2016-12-11 16:24:51 +01:00
|
|
|
%%%-------------------------------------------------------------------
|
|
|
|
%%% Created : 11 Dec 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
|
|
|
%%%
|
2019-01-08 22:53:27 +01:00
|
|
|
%%% ejabberd, Copyright (C) 2002-2019 ProcessOne
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
|
|
|
%%% This program is free software; you can redistribute it and/or
|
|
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
|
|
%%% License, or (at your option) any later version.
|
|
|
|
%%%
|
|
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
%%% General Public License for more details.
|
2009-01-12 15:44:42 +01:00
|
|
|
%%%
|
2014-02-22 11:27:40 +01:00
|
|
|
%%% You should have received a copy of the GNU General Public License along
|
|
|
|
%%% with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%-------------------------------------------------------------------
|
2003-01-07 20:10:35 +01:00
|
|
|
-module(ejabberd_service).
|
2016-12-11 16:24:51 +01:00
|
|
|
-behaviour(xmpp_stream_in).
|
2018-09-17 10:21:02 +02:00
|
|
|
-behaviour(ejabberd_listener).
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2015-05-21 17:02:36 +02:00
|
|
|
-protocol({xep, 114, '1.6'}).
|
|
|
|
|
2017-05-08 11:59:28 +02:00
|
|
|
%% ejabberd_listener callbacks
|
2018-09-17 10:21:02 +02:00
|
|
|
-export([start/2, start_link/2, accept/1]).
|
2018-09-18 11:53:36 +02:00
|
|
|
-export([listen_opt_type/1, listen_options/0, transform_listen_option/2]).
|
2016-12-11 16:24:51 +01:00
|
|
|
%% xmpp_stream_in callbacks
|
2016-12-28 07:47:11 +01:00
|
|
|
-export([init/1, handle_info/2, terminate/2, code_change/3]).
|
|
|
|
-export([handle_stream_start/2, handle_auth_success/4, handle_auth_failure/4,
|
2017-02-06 11:30:58 +01:00
|
|
|
handle_authenticated_packet/2, get_password_fun/1, tls_options/1]).
|
2016-12-11 16:24:51 +01:00
|
|
|
%% API
|
2018-09-17 10:21:02 +02:00
|
|
|
-export([send/2, close/1, close/2]).
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-07-27 09:45:08 +02:00
|
|
|
-include("xmpp.hrl").
|
2016-12-11 16:24:51 +01:00
|
|
|
-include("logger.hrl").
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
-type state() :: map().
|
2016-12-28 07:47:11 +01:00
|
|
|
-export_type([state/0]).
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%===================================================================
|
2003-01-07 20:10:35 +01:00
|
|
|
%%% API
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%===================================================================
|
2003-07-20 22:35:35 +02:00
|
|
|
start(SockData, Opts) ->
|
2016-12-11 16:24:51 +01:00
|
|
|
xmpp_stream_in:start(?MODULE, [SockData, Opts],
|
2016-12-28 07:47:11 +01:00
|
|
|
ejabberd_config:fsm_limit_opts(Opts)).
|
2003-07-20 22:35:35 +02:00
|
|
|
|
2003-07-14 20:06:03 +02:00
|
|
|
start_link(SockData, Opts) ->
|
2016-12-28 07:47:11 +01:00
|
|
|
xmpp_stream_in:start_link(?MODULE, [SockData, Opts],
|
|
|
|
ejabberd_config:fsm_limit_opts(Opts)).
|
2003-07-20 22:35:35 +02:00
|
|
|
|
2018-09-17 10:21:02 +02:00
|
|
|
accept(Ref) ->
|
|
|
|
xmpp_stream_in:accept(Ref).
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
-spec send(pid(), xmpp_element()) -> ok;
|
|
|
|
(state(), xmpp_element()) -> state().
|
|
|
|
send(Stream, Pkt) ->
|
|
|
|
xmpp_stream_in:send(Stream, Pkt).
|
2006-09-25 05:51:11 +02:00
|
|
|
|
2017-04-15 07:30:41 +02:00
|
|
|
-spec close(pid()) -> ok;
|
|
|
|
(state()) -> state().
|
|
|
|
close(Ref) ->
|
|
|
|
xmpp_stream_in:close(Ref).
|
|
|
|
|
|
|
|
-spec close(pid(), atom()) -> ok;
|
|
|
|
(state(), atom()) -> state().
|
|
|
|
close(Ref, Reason) ->
|
|
|
|
xmpp_stream_in:close(Ref, Reason).
