search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mod_c2s: Do not allow the stream 'to' to change across stream restarts (fixes #1147)
[prosody.git] / plugins / mod_c2s.lua
blob2848f92f3b4173ebae5c541606840e15d4d55cdc
1 -- Prosody IM
2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
4 --
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
7 --
8
9 module:set_global();
10
11 local add_task = require "util.timer".add_task;
12 local new_xmpp_stream = require "util.xmppstream".new;
13 local nameprep = require "util.encodings".stringprep.nameprep;
14 local sessionmanager = require "core.sessionmanager";
15 local st = require "util.stanza";
16 local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session;
17 local uuid_generate = require "util.uuid".generate;
18
19 local xpcall, tostring, type = xpcall, tostring, type;
20 local traceback = debug.traceback;
21
22 local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
23
24 local log = module._log;
25
26 local c2s_timeout = module:get_option_number("c2s_timeout");
27 local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5);
28 local opt_keepalives = module:get_option_boolean("c2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true));
29
30 local sessions = module:shared("sessions");
31 local core_process_stanza = prosody.core_process_stanza;
32 local hosts = prosody.hosts;
33
34 local stream_callbacks = { default_ns = "jabber:client", handlestanza = core_process_stanza };
35 local listener = {};
36
37 --- Stream events handlers
38 local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
39 local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" };
40
41 function stream_callbacks.streamopened(session, attr)
42 local send = session.send;
43 local host = nameprep(attr.to);
44 if not host then
45 session:close{ condition = "improper-addressing",
46 text = "A valid 'to' attribute is required on stream headers" };
47 return;
48 end
49 if not session.host then
50 session.host = host;
51 elseif session.host ~= host then
52 session:close{ condition = "not-authorized",
53 text = "The 'to' attribute must remain the same across stream restarts" };
54 return;
55 end
56 session.version = tonumber(attr.version) or 0;
57 session.streamid = uuid_generate();
58 (session.log or session)("debug", "Client sent opening <stream:stream> to %s", session.host);
59
60 if not hosts[session.host] or not hosts[session.host].users then
61 -- We don't serve this host...
62 session:close{ condition = "host-unknown", text = "This server does not serve "..tostring(session.host)};
63 return;
64 end
65
66 send("<?xml version='1.0'?>"..st.stanza("stream:stream", {
67 xmlns = 'jabber:client', ["xmlns:stream"] = 'http://etherx.jabber.org/streams';
68 id = session.streamid, from = session.host, version = '1.0', ["xml:lang"] = 'en' }):top_tag());
69
70 (session.log or log)("debug", "Sent reply <stream:stream> to client");
71 session.notopen = nil;
72
73 -- If session.secure is *false* (not nil) then it means we /were/ encrypting
74 -- since we now have a new stream header, session is secured
75 if session.secure == false then
76 session.secure = true;
77
78 -- Check if TLS compression is used
79 local sock = session.conn:socket();
80 if sock.info then
81 session.compressed = sock:info"compression";
82 elseif sock.compression then
83 session.compressed = sock:compression(); --COMPAT mw/luasec-hg
84 end
85 end
86
87 local features = st.stanza("stream:features");
88 hosts[session.host].events.fire_event("stream-features", { origin = session, features = features });
89 module:fire_event("stream-features", session, features);
90
91 send(features);
92 end
93
94 function stream_callbacks.streamclosed(session)
95 session.log("debug", "Received </stream:stream>");
96 session:close(false);
97 end
98
99 function stream_callbacks.error(session, error, data)
100 if error == "no-stream" then
101 session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}")));
102 session:close("invalid-namespace");
103 elseif error == "parse-error" then
104 (session.log or log)("debug", "Client XML parse error: %s", tostring(data));
105 session:close("not-well-formed");
106 elseif error == "stream-error" then
107 local condition, text = "undefined-condition";
108 for child in data:childtags(nil, xmlns_xmpp_streams) do
109 if child.name ~= "text" then
110 condition = child.name;
111 else
112 text = child:get_text();
113 end
114 if condition ~= "undefined-condition" and text then
115 break;
116 end
117 end
118 text = condition .. (text and (" ("..text..")") or "");
119 session.log("info", "Session closed by remote with error: %s", text);
120 session:close(nil, text);
121 end
122 end
123
124 local function handleerr(err) log("error", "Traceback[c2s]: %s", traceback(tostring(err), 2)); end
125 function stream_callbacks.handlestanza(session, stanza)
126 stanza = session.filter("stanzas/in", stanza);
127 if stanza then
128 return xpcall(function () return core_process_stanza(session, stanza) end, handleerr);
129 end
130 end
131
132 --- Session methods
133 local function session_close(session, reason)
134 local log = session.log or log;
135 if session.conn then
136 if session.notopen then
