2016-12-11 16:24:51 +01:00
|
|
|
%%%-------------------------------------------------------------------
|
|
|
|
|
%%% Created : 11 Dec 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
|
|
|
|
%%%
|
2016-01-13 12:29:14 +01:00
|
|
|
%%% ejabberd, Copyright (C) 2002-2016 ProcessOne
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
|
|
|
|
%%% This program is free software; you can redistribute it and/or
|
|
|
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
|
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
|
|
|
%%% License, or (at your option) any later version.
|
|
|
|
|
%%%
|
|
|
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
|
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
%%% General Public License for more details.
|
2009-01-12 15:44:42 +01:00
|
|
|
%%%
|
2014-02-22 11:27:40 +01:00
|
|
|
%%% You should have received a copy of the GNU General Public License along
|
|
|
|
|
%%% with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%-------------------------------------------------------------------
|
2003-01-07 20:10:35 +01:00
|
|
|
-module(ejabberd_service).
|
2016-12-11 16:24:51 +01:00
|
|
|
-behaviour(xmpp_stream_in).
|
2015-06-01 14:38:27 +02:00
|
|
|
-behaviour(ejabberd_config).
|
2016-12-28 07:47:11 +01:00
|
|
|
-behaviour(ejabberd_socket).
|
2015-06-01 14:38:27 +02:00
|
|
|
|
2015-05-21 17:02:36 +02:00
|
|
|
-protocol({xep, 114, '1.6'}).
|
|
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
%% ejabberd_socket callbacks
|
2016-12-28 07:47:11 +01:00
|
|
|
-export([start/2, start_link/2, socket_type/0]).
|
2016-12-11 16:24:51 +01:00
|
|
|
%% ejabberd_config callbacks
|
|
|
|
|
-export([opt_type/1, transform_listen_option/2]).
|
|
|
|
|
%% xmpp_stream_in callbacks
|
2016-12-28 07:47:11 +01:00
|
|
|
-export([init/1, handle_info/2, terminate/2, code_change/3]).
|
|
|
|
|
-export([handle_stream_start/2, handle_auth_success/4, handle_auth_failure/4,
|
|
|
|
|
handle_authenticated_packet/2, get_password_fun/1]).
|
2016-12-11 16:24:51 +01:00
|
|
|
%% API
|
|
|
|
|
-export([send/2]).
|
2003-01-07 20:10:35 +01:00
|
|
|
|
|
|
|
|
-include("ejabberd.hrl").
|
2016-07-27 09:45:08 +02:00
|
|
|
-include("xmpp.hrl").
|
2016-12-11 16:24:51 +01:00
|
|
|
-include("logger.hrl").
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
-type state() :: map().
|
2016-12-28 07:47:11 +01:00
|
|
|
-export_type([state/0]).
|
2016-12-11 16:24:51 +01:00
|
|
|
|
|
|
|
|
%%%===================================================================
|
2003-01-07 20:10:35 +01:00
|
|
|
%%% API
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%===================================================================
|
2003-07-20 22:35:35 +02:00
|
|
|
start(SockData, Opts) ->
|
2016-12-11 16:24:51 +01:00
|
|
|
xmpp_stream_in:start(?MODULE, [SockData, Opts],
|
2016-12-28 07:47:11 +01:00
|
|
|
ejabberd_config:fsm_limit_opts(Opts)).
|
|
|
|
|
|
|
|
|
|
start_link(SockData, Opts) ->
|
|
|
|
|
xmpp_stream_in:start_link(?MODULE, [SockData, Opts],
|
|
|
|
|
ejabberd_config:fsm_limit_opts(Opts)).
|
2003-07-20 22:35:35 +02:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
socket_type() ->
|
|
|
|
|
xml_stream.