|
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%===================================================================
|
|
|
|
%%% xmpp_stream_in callbacks
|
|
|
|
%%%===================================================================
|
2017-02-06 11:30:58 +01:00
|
|
|
tls_options(#{tls_options := TLSOptions}) ->
|
|
|
|
TLSOptions.
|
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
init([State, Opts]) ->
|
2017-05-08 13:34:35 +02:00
|
|
|
Access = proplists:get_value(access, Opts, all),
|
2018-09-18 11:53:36 +02:00
|
|
|
Shaper = proplists:get_value(shaper, Opts,
|
|
|
|
proplists:get_value(shaper_rule, Opts, none)),
|
2017-05-08 13:34:35 +02:00
|
|
|
GlobalPassword = proplists:get_value(password, Opts, random_password()),
|
|
|
|
HostOpts = proplists:get_value(hosts, Opts, [{global, GlobalPassword}]),
|
2017-04-30 18:01:47 +02:00
|
|
|
HostOpts1 = lists:map(
|
|
|
|
fun({Host, undefined}) -> {Host, GlobalPassword};
|
|
|
|
({Host, Password}) -> {Host, Password}
|
|
|
|
end, HostOpts),
|
2017-05-08 13:34:35 +02:00
|
|
|
CheckFrom = proplists:get_value(check_from, Opts, true),
|
2017-02-06 11:30:58 +01:00
|
|
|
TLSOpts1 = lists:filter(
|
|
|
|
fun({certfile, _}) -> true;
|
|
|
|
({ciphers, _}) -> true;
|
|
|
|
({dhfile, _}) -> true;
|
|
|
|
({cafile, _}) -> true;
|
2017-04-30 18:01:47 +02:00
|
|
|
({protocol_options, _}) -> true;
|
2017-02-06 11:30:58 +01:00
|
|
|
(_) -> false
|
|
|
|
end, Opts),
|
|
|
|
TLSOpts = case proplists:get_bool(tls_compression, Opts) of
|
2017-04-30 18:01:47 +02:00
|
|
|
false -> [compression_none | TLSOpts1];
|
|
|
|
true -> TLSOpts1
|
2017-02-06 11:30:58 +01:00
|
|
|
end,
|
2018-02-14 09:53:52 +01:00
|
|
|
GlobalRoutes = proplists:get_value(global_routes, Opts, true),
|
2018-02-20 09:38:00 +01:00
|
|
|
Timeout = ejabberd_config:negotiation_timeout(),
|
2018-07-06 00:07:36 +02:00
|
|
|
State1 = xmpp_stream_in:change_shaper(State, ejabberd_shaper:new(Shaper)),
|
2018-02-20 09:38:00 +01:00
|
|
|
State2 = xmpp_stream_in:set_timeout(State1, Timeout),
|
|
|
|
State3 = State2#{access => Access,
|
2018-02-14 09:42:43 +01:00
|
|
|
xmlns => ?NS_COMPONENT,
|
2018-06-14 13:00:47 +02:00
|
|
|
lang => ejabberd_config:get_mylang(),
|
|
|
|
server => ejabberd_config:get_myname(),
|
2018-02-14 09:42:43 +01:00
|
|
|
host_opts => dict:from_list(HostOpts1),
|
|
|
|
stream_version => undefined,
|
|
|
|
tls_options => TLSOpts,
|
2018-02-14 09:53:52 +01:00
|
|
|
global_routes => GlobalRoutes,
|
2018-02-14 09:42:43 +01:00
|
|
|
check_from => CheckFrom},
|
2018-02-20 09:38:00 +01:00
|
|
|
ejabberd_hooks:run_fold(component_init, {ok, State3}, [Opts]).
|
2016-12-11 16:24:51 +01:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
handle_stream_start(_StreamStart,
|
|
|
|
#{remote_server := RemoteServer,
|
|
|
|
lang := Lang,
|
2016-12-11 16:24:51 +01:00
|
|
|
host_opts := HostOpts} = State) ->
|
2016-12-29 22:00:36 +01:00
|
|
|
case ejabberd_router:is_my_host(RemoteServer) of
|
2018-02-09 16:12:50 +01:00
|
|
|
true ->
|
2016-12-28 07:47:11 +01:00
|
|
|
Txt = <<"Unable to register route on existing local domain">>,
|
|
|
|
xmpp_stream_in:send(State, xmpp:serr_conflict(Txt, Lang));
|
2018-02-09 16:12:50 +01:00
|
|
|
false ->
|
2016-12-28 07:47:11 +01:00
|
|
|
NewHostOpts = case dict:is_key(RemoteServer, HostOpts) of
|
|
|
|
true ->
|
|
|
|
HostOpts;
|
|
|
|
false ->
|
|
|
|
case dict:find(global, HostOpts) of
|
2018-02-09 16:12:50 +01:00
|
|
|
{ok, GlobalPass} ->
|
2016-12-28 07:47:11 +01:00
|
|
|
dict:from_list([{RemoteServer, GlobalPass}]);
|
2018-02-09 16:12:50 +01:00
|
|
|
error ->
|
2016-12-28 07:47:11 +01:00
|
|
|
HostOpts
|
2018-02-09 16:12:50 +01:00
|
|
|
end
|
|
|
|
end,
|
|
|
|
CodecOpts = ejabberd_config:codec_options(global),
|
|
|
|
State#{host_opts => NewHostOpts, codec_options => CodecOpts}
|
2016-12-28 07:47:11 +01:00
|
|
|
end.
