search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mod_csi_simple: Consider messages encrypted payload as important (fixes part of ...
[prosody.git] / plugins / mod_component.lua
blobb41204a22281b09f52989ec72606d1605fe909b4
1 -- Prosody IM
2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
4 --
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
7 --
8
9 module:set_global();
10
11 local t_concat = table.concat;
12 local tostring, type = tostring, type;
13 local xpcall = require "util.xpcall".xpcall;
14 local traceback = debug.traceback;
15
16 local logger = require "util.logger";
17 local sha1 = require "util.hashes".sha1;
18 local st = require "util.stanza";
19
20 local jid_split = require "util.jid".split;
21 local new_xmpp_stream = require "util.xmppstream".new;
22 local uuid_gen = require "util.uuid".generate;
23
24 local core_process_stanza = prosody.core_process_stanza;
25 local hosts = prosody.hosts;
26
27 local log = module._log;
28
29 local opt_keepalives = module:get_option_boolean("component_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true));
30
31 local sessions = module:shared("sessions");
32
33 local function keepalive(event)
34 local session = event.session;
35 if not session.notopen then
36 return event.session.send(' ');
37 end
38 end
39
40 function module.add_host(module)
41 if module:get_host_type() ~= "component" then
42 error("Don't load mod_component manually, it should be for a component, please see https://prosody.im/doc/components", 0);
43 end
44
45 local env = module.environment;
46 env.connected = false;
47 env.session = false;
48
49 local send;
50
51 local function on_destroy(session, err) --luacheck: ignore 212/err
52 env.connected = false;
53 env.session = false;
54 send = nil;
55 session.on_destroy = nil;
56 end
57
58 -- Handle authentication attempts by component
59 local function handle_component_auth(event)
60 local session, stanza = event.origin, event.stanza;
61
62 if session.type ~= "component_unauthed" then return; end
63
64 if (not session.host) or #stanza.tags > 0 then
65 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host);
66 session:close("not-authorized");
67 return true;
68 end
69
70 local secret = module:get_option_string("component_secret");
71 if not secret then
72 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host);
73 session:close("not-authorized");
74 return true;
75 end
76
77 local supplied_token = t_concat(stanza);
78 local calculated_token = sha1(session.streamid..secret, true);
79 if supplied_token:lower() ~= calculated_token:lower() then
80 module:log("info", "Component authentication failed for %s", session.host);
81 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" };
82 return true;
83 end
84
85 if env.connected then
86 local policy = module:get_option_string("component_conflict_resolve", "kick_new");
87 if policy == "kick_old" then
88 env.session:close{ condition = "conflict", text = "Replaced by a new connection" };
89 else -- kick_new
90 module:log("error", "Second component attempted to connect, denying connection");
91 session:close{ condition = "conflict", text = "Component already connected" };
92 return true;
93 end
94 end
95
96 env.connected = true;
97 env.session = session;
98 send = session.send;
99 session.on_destroy = on_destroy;
100 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true);
101 session.type = "component";
102 module:log("info", "External component successfully authenticated");
103 session.send(st.stanza("handshake"));
104 module:fire_event("component-authenticated", { session = session });
105
106 return true;
107 end
108 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, -1);
109
110 -- Handle stanzas addressed to this component
111 local function handle_stanza(event)