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
-spec send(pid(), xmpp_element()) -> ok;
|
|
|
|
|
(state(), xmpp_element()) -> state().
|
|
|
|
|
send(Stream, Pkt) ->
|
|
|
|
|
xmpp_stream_in:send(Stream, Pkt).
|
2006-09-25 05:51:11 +02:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%===================================================================
|
|
|
|
|
%%% xmpp_stream_in callbacks
|
|
|
|
|
%%%===================================================================
|
2016-12-28 07:47:11 +01:00
|
|
|
init([State, Opts]) ->
|
2016-12-11 16:24:51 +01:00
|
|
|
Access = gen_mod:get_opt(access, Opts, fun acl:access_rules_validator/1, all),
|
|
|
|
|
Shaper = gen_mod:get_opt(shaper_rule, Opts, fun acl:shaper_rules_validator/1, none),
|
2015-11-28 15:38:10 +01:00
|
|
|
HostOpts = case lists:keyfind(hosts, 1, Opts) of
|
|
|
|
|
{hosts, HOpts} ->
|
|
|
|
|
lists:foldl(
|
|
|
|
|
fun({H, Os}, D) ->
|
|
|
|
|
P = proplists:get_value(
|
|
|
|
|
password, Os,
|
2016-10-18 07:17:21 +02:00
|
|
|
p1_sha:sha(randoms:bytes(20))),
|
2015-11-28 15:38:10 +01:00
|
|
|
dict:store(H, P, D)
|
|
|
|
|
end, dict:new(), HOpts);
|
|
|
|
|
false ->
|
|
|
|
|
Pass = proplists:get_value(
|
|
|
|
|
password, Opts,
|
2016-10-18 07:17:21 +02:00
|
|
|
p1_sha:sha(randoms:bytes(20))),
|
2015-11-28 15:38:10 +01:00
|
|
|
dict:from_list([{global, Pass}])
|
|
|
|
|
end,
|
2016-12-11 16:24:51 +01:00
|
|
|
CheckFrom = gen_mod:get_opt(check_from, Opts,
|
2017-01-09 15:02:17 +01:00
|
|
|
fun(Flag) when is_boolean(Flag) -> Flag end,
|
|
|
|
|
true),
|
2016-12-11 16:24:51 +01:00
|
|
|
xmpp_stream_in:change_shaper(State, Shaper),
|
|
|
|
|
State1 = State#{access => Access,
|
|
|
|
|
xmlns => ?NS_COMPONENT,
|
|
|
|
|
lang => ?MYLANG,
|
|
|
|
|
server => ?MYNAME,
|
|
|
|
|
host_opts => HostOpts,
|
|
|
|
|
check_from => CheckFrom},
|
2016-12-28 07:47:11 +01:00
|
|
|
ejabberd_hooks:run_fold(component_init, {ok, State1}, [Opts]).
|
2016-12-11 16:24:51 +01:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
handle_stream_start(_StreamStart,
|
|
|
|
|
#{remote_server := RemoteServer,
|
|
|
|
|
lang := Lang,
|
2016-12-11 16:24:51 +01:00
|
|
|
host_opts := HostOpts} = State) ->
|
2016-12-29 22:00:36 +01:00
|
|
|
case ejabberd_router:is_my_host(RemoteServer) of
|
2016-12-28 07:47:11 +01:00
|
|
|
true ->
|
|
|
|
|
Txt = <<"Unable to register route on existing local domain">>,
|
|
|
|
|
xmpp_stream_in:send(State, xmpp:serr_conflict(Txt, Lang));
|
|
|
|
|
false ->
|
|
|
|
|
NewHostOpts = case dict:is_key(RemoteServer, HostOpts) of
|
|
|
|
|
true ->
|
|
|
|
|
HostOpts;
|
|
|
|
|
false ->
|
|
|
|
|
case dict:find(global, HostOpts) of
|
|
|
|
|
{ok, GlobalPass} ->
|
|
|
|
|
dict:from_list([{RemoteServer, GlobalPass}]);
|
|
|
|
|
error ->
|
|
|
|
|
HostOpts
|
|
|
|
|
end
|
|
|
|
|
end,
|
|
|
|
|
State#{host_opts => NewHostOpts}
|
|
|
|
|
end.