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
get_password_fun(#{remote_server := RemoteServer,
|
2017-12-26 16:55:57 +01:00
|
|
|
socket := Socket, ip := IP,
|
2016-12-28 07:47:11 +01:00
|
|
|
host_opts := HostOpts}) ->
|
|
|
|
fun(_) ->
|
|
|
|
case dict:find(RemoteServer, HostOpts) of
|
2018-02-14 09:42:43 +01:00
|
|
|
{ok, Password} ->
|
2016-12-28 07:47:11 +01:00
|
|
|
{Password, undefined};
|
|
|
|
error ->
|
2018-09-19 22:12:14 +02:00
|
|
|
?WARNING_MSG("(~s) Domain ~s is unconfigured for "
|
|
|
|
"external component from ~s",
|
|
|
|
[xmpp_socket:pp(Socket), RemoteServer,
|
|
|
|
ejabberd_config:may_hide_data(misc:ip_to_list(IP))]),
|
2016-12-28 07:47:11 +01:00
|
|
|
{false, undefined}
|
|
|
|
end
|
2016-12-11 16:24:51 +01:00
|
|
|
end.
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
handle_auth_success(_, Mech, _,
|
|
|
|
#{remote_server := RemoteServer, host_opts := HostOpts,
|
2018-02-14 09:53:52 +01:00
|
|
|
socket := Socket, ip := IP,
|
|
|
|
global_routes := GlobalRoutes} = State) ->
|
2016-12-28 07:47:11 +01:00
|
|
|
?INFO_MSG("(~s) Accepted external component ~s authentication "
|
|
|
|
"for ~s from ~s",
|
2017-12-26 16:55:57 +01:00
|
|
|
[xmpp_socket:pp(Socket), Mech, RemoteServer,
|
2017-04-11 12:13:58 +02:00
|
|
|
ejabberd_config:may_hide_data(misc:ip_to_list(IP))]),
|
2018-02-14 09:53:52 +01:00
|
|
|
Routes = if GlobalRoutes ->
|
|
|
|
dict:fetch_keys(HostOpts);
|
|
|
|
true ->
|
|
|
|
[RemoteServer]
|
|
|
|
end,
|
2018-02-14 09:42:43 +01:00
|
|
|
lists:foreach(
|
|
|
|
fun(H) ->
|
2018-06-14 13:00:47 +02:00
|
|
|
ejabberd_router:register_route(H, ejabberd_config:get_myname()),
|
2018-02-14 09:42:43 +01:00
|
|
|
ejabberd_hooks:run(component_connected, [H])
|
2018-02-14 09:53:52 +01:00
|
|
|
end, Routes),
|
2016-12-28 07:47:11 +01:00
|
|
|
State.
|
|
|
|
|
|
|
|
handle_auth_failure(_, Mech, Reason,
|
|
|
|
#{remote_server := RemoteServer,
|
|
|
|
socket := Socket, ip := IP} = State) ->
|
2018-09-19 22:12:14 +02:00
|
|
|
?WARNING_MSG("(~s) Failed external component ~s authentication "
|
|
|
|
"for ~s from ~s: ~s",
|
|
|
|
[xmpp_socket:pp(Socket), Mech, RemoteServer,
|
|
|
|
ejabberd_config:may_hide_data(misc:ip_to_list(IP)),
|
|
|
|
Reason]),
|
2016-12-28 07:47:11 +01:00
|
|
|
State.
