2002-12-06 21:59:19 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
%%% File : ejabberd_s2s_in.erl
|
2007-12-24 12:41:41 +01:00
|
|
|
%%% Author : Alexey Shchepin <alexey@process-one.net>
|
2006-01-13 02:55:20 +01:00
|
|
|
%%% Purpose : Serve incoming s2s connection
|
2007-12-24 12:41:41 +01:00
|
|
|
%%% Created : 6 Dec 2002 by Alexey Shchepin <alexey@process-one.net>
|
|
|
|
%%%
|
|
|
|
%%%
|
2012-02-23 16:52:34 +01:00
|
|
|
%%% ejabberd, Copyright (C) 2002-2012 ProcessOne
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
|
|
|
%%% This program is free software; you can redistribute it and/or
|
|
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
|
|
%%% License, or (at your option) any later version.
|
|
|
|
%%%
|
|
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
%%% General Public License for more details.
|
2009-01-12 15:44:42 +01:00
|
|
|
%%%
|
2007-12-24 12:41:41 +01:00
|
|
|
%%% You should have received a copy of the GNU General Public License
|
|
|
|
%%% along with this program; if not, write to the Free Software
|
|
|
|
%%% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
|
|
%%% 02111-1307 USA
|
|
|
|
%%%
|
2002-12-06 21:59:19 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
|
|
|
-module(ejabberd_s2s_in).
|
2007-12-24 12:41:41 +01:00
|
|
|
-author('alexey@process-one.net').
|
2002-12-06 21:59:19 +01:00
|
|
|
|
2011-12-02 19:30:20 +01:00
|
|
|
-behaviour(p1_fsm).
|
2002-12-06 21:59:19 +01:00
|
|
|
|
|
|
|
%% External exports
|
2003-11-10 22:25:36 +01:00
|
|
|
-export([start/2,
|
2006-01-13 02:55:20 +01:00
|
|
|
start_link/2,
|
2006-09-25 05:51:11 +02:00
|
|
|
match_domain/2,
|
|
|
|
socket_type/0]).
|
2002-12-06 21:59:19 +01:00
|
|
|
|
|
|
|
%% gen_fsm callbacks
|
2002-12-07 21:27:26 +01:00
|
|
|
-export([init/1,
|
|
|
|
wait_for_stream/2,
|
2005-10-25 03:08:37 +02:00
|
|
|
wait_for_feature_request/2,
|
2002-12-07 21:27:26 +01:00
|
|
|
stream_established/2,
|
2003-01-24 21:18:33 +01:00
|
|
|
handle_event/3,
|
|
|
|
handle_sync_event/4,
|
|
|
|
code_change/4,
|
2002-12-06 21:59:19 +01:00
|
|
|
handle_info/3,
|
2011-12-08 12:50:40 +01:00
|
|
|
print_state/1,
|
2002-12-06 21:59:19 +01:00
|
|
|
terminate/3]).
|
|
|
|
|
|
|
|
-include("ejabberd.hrl").
|
2003-05-12 20:36:13 +02:00
|
|
|
-include("jlib.hrl").
|
2010-07-09 20:02:29 +02:00
|
|
|
-ifdef(SSL40).
|
|
|
|
-include_lib("public_key/include/public_key.hrl").
|
|
|
|
-define(PKIXEXPLICIT, 'OTP-PUB-KEY').
|
|
|
|
-define(PKIXIMPLICIT, 'OTP-PUB-KEY').
|
|
|
|
-else.
|
2008-01-15 12:11:27 +01:00
|
|
|
-ifdef(SSL39).
|
|
|
|
-include_lib("ssl/include/ssl_pkix.hrl").
|
2008-03-11 15:25:35 +01:00
|
|
|
-define(PKIXEXPLICIT, 'OTP-PKIX').
|
|
|
|
-define(PKIXIMPLICIT, 'OTP-PKIX').
|
2008-01-15 12:11:27 +01:00
|
|
|
-else.
|
2006-04-01 23:43:52 +02:00
|
|
|
-include_lib("ssl/include/PKIX1Explicit88.hrl").