|
|
|
|
|
|
|
|
|
|
get_password_fun(#{remote_server := RemoteServer,
|
2017-01-09 15:02:17 +01:00
|
|
|
socket := Socket, sockmod := SockMod,
|
2016-12-28 07:47:11 +01:00
|
|
|
ip := IP,
|
|
|
|
|
host_opts := HostOpts}) ->
|
|
|
|
|
fun(_) ->
|
|
|
|
|
case dict:find(RemoteServer, HostOpts) of
|
|
|
|
|
{ok, Password} ->
|
|
|
|
|
{Password, undefined};
|
|
|
|
|
error ->
|
|
|
|
|
?ERROR_MSG("(~s) Domain ~s is unconfigured for "
|
|
|
|
|
"external component from ~s",
|
2017-01-09 15:02:17 +01:00
|
|
|
[SockMod:pp(Socket), RemoteServer,
|
2016-12-28 07:47:11 +01:00
|
|
|
ejabberd_config:may_hide_data(jlib:ip_to_list(IP))]),
|
|
|
|
|
{false, undefined}
|
|
|
|
|
end
|
2016-12-11 16:24:51 +01:00
|
|
|
end.
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
handle_auth_success(_, Mech, _,
|
|
|
|
|
#{remote_server := RemoteServer, host_opts := HostOpts,
|
2017-01-09 15:02:17 +01:00
|
|
|
socket := Socket, sockmod := SockMod,
|
|
|
|
|
ip := IP} = State) ->
|
2016-12-28 07:47:11 +01:00
|
|
|
?INFO_MSG("(~s) Accepted external component ~s authentication "
|
|
|
|
|
"for ~s from ~s",
|
2017-01-09 15:02:17 +01:00
|
|
|
[SockMod:pp(Socket), Mech, RemoteServer,
|
2016-12-28 07:47:11 +01:00
|
|
|
ejabberd_config:may_hide_data(jlib:ip_to_list(IP))]),
|
|
|
|
|
lists:foreach(
|
|
|
|
|
fun (H) ->
|
|
|
|
|
ejabberd_router:register_route(H, ?MYNAME),
|
|
|
|
|
ejabberd_hooks:run(component_connected, [H])
|
|
|
|
|
end, dict:fetch_keys(HostOpts)),
|
|
|
|
|
State.
|
|
|
|
|
|
|
|
|
|
handle_auth_failure(_, Mech, Reason,
|
|
|
|
|
#{remote_server := RemoteServer,
|
2017-01-09 15:02:17 +01:00
|
|
|
sockmod := SockMod,
|
2016-12-28 07:47:11 +01:00
|
|
|
socket := Socket, ip := IP} = State) ->
|
|
|
|
|
?ERROR_MSG("(~s) Failed external component ~s authentication "
|
|
|
|
|
"for ~s from ~s: ~s",
|
2017-01-09 15:02:17 +01:00
|
|
|
[SockMod:pp(Socket), Mech, RemoteServer,
|
2016-12-28 07:47:11 +01:00
|
|
|
ejabberd_config:may_hide_data(jlib:ip_to_list(IP)),
|
|
|
|
|
Reason]),
|
|
|
|
|
State.
|
|
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
handle_authenticated_packet(Pkt, #{lang := Lang} = State) ->
|
|
|
|
|
From = xmpp:get_from(Pkt),
|
|
|
|
|
case check_from(From, State) of
|
|
|
|
|
true ->
|
|
|
|
|
To = xmpp:get_to(Pkt),
|
|
|
|
|
ejabberd_router:route(From, To, Pkt),
|
2016-12-28 07:47:11 +01:00
|
|
|
State;
|
2016-12-11 16:24:51 +01:00
|
|
|
false ->
|
|
|
|
|
Txt = <<"Improper domain part of 'from' attribute">>,
|
|
|
|
|
Err = xmpp:serr_invalid_from(Txt, Lang),
|
|
|
|
|
xmpp_stream_in:send(State, Err)
|
|
|
|
|
end.