|
|
|
|
|
2018-03-30 20:49:33 +02:00
|
|
|
handle_authenticated_packet(Pkt0, #{ip := {IP, _}, lang := Lang} = State)
|
2017-02-14 15:09:25 +01:00
|
|
|
when ?is_stanza(Pkt0) ->
|
|
|
|
Pkt = xmpp:put_meta(Pkt0, ip, IP),
|
2016-12-11 16:24:51 +01:00
|
|
|
From = xmpp:get_from(Pkt),
|
|
|
|
case check_from(From, State) of
|
2018-02-14 09:42:43 +01:00
|
|
|
true ->
|
2018-03-30 20:49:33 +02:00
|
|
|
{Pkt2, State2} = ejabberd_hooks:run_fold(component_send_packet, {Pkt, State}, []),
|
2018-03-30 19:01:30 +02:00
|
|
|
case Pkt2 of
|
|
|
|
drop ->
|
|
|
|
ok;
|
|
|
|
_ ->
|
|
|
|
ejabberd_router:route(Pkt2)
|
|
|
|
end,
|
|
|
|
State2;
|
2018-02-14 09:42:43 +01:00
|
|
|
false ->
|
|
|
|
Txt = <<"Improper domain part of 'from' attribute">>,
|
2016-12-11 16:24:51 +01:00
|
|
|
Err = xmpp:serr_invalid_from(Txt, Lang),
|
|
|
|
xmpp_stream_in:send(State, Err)
|
2017-01-23 11:51:05 +01:00
|
|
|
end;
|
|
|
|
handle_authenticated_packet(_Pkt, State) ->
|
|
|
|
State.
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2017-02-16 09:00:26 +01:00
|
|
|
handle_info({route, Packet}, #{access := Access} = State) ->
|
|
|
|
case acl:match_rule(global, Access, xmpp:get_from(Packet)) of
|
2018-02-14 09:42:43 +01:00
|
|
|
allow ->
|
2017-02-16 09:00:26 +01:00
|
|
|
xmpp_stream_in:send(State, Packet);
|
2016-07-27 09:45:08 +02:00
|
|
|
deny ->
|
|
|
|
Lang = xmpp:get_lang(Packet),
|
2017-09-24 13:32:37 +02:00
|
|
|
Err = xmpp:err_not_allowed(<<"Access denied by service policy">>, Lang),
|
2017-02-16 09:00:26 +01:00
|
|
|
ejabberd_router:route_error(Packet, Err),
|
2016-12-28 07:47:11 +01:00
|
|
|
State
|
2016-12-11 16:24:51 +01:00
|
|
|
end;
|
|
|
|
handle_info(Info, State) ->
|
2010-09-17 16:42:35 +02:00
|
|
|
?ERROR_MSG("Unexpected info: ~p", [Info]),
|
2016-12-28 07:47:11 +01:00
|
|
|
State.
|
2003-01-07 20:10:35 +01:00
|
|
|
|
2018-02-14 11:09:27 +01:00
|
|
|
terminate(Reason, #{stream_state := StreamState,
|
|
|
|
host_opts := HostOpts,
|
|
|
|
remote_server := RemoteServer,
|
|
|
|
global_routes := GlobalRoutes}) ->
|
2016-12-11 16:24:51 +01:00
|
|
|
case StreamState of
|
2016-12-28 07:47:11 +01:00
|
|
|
established ->
|
2018-02-14 11:09:27 +01:00
|
|
|
Routes = if GlobalRoutes ->
|
|
|
|
dict:fetch_keys(HostOpts);
|
|
|
|
true ->
|
|
|
|
[RemoteServer]
|
|
|
|
end,
|
2016-12-11 16:24:51 +01:00
|
|
|
lists:foreach(
|
|
|
|
fun(H) ->
|
2018-02-14 09:42:43 +01:00
|
|
|
ejabberd_router:unregister_route(H),
|
2016-12-11 16:24:51 +01:00
|
|
|
ejabberd_hooks:run(component_disconnected, [H, Reason])
|
2018-02-14 11:09:27 +01:00
|
|
|
end, Routes);
|
2016-12-11 16:24:51 +01:00
|
|
|
_ ->
|
2018-02-14 09:42:43 +01:00
|
|
|
ok
|
2018-02-14 11:09:27 +01:00
|
|
|
end;
|
|
|
|
terminate(_Reason, _State) ->
|
|
|
|
ok.
|
2016-07-27 09:45:08 +02:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
code_change(_OldVsn, State, _Extra) ->
|
|
|
|
{ok, State}.
|
2016-07-27 09:45:08 +02:00
|
|
|
|
2016-12-11 16:24:51 +01:00
|
|
|
%%%===================================================================
|
|
|
|
%%% Internal functions
|
|
|
|
%%%===================================================================
|
2016-11-12 11:27:15 +01:00
|
|
|
-spec check_from(jid(), state()) -> boolean().
