From 1158b940357cb909afde16a1d26a44e1c6de8240 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sun, 11 May 2014 18:51:08 +0200
Subject: mod_admin_telnet: Add s2s:show_tls() for showing ciphers used on s2s
 connections

---
 plugins/mod_admin_telnet.lua | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua
index db7c3425..4bf939e9 100644
--- a/plugins/mod_admin_telnet.lua
+++ b/plugins/mod_admin_telnet.lua
@@ -223,6 +223,7 @@ function commands.help(session, data)
 		print [[c2s:close(jid) - Close all sessions for the specified JID]]
 	elseif section == "s2s" then
 		print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]]
+		print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]]
 		print [[s2s:close(from, to) - Close a connection from one domain to another]]
 		print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]]
 	elseif section == "module" then
@@ -517,6 +518,22 @@ local function session_flags(session, line)
 	return table.concat(line, " ");
 end
 
+local function tls_info(session, line)
+	line = line or {};
+	if session.secure then
+		local sock = session.conn and session.conn.socket and session.conn:socket();
+		if sock and sock.info then
+			local info = sock:info();
+			line[#line+1] = ("(%s with %s)"):format(info.protocol, info.cipher);
+		else
+			line[#line+1] = "(cipher info unavailable)";
+		end
+	else
+		line[#line+1] = "(insecure)";
+	end
+	return table.concat(line, " ");
+end
+
 def_env.c2s = {};
 
 local function show_c2s(callback)
@@ -591,8 +608,9 @@ end
 
 
 def_env.s2s = {};
-function def_env.s2s:show(match_jid)
+function def_env.s2s:show(match_jid, annotate)
 	local print = self.session.print;
+	annotate = annotate or session_flags;
 
 	local count_in, count_out = 0,0;
 	local s2s_list = { };
@@ -610,7 +628,7 @@ function def_env.s2s:show(match_jid)
 			remotehost, localhost = session.from_host or "?", session.to_host or "?";
 		end
 		local sess_lines = { l = localhost, r = remotehost,
-			session_flags(session, { "", direction, remotehost or "?",
+			annotate(session, { "", direction, remotehost or "?",
 				"["..session.type..tostring(session):match("[a-f0-9]*$").."]" })};
 
 		if (not match_jid) or remotehost:match(match_jid) or localhost:match(match_jid) then
@@ -666,6 +684,10 @@ function def_env.s2s:show(match_jid)
 	return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections";
 end
 
+function def_env.s2s:show_tls(match_jid)
+	return self:show(match_jid, tls_info);
+end
+
 local function print_subject(print, subject)
 	for _, entry in ipairs(subject) do
 		print(
-- 
cgit v1.2.3