|
|
|
|
-include_lib("ssl/include/PKIX1Implicit88.hrl").
|
2008-03-11 15:25:35 +01:00
|
|
|
-define(PKIXEXPLICIT, 'PKIX1Explicit88').
|
|
|
|
-define(PKIXIMPLICIT, 'PKIX1Implicit88').
|
2008-01-15 12:11:27 +01:00
|
|
|
-endif.
|
2010-07-09 20:02:29 +02:00
|
|
|
-endif.
|
2005-11-17 06:29:33 +01:00
|
|
|
-include("XmppAddr.hrl").
|
2002-12-06 21:59:19 +01:00
|
|
|
|
2003-10-29 21:09:09 +01:00
|
|
|
-define(DICT, dict).
|
|
|
|
|
2003-11-10 22:25:36 +01:00
|
|
|
-record(state, {socket,
|
2006-10-01 03:53:37 +02:00
|
|
|
sockmod,
|
2003-11-10 22:25:36 +01:00
|
|
|
streamid,
|
|
|
|
shaper,
|
2005-10-25 03:08:37 +02:00
|
|
|
tls = false,
|
|
|
|
tls_enabled = false,
|
2010-12-10 17:27:15 +01:00
|
|
|
tls_required = false,
|
2010-12-11 02:28:50 +01:00
|
|
|
tls_certverify = false,
|
2005-10-25 03:08:37 +02:00
|
|
|
tls_options = [],
|
2010-11-06 20:09:33 +01:00
|
|
|
server,
|
2005-11-03 06:04:54 +01:00
|
|
|
authenticated = false,
|
|
|
|
auth_domain,
|
2003-12-06 20:58:49 +01:00
|
|
|
connections = ?DICT:new(),
|
|
|
|
timer}).
|
2003-10-29 21:09:09 +01:00
|
|
|
|
2002-12-07 21:27:26 +01:00
|
|
|
|
2003-01-13 21:51:17 +01:00
|
|
|
%-define(DBGFSM, true).
|
2002-12-06 21:59:19 +01:00
|
|
|
|
|
|
|
-ifdef(DBGFSM).
|
|
|
|
-define(FSMOPTS, [{debug, [trace]}]).
|
|
|
|
-else.
|
|
|
|
-define(FSMOPTS, []).
|
|
|
|
-endif.
|
|
|
|
|
2011-12-02 19:30:20 +01:00
|
|
|
-define(FSMLIMITS, [{max_queue, 2000}]). %% if queue grows more than this, we shutdown this connection.
|
|
|
|
|
2007-09-14 16:16:36 +02:00
|
|
|
%% Module start with or without supervisor:
|
|
|
|
-ifdef(NO_TRANSIENT_SUPERVISORS).
|
2011-12-02 19:30:20 +01:00
|
|
|
-define(SUPERVISOR_START, p1_fsm:start(ejabberd_s2s_in, [SockData, Opts],
|
|
|
|
?FSMOPTS ++ ?FSMLIMITS)).
|
2007-09-14 16:16:36 +02:00
|
|
|
-else.
|
|
|
|
-define(SUPERVISOR_START, supervisor:start_child(ejabberd_s2s_in_sup,
|
|
|
|
[SockData, Opts])).
|
|
|
|
-endif.
|
|
|
|
|
2005-10-25 03:08:37 +02:00
|
|
|
-define(STREAM_HEADER(Version),
|
2003-09-03 19:49:42 +02:00
|
|
|
("<?xml version='1.0'?>"
|
|
|
|
"<stream:stream "
|
|
|
|
"xmlns:stream='http://etherx.jabber.org/streams' "
|
|
|
|
"xmlns='jabber:server' "
|
|
|
|
"xmlns:db='jabber:server:dialback' "
|
2005-10-25 03:08:37 +02:00
|
|
|
"id='" ++ StateData#state.streamid ++ "'" ++ Version ++ ">")
|
2002-12-06 21:59:19 +01:00
|
|
|
).