112 local stanza = event.stanza;
113 if send then
114 stanza.attr.xmlns = nil;
115 send(stanza);
116 else
117 if stanza.name == "iq" and stanza.attr.type == "get" and stanza.attr.to == module.host then
118 local query = stanza.tags[1];
119 local node = query.attr.node;
120 if query.name == "query" and query.attr.xmlns == "http://jabber.org/protocol/disco#info" and (not node or node == "") then
121 local name = module:get_option_string("name");
122 if name then
123 local reply = st.reply(stanza):tag("query", { xmlns = "http://jabber.org/protocol/disco#info" })
124 :tag("identity", { category = "component", type = "generic", name = module:get_option_string("name", "Prosody") }):up()
125 :tag("feature", { var = "http://jabber.org/protocol/disco#info" }):up();
126 event.origin.send(reply);
127 return true;
128 end
129 end
130 end
131 module:log("warn", "Component not connected, bouncing error for: %s", stanza:top_tag());
132 if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then
133 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable"));
134 end
135 end
136 return true;
137 end
138
139 module:hook("iq/bare", handle_stanza, -1);
140 module:hook("message/bare", handle_stanza, -1);
141 module:hook("presence/bare", handle_stanza, -1);
142 module:hook("iq/full", handle_stanza, -1);
143 module:hook("message/full", handle_stanza, -1);
144 module:hook("presence/full", handle_stanza, -1);
145 module:hook("iq/host", handle_stanza, -1);
146 module:hook("message/host", handle_stanza, -1);
147 module:hook("presence/host", handle_stanza, -1);
148
149 module:hook("component-read-timeout", keepalive, -1);
150 end
151
152 module:hook("component-read-timeout", keepalive, -1);
153
154 --- Network and stream part ---
155
156 local xmlns_component = 'jabber:component:accept';
157
158 local listener = {};
159
160 --- Callbacks/data for xmppstream to handle streams for us ---
161
162 local stream_callbacks = { default_ns = xmlns_component };
163
164 local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
165
166 function stream_callbacks.error(session, error, data)
167 if session.destroyed then return; end
168 module:log("warn", "Error processing component stream: %s", tostring(error));
169 if error == "no-stream" then
170 session:close("invalid-namespace");
171 elseif error == "parse-error" then
172 session.log("warn", "External component %s XML parse error: %s", tostring(session.host), tostring(data));
173 session:close("not-well-formed");
174 elseif error == "stream-error" then
175 local condition, text = "undefined-condition";
176 for child in data:childtags(nil, xmlns_xmpp_streams) do
177 if child.name ~= "text" then
178 condition = child.name;
179 else
180 text = child:get_text();
181 end
182 if condition ~= "undefined-condition" and text then
183 break;
184 end
185 end
186 text = condition .. (text and (" ("..text..")") or "");
187 session.log("info", "Session closed by remote with error: %s", text);
188 session:close(nil, text);
189 end
190 end
191
192 function stream_callbacks.streamopened(session, attr)
193 if not hosts[attr.to] or not hosts[attr.to].modules.component then
194 session:close{ condition = "host-unknown", text = tostring(attr.to).." does not match any configured external components" };
195 return;
196 end
197 session.host = attr.to;
198 session.streamid = uuid_gen();
199 session.notopen = nil;
200 -- Return stream header
201 session:open_stream();
202 end
203
204 function stream_callbacks.streamclosed(session)
205 session.log("debug", "Received </stream:stream>");
206 session:close();
207 end
208
209 local function handleerr(err) log("error", "Traceback[component]: %s", traceback(tostring(err), 2)); end
210 function stream_callbacks.handlestanza(session, stanza)
211 -- Namespaces are icky.