137 session.send("<?xml version='1.0'?>");
138 session.send(st.stanza("stream:stream", default_stream_attr):top_tag());
139 end
140 if reason then -- nil == no err, initiated by us, false == initiated by client
141 local stream_error = st.stanza("stream:error");
142 if type(reason) == "string" then -- assume stream error
143 stream_error:tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' });
144 elseif type(reason) == "table" then
145 if reason.condition then
146 stream_error:tag(reason.condition, stream_xmlns_attr):up();
147 if reason.text then
148 stream_error:tag("text", stream_xmlns_attr):text(reason.text):up();
149 end
150 if reason.extra then
151 stream_error:add_child(reason.extra);
152 end
153 elseif reason.name then -- a stanza
154 stream_error = reason;
155 end
156 end
157 stream_error = tostring(stream_error);
158 log("debug", "Disconnecting client, <stream:error> is: %s", stream_error);
159 session.send(stream_error);
160 end
161
162 session.send("</stream:stream>");
163 function session.send() return false; end
164
165 local reason = (reason and (reason.name or reason.text or reason.condition)) or reason;
166 session.log("info", "c2s stream for %s closed: %s", session.full_jid or ("<"..session.ip..">"), reason or "session closed");
167
168 -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote
169 local conn = session.conn;
170 if reason == nil and not session.notopen and session.type == "c2s" then
171 -- Grace time to process data from authenticated cleanly-closed stream
172 add_task(stream_close_timeout, function ()
173 if not session.destroyed then
174 session.log("warn", "Failed to receive a stream close response, closing connection anyway...");
175 sm_destroy_session(session, reason);
176 conn:close();
177 end
178 end);
179 else
180 sm_destroy_session(session, reason);
181 conn:close();
182 end
183 else
184 local reason = (reason and (reason.name or reason.text or reason.condition)) or reason;
185 sm_destroy_session(session, reason);
186 end
187 end
188
189 module:hook_global("user-deleted", function(event)
190 local username, host = event.username, event.host;
191 local user = hosts[host].sessions[username];
192 if user and user.sessions then
193 for jid, session in pairs(user.sessions) do
194 session:close{ condition = "not-authorized", text = "Account deleted" };
195 end
196 end
197 end, 200);
198
199 --- Port listener
200 function listener.onconnect(conn)
201 local session = sm_new_session(conn);
202 sessions[conn] = session;
203
204 session.log("info", "Client connected");
205
206 -- Client is using legacy SSL (otherwise mod_tls sets this flag)
207 if conn:ssl() then
208 session.secure = true;
209
210 -- Check if TLS compression is used
211 local sock = conn:socket();
212 if sock.info then
213 session.compressed = sock:info"compression";
214 elseif sock.compression then
215 session.compressed = sock:compression(); --COMPAT mw/luasec-hg
216 end
217 end
218
219 if opt_keepalives then
220 conn:setoption("keepalive", opt_keepalives);
221 end
222
223 session.close = session_close;
224
225 local stream = new_xmpp_stream(session, stream_callbacks);
226 session.stream = stream;
227 session.notopen = true;
228
229 function session.reset_stream()
230 session.notopen = true;
231 session.stream:reset();
232 end
233
234 local filter = session.filter;
235 function session.data(data)
236 data = filter("bytes/in", data);
237 if data then
238 local ok, err = stream:feed(data);
239 if ok then return; end
240 log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
241 session:close("not-well-formed");
242 end
243 end
244
245
246 if c2s_timeout then
247 add_task(c2s_timeout, function ()
248 if session.type == "c2s_unauthed" then
249 session:close("connection-timeout");
250 end
251 end);
252 end
253
254 session.dispatch_stanza = stream_callbacks.handlestanza;
255 end
256
257 function listener.onincoming(conn, data)
258 local session = sessions[conn];
259 if session then
260 session.data(data);
261 end
262 end
263
264 function listener.ondisconnect(conn, err)
265 local session = sessions[conn];
266 if session then
267 (session.log or log)("info", "Client disconnected: %s", err or "connection closed");
268 sm_destroy_session(session, err);
269 session.conn = nil;
270 sessions[conn] = nil;
271 end
272 end
273
274 function listener.associate_session(conn, session)
275 sessions[conn] = session;
276 end
277
278 function listener.ondetach(conn)
279 sessions[conn] = nil;
280 end
281
282 module:hook("server-stopping", function(event)
283 local reason = event.reason;
284 for _, session in pairs(sessions) do
285 session:close{ condition = "system-shutdown", text = reason };
286 end
287 end, -100);
288
289
290
291 module:provides("net", {
292 name = "c2s";
293 listener = listener;
294 default_port = 5222;
295 encryption = "starttls";
296 multiplex = {
297 pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:client%1.*>";
298 };
299 });
300
301 module:provides("net", {
302 name = "legacy_ssl";
303 listener = listener;
304 encryption = "ssl";
305 multiplex = {
306 pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:client%1.*>";
307 };
308 });
309
310
Prosody is a modern XMPP communication server.