|
|
|
|
|
|
|
|
-define(STREAM_TRAILER, "</stream:stream>").
|
|
|
|
|
2003-05-12 20:36:13 +02:00
|
|
|
-define(INVALID_NAMESPACE_ERR,
|
|
|
|
xml:element_to_string(?SERR_INVALID_NAMESPACE)).
|
2002-12-06 21:59:19 +01:00
|
|
|
|
2003-05-12 20:36:13 +02:00
|
|
|
-define(HOST_UNKNOWN_ERR,
|
|
|
|
xml:element_to_string(?SERR_HOST_UNKNOWN)).
|
|
|
|
|
2007-09-14 16:15:44 +02:00
|
|
|
-define(INVALID_FROM_ERR,
|
2007-07-19 23:17:13 +02:00
|
|
|
xml:element_to_string(?SERR_INVALID_FROM)).
|
|
|
|
|
2003-05-12 20:36:13 +02:00
|
|
|
-define(INVALID_XML_ERR,
|
|
|
|
xml:element_to_string(?SERR_XML_NOT_WELL_FORMED)).
|
2003-01-04 21:09:25 +01:00
|
|
|
|
2002-12-06 21:59:19 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
%%% API
|
|
|
|
%%%----------------------------------------------------------------------
|
2003-07-20 22:35:35 +02:00
|
|
|
start(SockData, Opts) ->
|
2007-09-14 16:16:36 +02:00
|
|
|
?SUPERVISOR_START.
|
2003-07-20 22:35:35 +02:00
|
|
|
|
2003-11-10 22:25:36 +01:00
|
|
|
start_link(SockData, Opts) ->
|
2011-12-02 19:30:20 +01:00
|
|
|
p1_fsm:start_link(ejabberd_s2s_in, [SockData, Opts], ?FSMOPTS ++ ?FSMLIMITS).
|
2002-12-06 21:59:19 +01:00
|
|
|
|
2006-09-25 05:51:11 +02:00
|
|
|
socket_type() ->
|
|
|
|
xml_stream.
|
|
|
|
|
2002-12-06 21:59:19 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
%%% Callback functions from gen_fsm
|
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
%% Func: init/1
|
|
|
|
%% Returns: {ok, StateName, StateData} |
|
|
|
|
%% {ok, StateName, StateData, Timeout} |
|
|
|
|
%% ignore |
|
2007-09-14 16:15:44 +02:00
|
|
|
%% {stop, StopReason}
|
2002-12-06 21:59:19 +01:00
|
|
|
%%----------------------------------------------------------------------
|
2006-10-01 03:53:37 +02:00
|
|
|
init([{SockMod, Socket}, Opts]) ->
|
2007-09-14 16:16:04 +02:00
|
|
|
?DEBUG("started: ~p", [{SockMod, Socket}]),
|
2003-11-10 22:25:36 +01:00
|
|
|
Shaper = case lists:keysearch(shaper, 1, Opts) of
|
|
|
|
{value, {_, S}} -> S;
|
|
|
|
_ -> none
|
|
|
|
end,
|
2010-12-11 02:28:50 +01:00
|
|
|
{StartTLS, TLSRequired, TLSCertverify} = case ejabberd_config:get_local_option(s2s_use_starttls) of
|
2010-12-10 17:27:15 +01:00
|
|
|
UseTls when (UseTls==undefined) or (UseTls==false) ->
|
2010-12-11 02:28:50 +01:00
|
|
|
{false, false, false};
|
2010-12-10 17:27:15 +01:00
|
|
|
UseTls when (UseTls==true) or (UseTls==optional) ->
|
2010-12-11 02:28:50 +01:00
|
|
|
{true, false, false};
|
2010-12-10 17:27:15 +01:00
|
|
|
required ->
|
2010-12-11 02:28:50 +01:00
|
|
|
{true, true, false};
|
|
|
|
required_trusted ->
|
|
|
|
{true, true, true}
|
2010-12-10 17:27:15 +01:00
|
|
|
end,
|
2005-10-25 03:08:37 +02:00
|
|
|
TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
|
|
|
|
undefined ->