212 if not stanza.attr.xmlns and stanza.name == "handshake" then
213 stanza.attr.xmlns = xmlns_component;
214 end
215 if not stanza.attr.xmlns or stanza.attr.xmlns == "jabber:client" then
216 local from = stanza.attr.from;
217 if from then
218 if session.component_validate_from then
219 local _, domain = jid_split(stanza.attr.from);
220 if domain ~= session.host then
221 -- Return error
222 session.log("warn", "Component sent stanza with missing or invalid 'from' address");
223 session:close{
224 condition = "invalid-from";
225 text = "Component tried to send from address <"..tostring(from)
226 .."> which is not in domain <"..tostring(session.host)..">";
227 };
228 return;
229 end
230 end
231 else
232 stanza.attr.from = session.host; -- COMPAT: Strictly we shouldn't allow this
233 end
234 if not stanza.attr.to then
235 session.log("warn", "Rejecting stanza with no 'to' address");
236 session.send(st.error_reply(stanza, "modify", "bad-request", "Components MUST specify a 'to' address on stanzas"));
237 return;
238 end
239 end
240
241 if stanza then
242 return xpcall(core_process_stanza, handleerr, session, stanza);
243 end
244 end
245
246 --- Closing a component connection
247 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
248 local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" };
249 local function session_close(session, reason)
250 if session.destroyed then return; end
251 if session.conn then
252 if session.notopen then
253 session.send("<?xml version='1.0'?>");
254 session.send(st.stanza("stream:stream", default_stream_attr):top_tag());
255 end
256 if reason then
257 if type(reason) == "string" then -- assume stream error
258 module:log("info", "Disconnecting component, <stream:error> is: %s", reason);
259 session.send(st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }));
260 elseif type(reason) == "table" then
261 if reason.condition then
262 local stanza = st.stanza("stream:error"):tag(reason.condition, stream_xmlns_attr):up();
263 if reason.text then
264 stanza:tag("text", stream_xmlns_attr):text(reason.text):up();
265 end
266 if reason.extra then
267 stanza:add_child(reason.extra);
268 end
269 module:log("info", "Disconnecting component, <stream:error> is: %s", tostring(stanza));
270 session.send(stanza);
271 elseif reason.name then -- a stanza
272 module:log("info", "Disconnecting component, <stream:error> is: %s", tostring(reason));
273 session.send(reason);
274 end
275 end
276 end
277 session.send("</stream:stream>");
278 session.conn:close();
279 listener.ondisconnect(session.conn, "stream error");
280 end
281 end
282
283 --- Component connlistener
284
285 function listener.onconnect(conn)
286 local _send = conn.write;
287 local session = { type = "component_unauthed", conn = conn, send = function (data) return _send(conn, tostring(data)); end };
288
289 -- Logging functions --
290 local conn_name = "jcp"..tostring(session):match("[a-f0-9]+$");
291 session.log = logger.init(conn_name);
292 session.close = session_close;
293
294 if opt_keepalives then
295 conn:setoption("keepalive", opt_keepalives);
296 end
297
298 session.log("info", "Incoming Jabber component connection");
299
300 local stream = new_xmpp_stream(session, stream_callbacks);
301 session.stream = stream;
302
303 session.notopen = true;
304
305 function session.reset_stream()
306 session.notopen = true;
307 session.stream:reset();
308 end
309
310 function session.data(_, data)
311 local ok, err = stream:feed(data);
312 if ok then return; end
313 module:log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
314 session:close("not-well-formed");
315 end
316
317 session.dispatch_stanza = stream_callbacks.handlestanza;
318
319 sessions[conn] = session;
320 end
321 function listener.onincoming(conn, data)
322 local session = sessions[conn];
323 session.data(conn, data);
324 end
325 function listener.ondisconnect(conn, err)
326 local session = sessions[conn];
327 if session then
328 (session.log or log)("info", "component disconnected: %s (%s)", tostring(session.host), tostring(err));
329 if session.host then
330 module:context(session.host):fire_event("component-disconnected", { session = session, reason = err });
331 end
332 if session.on_destroy then session:on_destroy(err); end
333 sessions[conn] = nil;
334 for k in pairs(session) do
335 if k ~= "log" and k ~= "close" then
336 session[k] = nil;
337 end
338 end
339 session.destroyed = true;
340 end
341 end
342
343 function listener.ondetach(conn)
344 sessions[conn] = nil;
345 end
346
347 function listener.onreadtimeout(conn)
348 local session = sessions[conn];
349 if session then
350 return (hosts[session.host] or prosody).events.fire_event("component-read-timeout", { session = session });
351 end
352 end
353
354 module:provides("net", {
355 name = "component";
356 private = true;
357 listener = listener;
358 default_port = 5347;
359 multiplex = {
360 pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:component:accept%1.*>";
361 };
362 });
Prosody is a modern XMPP communication server.