timeout", 5);
local opt_keepalives = module:get_option_boolean("c2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true));
-local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit", 1024*256);
+local stanza_size_limit = module:get_option_integer("c2s_stanza_size_limit", 1024*256,10000);
+
+local advertised_idle_timeout = 14*60; -- default in all net.server implementations
+local network_settings = module:get_option("network_settings");
+if type(network_settings) == "table" and type(network_settings.read_timeout) == "number" then
+ advertised_idle_timeout = network_settings.read_timeout;
+end
local measure_connections = module:metric("gauge", "connections", "", "Established c2s connections", {"host", "type", "ip_family"});
@@ -39,6 +45,7 @@ local hosts = prosody.hosts;
local stream_callbacks = { default_ns = "jabber:client" };
local listener = {};
local runner_callbacks = {};
+local session_events = {};
local m_tls_params = module:metric(
"counter", "encrypted", "",
@@ -70,11 +77,11 @@ local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
function stream_callbacks.streamopened(session, attr)
-- run _streamopened in async context
- session.thread:run({ stream = "opened", attr = attr });
+ session.thread:run({ event = "streamopened", attr = attr });
end
-function stream_callbacks._streamopened(session, attr)
- local send = session.send;
+function session_events.streamopened(session, event)
+ local send, attr = session.send, event.attr;
if not attr.to then
session:close{ condition = "improper-addressing",
text = "A 'to' attribute is required on stream headers" };
@@ -117,8 +124,7 @@ function stream_callbacks._streamopened(session, attr)
session.secure = true;
session.encrypted = true;
- local sock = session.conn:socket();
- local info = sock.info and sock:info();
+ local info = session.conn:ssl_info();
if type(info) == "table" then
(session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher);
session.compressed = info.compression;
@@ -129,8 +135,19 @@ function stream_callbacks._streamopened(session, attr)
end
local features = st.stanza("stream:features");
- hosts[session.host].events.fire_event("stream-features", { origin = session, features = features });
+ hosts[session.host].events.fire_event("stream-features", { origin = session, features = features, stream = attr });
if features.tags[1] or session.full_jid then
+ if stanza_size_limit or advertised_idle_timeout then
+ features:reset();
+ local limits = features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" });
+ if stanza_size_limit then
+ limits:text_tag("max-bytes", string.format("%d", stanza_size_limit));
+ end
+ if advertised_idle_timeout then
+ limits:text_tag("idle-seconds", string.format("%d", advertised_idle_timeout));
+ end
+ limits:reset();
+ end
send(features);
else
if session.secure then
@@ -146,14 +163,19 @@ end
function stream_callbacks.streamclosed(session, attr)
-- run _streamclosed in async context
- session.thread:run({ stream = "closed", attr = attr });
+ session.thread:run({ event = "streamclosed", attr = attr });
end
-function stream_callbacks._streamclosed(session)
+function session_events.streamclosed(session)
session.log("debug", "Received </stream:stream>");
session:close(false);
end
+function session_events.callback(session, event)
+ session.log("debug", "Running session callback %s", event.name);
+ event.callback(session, event);
+end
+
function stream_callbacks.error(session, error, data)
if error == "no-stream" then
session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}")));
@@ -248,6 +270,9 @@ end
local function disconnect_user_sessions(reason, leave_resource)
return function (event)
local username, host, resource = event.username, event.host, event.resource;
+ if not (hosts[host] and hosts[host].type == "local") then
+ return -- not a local VirtualHost so no sessions
+ end
local user = hosts[host].sessions[username];
if user and user.sessions then
for r, session in pairs(user.sessions) do
@@ -260,8 +285,18 @@ local function disconnect_user_sessions(reason, leave_resource)
end
module:hook_global("user-password-changed", disconnect_user_sessions({ condition = "reset", text = "Password changed" }, true), 200);
-module:hook_global("user-roles-changed", disconnect_user_sessions({ condition = "reset", text = "Roles changed" }), 200);
+module:hook_global("user-role-changed", disconnect_user_sessions({ condition = "reset", text = "Role changed" }), 200);
module:hook_global("user-deleted", disconnect_user_sessions({ condition = "not-authorized", text = "Account deleted" }), 200);
+module:hook_global("user-disabled", disconnect_user_sessions({ condition = "not-authorized", text = "Account disabled" }), 200);
+
+module:hook_global("c2s-session-updated", function (event)
+ sessions[event.session.conn] = event.session;
+ local replaced_conn = event.replaced_conn;
+ if replaced_conn then
+ sessions[replaced_conn] = nil;
+ replaced_conn:close();
+ end
+end);
function runner_callbacks:ready()
if self.data.conn then
@@ -293,10 +328,10 @@ function listener.onconnect(conn)
if conn:ssl() then
session.secure = true;
session.encrypted = true;
+ session.ssl_ctx = conn:sslctx();
-- Check if TLS compression is used
- local sock = conn:socket();
- local info = sock.info and sock:info();
+ local info = conn:ssl_info();
if type(info) == "table" then
(session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher);
session.compressed = info.compression;
@@ -321,13 +356,11 @@ function listener.onconnect(conn)
session.stream:reset();
end
- session.thread = runner(function (stanza)
- if st.is_stanza(stanza) then
- core_process_stanza(session, stanza);
- elseif stanza.stream == "opened" then
- stream_callbacks._streamopened(session, stanza.attr);
- elseif stanza.stream == "closed" then
- stream_callbacks._streamclosed(session, stanza.attr);
+ session.thread = runner(function (item)
+ if st.is_stanza(item) then
+ core_process_stanza(session, item);
+ else
+ session_events[item.event](session, item);
end
end, runner_callbacks, session);
@@ -354,11 +387,13 @@ function listener.onconnect(conn)
end
end
- if c2s_timeout then
- add_task(c2s_timeout, function ()
+ if c2s_timeout < math.huge then
+ session.c2s_timeout = add_task(c2s_timeout, function ()
if session.type == "c2s_unauthed" then
(session.log or log)("debug", "Connection still not authenticated after c2s_timeout=%gs, closing it", c2s_timeout);
session:close("connection-timeout");
+ else
+ session.c2s_timeout = nil;
end
end);
end
@@ -426,7 +461,7 @@ module:hook("c2s-read-timeout", keepalive, -1);
module:hook("server-stopping", function(event) -- luacheck: ignore 212/event
-- Close ports
- local pm = require "core.portmanager";
+ local pm = require "prosody.core.portmanager";
for _, netservice in pairs(module.items["net-provider"]) do
pm.unregister_service(netservice.name, netservice);
end