|
|
|
|
[];
|
|
|
|
CertFile ->
|
|
|
|
[{certfile, CertFile}]
|
|
|
|
end,
|
2003-12-06 20:58:49 +01:00
|
|
|
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
|
2003-05-12 20:36:13 +02:00
|
|
|
{ok, wait_for_stream,
|
|
|
|
#state{socket = Socket,
|
2006-10-01 03:53:37 +02:00
|
|
|
sockmod = SockMod,
|
2003-11-10 22:25:36 +01:00
|
|
|
streamid = new_id(),
|
2003-12-06 20:58:49 +01:00
|
|
|
shaper = Shaper,
|
2005-10-25 03:08:37 +02:00
|
|
|
tls = StartTLS,
|
|
|
|
tls_enabled = false,
|
2010-12-10 17:27:15 +01:00
|
|
|
tls_required = TLSRequired,
|
2010-12-11 02:28:50 +01:00
|
|
|
tls_certverify = TLSCertverify,
|
2005-10-25 03:08:37 +02:00
|
|
|
tls_options = TLSOpts,
|
2003-12-06 20:58:49 +01:00
|
|
|
timer = Timer}}.
|
2002-12-06 21:59:19 +01:00
|
|
|
|
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
%% Func: StateName/2
|
|
|
|
%% Returns: {next_state, NextStateName, NextStateData} |
|
|
|
|
%% {next_state, NextStateName, NextStateData, Timeout} |
|
2007-09-14 16:15:44 +02:00
|
|
|
%% {stop, Reason, NewStateData}
|
2002-12-06 21:59:19 +01:00
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
|
2003-10-29 21:09:09 +01:00
|
|
|
wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
|
2005-10-25 03:08:37 +02:00
|
|
|
case {xml:get_attr_s("xmlns", Attrs),
|
|
|
|
xml:get_attr_s("xmlns:db", Attrs),
|
2010-05-07 18:32:57 +02:00
|
|
|
xml:get_attr_s("to", Attrs),
|
2005-10-25 03:08:37 +02:00
|
|
|
xml:get_attr_s("version", Attrs) == "1.0"} of
|
2010-05-07 18:32:57 +02:00
|
|
|
{"jabber:server", _, Server, true} when
|
2005-11-03 06:04:54 +01:00
|
|
|
StateData#state.tls and (not StateData#state.authenticated) ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_text(StateData, ?STREAM_HEADER(" version='1.0'")),
|
2005-11-03 06:04:54 +01:00
|
|
|
SASL =
|
|
|
|
if
|
|
|
|
StateData#state.tls_enabled ->
|
2006-10-01 03:53:37 +02:00
|
|
|
case (StateData#state.sockmod):get_peer_certificate(
|
2006-09-05 06:36:01 +02:00
|
|
|
StateData#state.socket) of
|
2010-12-11 02:28:50 +01:00
|
|
|
{ok, Cert} ->
|
|
|
|
case (StateData#state.sockmod):get_verify_result(StateData#state.socket) of
|
2005-11-03 06:04:54 +01:00
|
|
|
0 ->
|
|
|
|
[{xmlelement, "mechanisms",
|
|
|
|
[{"xmlns", ?NS_SASL}],
|
|
|
|
[{xmlelement, "mechanism", [],
|
|
|
|
[{xmlcdata, "EXTERNAL"}]}]}];
|
2010-12-11 02:28:50 +01:00
|
|
|
CertVerifyRes ->
|
|
|
|
case StateData#state.tls_certverify of
|
|
|
|
true -> {error_cert_verif, CertVerifyRes, Cert};
|
|
|
|
false -> []
|
|
|
|
end
|
2005-11-03 06:04:54 +01:00
|
|
|
end;
|
|
|
|
error ->
|
|
|
|
[]
|
|
|
|
end;
|
|
|
|
true ->
|
|
|
|
[]
|
|
|
|
end,
|
|
|
|
StartTLS = if
|
|
|
|
StateData#state.tls_enabled ->
|
|
|
|
[];
|
2010-12-10 17:27:15 +01:00
|
|
|
