From 2e3f198799b27ea3b6d5a9e90b08bff23c42ac62 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 28 May 2013 16:10:22 +0100 Subject: mod_s2s: Remove unnecessary debug message --- plugins/mod_s2s/mod_s2s.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 5a2af968..ab5b7232 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -616,7 +616,6 @@ function listener.ondisconnect(conn, err) if err and session.direction == "outgoing" and session.notopen then (session.log or log)("debug", "s2s connection attempt failed: %s", err); if s2sout.attempt_connection(session, err) then - (session.log or log)("debug", "...so we're going to try another target"); return; -- Session lives for now end end -- cgit v1.2.3 From 8d85647c37f3b1fd49e0d639d5646745672391bd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 30 May 2013 14:32:40 +0200 Subject: mod_c2s, mod_c2s: Send a whitespace on read timeout, to prod TCP into detecting if the connection died --- plugins/mod_s2s/mod_s2s.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index ab5b7232..309940cf 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -624,6 +624,13 @@ function listener.ondisconnect(conn, err) end end +function listener.onreadtimeout(conn) + local session = sessions[conn]; + if session then + return session.sends2s(' '); + end +end + function listener.register_outgoing(conn, session) session.direction = "outgoing"; sessions[conn] = session; -- cgit v1.2.3 From a6d4b7ca4d2b039273c693d8c08844ef02b744c5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 9 Jun 2013 12:54:10 +0200 Subject: mod_s2s: Set s2s_session.ip --- plugins/mod_s2s/mod_s2s.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 309940cf..bce617ca 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -590,6 +590,7 @@ function listener.onconnect(conn) else -- Outgoing session connected session:open_stream(session.from_host, session.to_host); end + session.ip = conn:ip(); end function listener.onincoming(conn, data) -- cgit v1.2.3 From 4c9866805e69426b720586141c73d94fc4a54cd5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 11 Jun 2013 21:36:15 +0200 Subject: mod_c2s, mod_s2s: Fire an event on read timeouts --- plugins/mod_s2s/mod_s2s.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index bce617ca..5e50e88b 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -135,6 +135,10 @@ function route_to_new_session(event) return true; end +local function keepalive(event) + return event.session.sends2s(' '); +end + function module.add_host(module) if module:get_option_boolean("disallow_s2s", false) then module:log("warn", "The 'disallow_s2s' config option is deprecated, please see http://prosody.im/doc/s2s#disabling"); @@ -143,6 +147,7 @@ function module.add_host(module) module:hook("route/remote", route_to_existing_session, -1); module:hook("route/remote", route_to_new_session, -10); module:hook("s2s-authenticated", make_authenticated, -1); + module:hook("s2s-read-timeout", keepalive, -1); end -- Stream is authorised, and ready for normal stanzas @@ -628,7 +633,7 @@ end function listener.onreadtimeout(conn) local session = sessions[conn]; if session then - return session.sends2s(' '); + return (hosts[session.host] or prosody).events.fire_event("s2s-read-timeout", { session = session }); end end -- cgit v1.2.3 From 74d66c5aef7a842ddc13a87745c86b8250173655 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 26 Jun 2013 13:35:38 +0200 Subject: mod_s2s: Add missing global hook for read-timeout --- plugins/mod_s2s/mod_s2s.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 5e50e88b..01fac4d2 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -139,6 +139,8 @@ local function keepalive(event) return event.session.sends2s(' '); end +module:hook("s2s-read-timeout", keepalive, -1); + function module.add_host(module) if module:get_option_boolean("disallow_s2s", false) then module:log("warn", "The 'disallow_s2s' config option is deprecated, please see http://prosody.im/doc/s2s#disabling"); -- cgit v1.2.3 From 0c6c0e9c294d9b3b757cf853facaf845087f17ae Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 2 Aug 2013 15:12:24 +0200 Subject: mod_c2s, mod_s2s: Log a message that stream encryption has been enabled with some details --- plugins/mod_s2s/mod_s2s.lua | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 01fac4d2..b6614d2f 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -283,12 +283,15 @@ function stream_callbacks.streamopened(session, attr) if session.secure == false then session.secure = true; - -- Check if TLS compression is used local sock = session.conn:socket(); if sock.info then - session.compressed = sock:info"compression"; - elseif sock.compression then - session.compressed = sock:compression(); --COMPAT mw/luasec-hg + local info = sock:info(); + (session.log