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
handle_info({route, From, To, Packet}, #{access := Access} = State) ->
|
|
|
|
|
case acl:match_rule(global, Access, From) of
|
|
|
|
|
allow ->
|
2016-07-27 09:45:08 +02:00
|
|
|
Pkt = xmpp:set_from_to(Packet, From, To),
|
2016-12-11 16:24:51 +01:00
|
|
|
xmpp_stream_in:send(State, Pkt);
|
2016-07-27 09:45:08 +02:00
|
|
|
deny ->
|
|
|
|
|
Lang = xmpp:get_lang(Packet),
|
|
|
|
|
Err = xmpp:err_not_allowed(<<"Denied by ACL">>, Lang),
|
2016-12-11 16:24:51 +01:00
|
|
|
ejabberd_router:route_error(To, From, Packet, Err),
|
2016-12-28 07:47:11 +01:00
|
|
|
State
|
2016-12-11 16:24:51 +01:00
|
|
|
end;
|
|
|
|
|
handle_info(Info, State) ->
|
2010-09-17 16:42:35 +02:00
|
|
|
?ERROR_MSG("Unexpected info: ~p", [Info]),
|
2016-12-28 07:47:11 +01:00
|
|
|
State.
|
2016-12-11 16:24:51 +01:00
|
|
|
|
|
|
|
|
terminate(Reason, #{stream_state := StreamState, host_opts := HostOpts}) ->
|
|
|
|
|
case StreamState of
|
2016-12-28 07:47:11 +01:00
|
|
|
established ->
|
2016-12-11 16:24:51 +01:00
|
|
|
lists:foreach(
|
|
|
|
|
fun(H) ->
|
|
|
|
|
ejabberd_router:unregister_route(H),
|
|
|
|
|
ejabberd_hooks:run(component_disconnected, [H, Reason])
|
|
|
|
|
end, dict:fetch_keys(HostOpts));
|
|
|
|
|
_ ->
|
|
|
|
|
ok
|
2016-07-27 09:45:08 +02:00
|
|
|
end.
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
code_change(_OldVsn, State, _Extra) ->
|
|
|
|
|
{ok, State}.
|
2016-07-27 09:45:08 +02:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%===================================================================
|
|
|
|
|
%%% Internal functions
|
|
|
|
|
%%%===================================================================
|
2016-11-12 11:27:15 +01:00
|
|
|
-spec check_from(jid(), state()) -> boolean().
|
2016-12-11 16:24:51 +01:00
|
|
|
check_from(_From, #{check_from := false}) ->
|
2016-11-12 11:27:15 +01:00
|
|
|
%% If the admin does not want to check the from field
|
|
|
|
|
%% when accept packets from any address.
|
|
|
|
|
%% In this case, the component can send packet of
|
|
|
|
|
%% behalf of the server users.
|
|
|
|
|
true;
|
2016-12-11 16:24:51 +01:00
|
|
|
check_from(From, #{host_opts := HostOpts}) ->
|
2016-11-12 11:27:15 +01:00
|
|
|
%% The default is the standard behaviour in XEP-0114
|
|
|
|
|
Server = From#jid.lserver,
|
2016-12-11 16:24:51 +01:00
|
|
|
dict:is_key(Server, HostOpts).
|
2009-10-07 16:24:09 +02:00
|
|
|
|
2013-08-12 14:25:05 +02:00
|
|
|
transform_listen_option({hosts, Hosts, O}, Opts) ->
|
|
|
|
|
case lists:keyfind(hosts, 1, Opts) of
|
|
|
|
|
{_, PrevHostOpts} ->
|
|
|
|
|
NewHostOpts =
|
|
|
|
|
lists:foldl(
|
|
|
|
|
fun(H, Acc) ->
|
|
|
|
|
dict:append_list(H, O, Acc)
|
|
|
|
|
end, dict:from_list(PrevHostOpts), Hosts),
|
|
|
|
|
[{hosts, dict:to_list(NewHostOpts)}|
|
|
|
|
|
lists:keydelete(hosts, 1, Opts)];
|
|
|
|
|
_ ->
|
|
|
|
|
[{hosts, [{H, O} || H <- Hosts]}|Opts]
|
|
|
|
|
end;
|
|
|
|
|
transform_listen_option({host, Host, Os}, Opts) ->
|
|
|
|
|
transform_listen_option({hosts, [Host], Os}, Opts);
|
|
|
|
|
transform_listen_option(Opt, Opts) ->
|
|
|
|
|
[Opt|Opts].
|
|
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
opt_type(_) -> [].
|