(not StateData#state.tls_enabled) and (not StateData#state.tls_required) ->
|
|
|
|
[{xmlelement, "starttls", [{"xmlns", ?NS_TLS}], []}];
|
|
|
|
(not StateData#state.tls_enabled) and StateData#state.tls_required ->
|
|
|
|
[{xmlelement, "starttls", [{"xmlns", ?NS_TLS}],
|
|
|
|
[{xmlelement, "required", [], []}]
|
|
|
|
}]
|
2005-11-03 06:04:54 +01:00
|
|
|
end,
|
2010-12-11 02:28:50 +01:00
|
|
|
case SASL of
|
|
|
|
{error_cert_verif, CertVerifyResult, Certificate} ->
|
|
|
|
CertError = tls:get_cert_verify_string(CertVerifyResult, Certificate),
|
|
|
|
RemoteServer = xml:get_attr_s("from", Attrs),
|
|
|
|
?INFO_MSG("Closing s2s connection: ~s <--> ~s (~s)", [StateData#state.server, RemoteServer, CertError]),
|
|
|
|
send_text(StateData, xml:element_to_string(?SERRT_POLICY_VIOLATION("en", CertError))),
|
|
|
|
{atomic, Pid} = ejabberd_s2s:find_connection(jlib:make_jid("", Server, ""), jlib:make_jid("", RemoteServer, "")),
|
|
|
|
ejabberd_s2s_out:stop_connection(Pid),
|
|
|
|
|
|
|
|
{stop, normal, StateData};
|
|
|
|
_ ->
|
|
|
|
send_element(StateData,
|
|
|
|
{xmlelement, "stream:features", [],
|
|
|
|
SASL ++ StartTLS ++
|
|
|
|
ejabberd_hooks:run_fold(
|
|
|
|
s2s_stream_features,
|
|
|
|
Server,
|
|
|
|
[], [Server])}),
|
|
|
|
{next_state, wait_for_feature_request, StateData#state{server = Server}}
|
|
|
|
end;
|
2010-05-07 18:32:57 +02:00
|
|
|
{"jabber:server", _, Server, true} when
|
2005-11-03 06:04:54 +01:00
|
|
|
StateData#state.authenticated ->
|
|
|
|
send_text(StateData, ?STREAM_HEADER(" version='1.0'")),
|
|
|
|
send_element(StateData,
|
2010-05-07 18:32:57 +02:00
|
|
|
{xmlelement, "stream:features", [],
|
|
|
|
ejabberd_hooks:run_fold(
|
|
|
|
s2s_stream_features,
|
|
|
|
Server,
|
|
|
|
[], [Server])}),
|
2005-11-03 06:04:54 +01:00
|
|
|
{next_state, stream_established, StateData};
|
2010-05-07 18:32:57 +02:00
|
|
|
{"jabber:server", "jabber:server:dialback", _Server, _} ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_text(StateData, ?STREAM_HEADER("")),
|
|
|
|
{next_state, stream_established, StateData};
|
2002-12-06 21:59:19 +01:00
|
|
|
_ ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_text(StateData, ?INVALID_NAMESPACE_ERR),
|
2002-12-06 21:59:19 +01:00
|
|
|
{stop, normal, StateData}
|
|
|
|
end;
|
|
|
|
|
2003-05-12 20:36:13 +02:00
|
|
|
wait_for_stream({xmlstreamerror, _}, StateData) ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_text(StateData,
|
|
|
|
?STREAM_HEADER("") ++ ?INVALID_XML_ERR ++ ?STREAM_TRAILER),
|
2003-05-12 20:36:13 +02:00
|
|
|
{stop, normal, StateData};
|
|
|
|
|
|
|
|
wait_for_stream(timeout, StateData) ->
|
|
|
|
{stop, normal, StateData};
|
|
|
|
|
2002-12-06 21:59:19 +01:00
|
|
|
wait_for_stream(closed, StateData) ->
|
|
|
|
{stop, normal, StateData}.