or log)("info", "Stream encrypted (%s) with %s, authenticated with %s and exchanged keys with %s", + info.protocol, info.encryption, info.authentication, info.key); + session.compressed = info.compression; + else + (session.log or log)("info", "Stream encrypted"); + session.compressed = sock.compression and sock:compression(); --COMPAT mw/luasec-hg end end -- cgit v1.2.3 From 1d833bb80779ed9c9e1d7ec6c7fab231ebf48182 Mon Sep 17 00:00:00 2001 From: Florian Zeitz Date: Fri, 9 Aug 2013 17:48:21 +0200 Subject: Remove all trailing whitespace --- plugins/mod_s2s/mod_s2s.lua | 48 +++++++++++++++++++++--------------------- plugins/mod_s2s/s2sout.lib.lua | 26 +++++++++++------------ 2 files changed, 37 insertions(+), 37 deletions(-) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index c628dc47..d64a02ac 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -1,7 +1,7 @@ -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -155,9 +155,9 @@ end -- Stream is authorised, and ready for normal stanzas function mark_connected(session) local sendq, send = session.sendq, session.sends2s; - + local from, to = session.from_host, session.to_host; - + session.log("info", "%s s2s connection %s->%s complete", session.direction, from, to); local event_data = { session = session }; @@ -173,7 +173,7 @@ function mark_connected(session) fire_global_event("s2sin-established", event_data); hosts[to].events.fire_event("s2sin-established", event_data); end - + if session.direction == "outgoing" then if sendq then session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host); @@ -183,7 +183,7 @@ function mark_connected(session) end session.sendq = nil; end - + session.ip_hosts = nil; session.srv_hosts = nil; end @@ -218,9 +218,9 @@ function make_authenticated(event) return false; end session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host); - + mark_connected(session); - + return true; end @@ -277,9 +277,9 @@ local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; function stream_callbacks.streamopened(session, attr) local send = session.sends2s; - + session.version = tonumber(attr.version) or 0; - + -- TODO: Rename session.secure to session.encrypted if session.secure == false then session.secure = true; @@ -298,7 +298,7 @@ function stream_callbacks.streamopened(session, attr) if session.direction == "incoming" then -- Send a reply stream header - + -- Validate to/from local to, from = nameprep(attr.to), nameprep(attr.from); if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts) @@ -309,7 +309,7 @@ function stream_callbacks.streamopened(session, attr) session:close({ condition = "improper-addressing", text = "Invalid 'from' address" }); return; end - + -- Set session.[from/to]_host if they have not been set already and if -- this session isn't already authenticated if session.type == "s2sin_unauthed" and from and not session.from_host then @@ -324,10 +324,10 @@ function stream_callbacks.streamopened(session, attr) session:close({ condition = "improper-addressing", text = "New stream 'to' attribute does not match original" }); return; end - + -- For convenience we'll put the sanitised values into these variables to, from = session.to_host, session.from_host; - + session.streamid = uuid_gen(); (session.log or log)("debug", "Incoming s2s received %s", st.stanza("stream:stream", attr):top_tag()); if to then @@ -362,13 +362,13 @@ function stream_callbacks.streamopened(session, attr) session:open_stream(session.to_host, session.from_host) if session.version >= 1.0 then local features = st.stanza("stream:features"); - + if to then hosts[to].events.fire_event("s2s-stream-features", { origin = session, features = features }); else (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or "unknown host"); end - + log("debug", "Sending stream features: %s", tostring(features)); send(features); end @@ -396,7 +396,7 @@ function stream_callbacks.streamopened(session, attr) end end session.send_buffer = nil; - + -- If server is pre-1.0, don't wait for features, just do dialback if session.version < 1.0 then if not session.dialback_verifying then @@ -489,10 +489,10 @@ local function session_close(session, reason, remote_reason) session.sends2s(""); function session.sends2s() return false; end - + local reason = remote_reason or (reason and (reason.text or reason.condition)) or reason; session.log("info", "%s s2s stream %s->%s closed: %s", session.direction, session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed"); - + -- Authenticated incoming stream may still be sending us stanzas, so wait for from remote local conn = session.conn; if reason == nil and not session.notopen and session.type == "s2sin" then @@ -532,16 +532,16 @@ end local function initialize_session(session) local stream = new_xmpp_stream(session, stream_callbacks); session.stream = stream; - + session.notopen = true; - + function session.reset_stream() session.notopen = true; session.stream:reset(); end session.open_stream = session_open_stream; - + local filter = session.filter; function session.data(data) data = filter("bytes/in", data); @@ -596,7 +596,7 @@ function listener.onconnect(conn) end end end - + initialize_session(session); else -- Outgoing session connected session:open_stream(session.from_host, session.to_host); @@ -610,7 +610,7 @@ function listener.onincoming(conn, data) session.data(data); end end - + function listener.onstatus(conn, status) if status == "ssl-handshake-complete" then local session = sessions[conn]; @@ -658,7 +658,7 @@ function check_auth_policy(event) elseif must_secure and insecure_domains[host] then must_secure = false; end - + if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host); if session.direction == "incoming" then diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index 575d37ac..10ee4f0e 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -1,7 +1,7 @@ -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -47,14 +47,14 @@ end function s2sout.initiate_connection(host_session) initialize_filters(host_session); host_session.version = 1; - + -- Kick the connection attempting machine into life if not s2sout.attempt_connection(host_session) then -- Intentionally not returning here, the -- session is needed, connected or not s2s_destroy_session(host_session); end - + if not host_session.sends2s then -- A sends2s which buffers data (until the stream is opened) -- note that data in this buffer will be sent before the stream is authed @@ -75,11 +75,11 @@ end function s2sout.attempt_connection(host_session, err) local to_host = host_session.to_host; local connect_host, connect_port = to_host and idna_to_ascii(to_host), 5269; - + if not connect_host then return false; end - + if not err then -- This is our first attempt log("debug", "First attempt to connect to %s, starting with SRV lookup...", to_host); host_session.connecting = true; @@ -100,7 +100,7 @@ function s2sout.attempt_connection(host_session, err) return; end t_sort(srv_hosts, compare_srv_priorities); - + local srv_choice = srv_hosts[1]; host_session.srv_choice = 1; if srv_choice then @@ -119,7 +119,7 @@ function s2sout.attempt_connection(host_session, err) end end end, "_xmpp-server._tcp."..connect_host..".", "SRV"); - + return true; -- Attempt in progress elseif host_session.ip_hosts then return s2sout.try_connect(host_session, connect_host, connect_port, err); @@ -133,7 +133,7 @@ function s2sout.attempt_connection(host_session, err) -- We're out of options return false; end - + if not (connect_host and connect_port) then -- Likely we couldn't resolve DNS log("warn", "Hmm, we're without a host (%s) and port (%s) to connect to for %s, giving up :(", tostring(connect_host), tostring(connect_port), tostring(to_host)); @@ -280,7 +280,7 @@ function s2sout.make_connect(host_session, connect_host, connect_port) else handler = "Unsupported protocol: "..tostring(proto); end - + if not conn then log("warn", "Failed to create outgoing connection, system error: %s", handler); return false, handler; @@ -292,10 +292,10 @@ function s2sout.make_connect(host_session, connect_host, connect_port) log("warn", "s2s connect() to %s (%s:%d) failed: %s", host_session.to_host, connect_host.addr, connect_port, err); return false, err; end - + conn = wrapclient(conn, connect_host.addr, connect_port, s2s_listener, "*a"); host_session.conn = conn; - + local filter = initialize_filters(host_session); local w, log = conn.write, host_session.log; host_session.sends2s = function (t) @@ -310,11 +310,11 @@ function s2sout.make_connect(host_session, connect_host, connect_port) end end end - + -- Register this outgoing connection so that xmppserver_listener knows about it -- otherwise it will assume it is a new incoming connection s2s_listener.register_outgoing(conn, host_session); - + log("debug", "Connection attempt in progress..."); return true; end -- cgit v1.2.3 From 2666d8e8e7b2cdbad8d61caf1351d24782c0da74 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 14 Aug 2013 00:18:39 +0100 Subject: mod_s2s/s2sout.lib: Improve error message logged at 'info' level when failing to connect to a host. Now 'Failed in all attempts to connect to XYZ' --- plugins/mod_s2s/s2sout.