|
2016-12-11 16:24:51 +01:00
|
|
|
check_from(_From, #{check_from := false}) ->
|
2016-11-12 11:27:15 +01:00
|
|
|
%% If the admin does not want to check the from field
|
|
|
|
%% when accept packets from any address.
|
|
|
|
%% In this case, the component can send packet of
|
|
|
|
%% behalf of the server users.
|
|
|
|
true;
|
2016-12-11 16:24:51 +01:00
|
|
|
check_from(From, #{host_opts := HostOpts}) ->
|
2016-11-12 11:27:15 +01:00
|
|
|
%% The default is the standard behaviour in XEP-0114
|
|
|
|
Server = From#jid.lserver,
|
2016-12-11 16:24:51 +01:00
|
|
|
dict:is_key(Server, HostOpts).
|
2009-10-07 16:24:09 +02:00
|
|
|
|
2017-04-30 18:01:47 +02:00
|
|
|
random_password() ->
|
2018-07-05 10:51:49 +02:00
|
|
|
str:sha(p1_rand:bytes(20)).
|
2017-04-30 18:01:47 +02:00
|
|
|
|
2013-08-12 14:25:05 +02:00
|
|
|
transform_listen_option({hosts, Hosts, O}, Opts) ->
|
|
|
|
case lists:keyfind(hosts, 1, Opts) of
|
|
|
|
{_, PrevHostOpts} ->
|
|
|
|
NewHostOpts =
|
|
|
|
lists:foldl(
|
|
|
|
fun(H, Acc) ->
|
|
|
|
dict:append_list(H, O, Acc)
|
|
|
|
end, dict:from_list(PrevHostOpts), Hosts),
|
|
|
|
[{hosts, dict:to_list(NewHostOpts)}|
|
|
|
|
lists:keydelete(hosts, 1, Opts)];
|
|
|
|
_ ->
|
|
|
|
[{hosts, [{H, O} || H <- Hosts]}|Opts]
|
|
|
|
end;
|
|
|
|
transform_listen_option({host, Host, Os}, Opts) ->
|
|
|
|
transform_listen_option({hosts, [Host], Os}, Opts);
|
|
|
|
transform_listen_option(Opt, Opts) ->
|
|
|
|
[Opt|Opts].
|
|
|
|
|
2018-09-18 11:53:36 +02:00
|
|
|
listen_opt_type(shaper_rule) ->
|
|
|
|
fun(V) ->
|
|
|
|
?WARNING_MSG("Listening option 'shaper_rule' of module ~s "
|
|
|
|
"is renamed to 'shaper'", [?MODULE]),
|
|
|
|
acl:shaper_rules_validator(V)
|
2017-05-12 15:27:09 +02:00
|
|
|
end;
|
2017-04-30 18:01:47 +02:00
|
|
|
listen_opt_type(check_from) -> fun(B) when is_boolean(B) -> B end;
|
|
|
|
listen_opt_type(password) -> fun iolist_to_binary/1;
|
|
|
|
listen_opt_type(hosts) ->
|
|
|
|
fun(HostOpts) ->
|
|
|
|
lists:map(
|
|
|
|
fun({Host, Opts}) ->
|
|
|
|
Password = case proplists:get_value(password, Opts) of
|
|
|
|
undefined -> undefined;
|
|
|
|
P -> iolist_to_binary(P)
|
|
|
|
end,
|
|
|
|
{iolist_to_binary(Host), Password}
|
|
|
|
end, HostOpts)
|
|
|
|
end;
|
2018-02-14 09:53:52 +01:00
|
|
|
listen_opt_type(global_routes) ->
|
2018-09-18 11:53:36 +02:00
|
|
|
fun(B) when is_boolean(B) -> B end.
|
|
|
|
|
|
|
|
listen_options() ->
|
|
|
|
[{access, all},
|
|
|
|
{shaper, none},
|
|
|
|
{shaper_rule, none},
|
|
|
|
{certfile, undefined},
|
|
|
|
{ciphers, undefined},
|
|
|
|
{dhfile, undefined},
|
|
|
|
{cafile, undefined},
|
|
|
|
{protocol_options, undefined},
|
|
|
|
{tls, false},
|
|
|
|
{tls_compression, false},
|
|
|
|
{max_stanza_size, infinity},
|
|
|
|
{max_fsm_queue, 5000},
|
|
|
|
{password, undefined},
|
|
|
|
{hosts, []},
|
|
|
|
{check_from, true},
|
|
|
|
{global_routes, true}].
|