|
|
|
|
|
2005-10-25 03:08:37 +02:00
|
|
|
|
|
|
|
wait_for_feature_request({xmlstreamelement, El}, StateData) ->
|
|
|
|
{xmlelement, Name, Attrs, Els} = El,
|
|
|
|
TLS = StateData#state.tls,
|
|
|
|
TLSEnabled = StateData#state.tls_enabled,
|
2006-10-01 03:53:37 +02:00
|
|
|
SockMod = (StateData#state.sockmod):get_sockmod(StateData#state.socket),
|
2005-10-25 03:08:37 +02:00
|
|
|
case {xml:get_attr_s("xmlns", Attrs), Name} of
|
|
|
|
{?NS_TLS, "starttls"} when TLS == true,
|
|
|
|
TLSEnabled == false,
|
|
|
|
SockMod == gen_tcp ->
|
2007-09-14 16:16:04 +02:00
|
|
|
?DEBUG("starttls", []),
|
2005-10-25 03:08:37 +02:00
|
|
|
Socket = StateData#state.socket,
|
2010-11-06 20:09:33 +01:00
|
|
|
TLSOpts = case ejabberd_config:get_local_option(
|
|
|
|
{domain_certfile,
|
|
|
|
StateData#state.server}) of
|
|
|
|
undefined ->
|
|
|
|
StateData#state.tls_options;
|
|
|
|
CertFile ->
|
|
|
|
[{certfile, CertFile} |
|
|
|
|
lists:keydelete(
|
|
|
|
certfile, 1,
|
|
|
|
StateData#state.tls_options)]
|
|
|
|
end,
|
2006-10-01 03:53:37 +02:00
|
|
|
TLSSocket = (StateData#state.sockmod):starttls(
|
|
|
|
Socket, TLSOpts,
|
2010-07-01 12:54:01 +02:00
|
|
|
xml:element_to_binary(
|
2006-10-01 03:53:37 +02:00
|
|
|
{xmlelement, "proceed", [{"xmlns", ?NS_TLS}], []})),
|
2005-10-25 03:08:37 +02:00
|
|
|
{next_state, wait_for_stream,
|
2006-09-05 06:26:28 +02:00
|
|
|
StateData#state{socket = TLSSocket,
|
2005-10-25 03:08:37 +02:00
|
|
|
streamid = new_id(),
|
2010-11-06 20:09:33 +01:00
|
|
|
tls_enabled = true,
|
|
|
|
tls_options = TLSOpts
|
2005-10-25 03:08:37 +02:00
|
|
|
}};
|
2005-11-03 06:04:54 +01:00
|
|
|
{?NS_SASL, "auth"} when TLSEnabled ->
|
|
|
|
Mech = xml:get_attr_s("mechanism", Attrs),
|
|
|
|
case Mech of
|
|
|
|
"EXTERNAL" ->
|
|
|
|
Auth = jlib:decode_base64(xml:get_cdata(Els)),
|
|
|
|
AuthDomain = jlib:nameprep(Auth),
|
|
|
|
AuthRes =
|
2006-10-01 03:53:37 +02:00
|
|
|
case (StateData#state.sockmod):get_peer_certificate(
|
2006-09-05 06:36:01 +02:00
|
|
|
StateData#state.socket) of
|
2005-11-03 06:04:54 +01:00
|
|
|
{ok, Cert} ->
|
2006-10-01 03:53:37 +02:00
|
|
|
case (StateData#state.sockmod):get_verify_result(
|
2005-11-03 06:04:54 +01:00
|
|
|
StateData#state.socket) of
|
|
|
|
0 ->
|
|
|
|
case AuthDomain of
|
|
|
|
error ->
|
|
|
|
false;
|
|
|
|
_ ->
|
2005-11-17 06:29:33 +01:00
|
|
|
case idna:domain_utf8_to_ascii(AuthDomain) of
|
|
|
|
false ->
|
|
|
|
false;
|
|
|
|
PCAuthDomain ->
|
|
|
|
lists:any(
|
|
|
|
fun(D) ->
|
|
|
|
match_domain(
|
|
|
|
PCAuthDomain, D)
|
|
|
|
end, get_cert_domains(Cert))