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index 10ee4f0e..9500cac7 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -129,7 +129,7 @@ function s2sout.attempt_connection(host_session, err) connect_host, connect_port = srv_choice.target or to_host, srv_choice.port or connect_port; host_session.log("info", "Connection failed (%s). Attempt #%d: This time to %s:%d", tostring(err), host_session.srv_choice, connect_host, connect_port); else - host_session.log("info", "Out of connection options, can't connect to %s", tostring(host_session.to_host)); + host_session.log("info", "Failed in all attempts to connect to %s", tostring(host_session.to_host)); -- We're out of options return false; end -- cgit v1.2.3 From b21a19359832f4007ae3a713d89f4b3779bcd297 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 14 Aug 2013 14:44:56 +0200 Subject: mod_s2s: Lower "Beginning new connection attempt" message from info to debug level --- plugins/mod_s2s/s2sout.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index 9500cac7..ec8ea4d4 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -265,7 +265,7 @@ function s2sout.try_connect(host_session, connect_host, connect_port, err) end function s2sout.make_connect(host_session, connect_host, connect_port) - (host_session.log or log)("info", "Beginning new connection attempt to %s ([%s]:%d)", host_session.to_host, connect_host.addr, connect_port); + (host_session.log or log)("debug", "Beginning new connection attempt to %s ([%s]:%d)", host_session.to_host, connect_host.addr, connect_port); -- Reset secure flag in case this is another -- connection attempt after a failed STARTTLS -- cgit v1.2.3 From 1764b9fba374409db402ab96190c9b4cd5db112b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 14 Aug 2013 14:53:50 +0200 Subject: mod_s2s: Captitalize log messages that begin with a stream direction --- plugins/mod_s2s/mod_s2s.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index d64a02ac..331e99f1 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -158,7 +158,7 @@ function mark_connected(session) local from, to = session.from_host, session.to_host; - session.log("info", "%s s2s connection %s->%s complete", session.direction, from, to); + session.log("info", "%s s2s connection %s->%s complete", session.direction:gsub("^.", string.upper), from, to); local event_data = { session = session }; if session.type == "s2sout" then @@ -491,7 +491,7 @@ local function session_close(session, reason, remote_reason) function session.sends2s() return false; end local reason = remote_reason or (reason and (reason.text or reason.condition)) or reason; - session.log("info", "%s s2s stream %s->%s closed: %s", session.direction, session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed"); + session.log("info", "%s s2s stream %s->%s closed: %s", session.direction:gsub("^.", string.upper), session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed"); -- Authenticated incoming stream may still be sending us stanzas, so wait for from remote local conn = session.conn; -- cgit v1.2.3 From 938d568ac476bb73e83b8ee44ba61c23f29557a8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 14 Aug 2013 15:00:36 +0200 Subject: mod_c2s, mod_s2s: Log cipher and encryption info in a more compact and (hopefully) less confusing way --- plugins/mod_s2s/mod_s2s.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 331e99f1..1d03f3e4 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -287,8 +287,7 @@ function stream_callbacks.streamopened(session, attr) local sock = session.conn:socket(); if sock.info then local info = sock:info(); - (session.log or log)("info", "Stream encrypted (%s) with %s, authenticated with %s and exchanged keys with %s", - info.protocol, info.encryption, info.authentication, info.key); + (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); session.compressed = info.compression; else (session.log or log)("info", "Stream encrypted"); -- cgit v1.2.3 From 5178a1e79fed67890c26d0f9a052c70b6a36b5a6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 7 Oct 2013 12:43:00 +0200 Subject: mod_c2s, mod_s2s: Set session.encrypted as session.secure does not allways mean encrypted (eg consider_bosh_secure) --- plugins/mod_s2s/mod_s2s.lua | 1 + plugins/mod_s2s/s2sout.lib.lua | 1 + 2 files changed, 2 insertions(+) (limited to 'plugins/mod_s2s') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 1d03f3e4..5afb958c 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -283,6 +283,7 @@ function stream_callbacks.streamopened(session, attr) -- TODO: Rename session.secure to session.encrypted if session.secure == false then session.secure = true; + session.encrypted = true; local sock = session.conn:socket(); if sock.info then diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index ec8ea4d4..dbbef360 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -270,6 +270,7 @@ function s2sout.make_connect(host_session, connect_host, connect_port) -- Reset secure flag in case this is another -- connection attempt after a failed STARTTLS host_session.secure = nil; + host_session.encrypted = nil; local conn, handler; local proto = connect_host.proto; -- cgit v1.2.3