|
|
|
|
end
|
2005-11-03 06:04:54 +01:00
|
|
|
end;
|
|
|
|
_ ->
|
|
|
|
false
|
|
|
|
end;
|
|
|
|
error ->
|
|
|
|
false
|
|
|
|
end,
|
2011-12-02 19:30:20 +01:00
|
|
|
AllowRemoteHost = ejabberd_s2s:allow_host("", AuthDomain),
|
2005-11-03 06:04:54 +01:00
|
|
|
if
|
2011-12-02 19:30:20 +01:00
|
|
|
AuthRes andalso AllowRemoteHost ->
|
2006-10-01 03:53:37 +02:00
|
|
|
(StateData#state.sockmod):reset_stream(
|
2006-09-05 06:26:28 +02:00
|
|
|
StateData#state.socket),
|
2005-11-03 06:04:54 +01:00
|
|
|
send_element(StateData,
|
|
|
|
{xmlelement, "success",
|
|
|
|
[{"xmlns", ?NS_SASL}], []}),
|
2007-09-14 16:16:04 +02:00
|
|
|
?DEBUG("(~w) Accepted s2s authentication for ~s",
|
2005-11-03 06:04:54 +01:00
|
|
|
[StateData#state.socket, AuthDomain]),
|
2011-12-01 16:55:20 +01:00
|
|
|
|
|
|
|
%% acess rules are first checked against the globally defined ones, that have precedence over
|
|
|
|
%% domain-specific ones.. http://www.process-one.net/docs/ejabberd/guide_en.html#AccessRights
|
|
|
|
%% since there is allways a shaper defined globally for s2s, it doesn't matter the actual
|
|
|
|
%% local host, since the globall one will be used, even if this domain has a special rule
|
|
|
|
change_shaper(StateData, "", jlib:make_jid("", AuthDomain, "")),
|
2005-11-03 06:04:54 +01:00
|
|
|
{next_state, wait_for_stream,
|
|
|
|
StateData#state{streamid = new_id(),
|
|
|
|
authenticated = true,
|
|
|
|
auth_domain = AuthDomain
|
|
|
|
}};
|
|
|
|
true ->
|
|
|
|
send_element(StateData,
|
|
|
|
{xmlelement, "failure",
|
|
|
|
[{"xmlns", ?NS_SASL}], []}),
|
|
|
|
send_text(StateData, ?STREAM_TRAILER),
|
|
|
|
{stop, normal, StateData}
|
|
|
|
end;
|
|
|
|
_ ->
|
|
|
|
send_element(StateData,
|
|
|
|
{xmlelement, "failure",
|
|
|
|
[{"xmlns", ?NS_SASL}],
|
|
|
|
[{xmlelement, "invalid-mechanism", [], []}]}),
|
|
|
|
{stop, normal, StateData}
|
|
|
|
end;
|
2005-10-25 03:08:37 +02:00
|
|
|
_ ->
|
|
|
|
stream_established({xmlstreamelement, El}, StateData)
|
|
|
|
end;
|
|
|
|
|
|
|
|
wait_for_feature_request({xmlstreamend, _Name}, StateData) ->
|
|
|
|
send_text(StateData, ?STREAM_TRAILER),
|
|
|
|
{stop, normal, StateData};
|
|
|
|
|
|
|
|
wait_for_feature_request({xmlstreamerror, _}, StateData) ->
|
|
|
|
send_text(StateData, ?INVALID_XML_ERR ++ ?STREAM_TRAILER),
|
|
|
|
{stop, normal, StateData};
|
|
|
|
|
|
|
|
wait_for_feature_request(closed, StateData) ->
|
|
|
|
{stop, normal, StateData}.
|
|
|
|
|
|
|
|
|
2003-10-29 21:09:09 +01:00
|
|
|
stream_established({xmlstreamelement, El}, StateData) ->
|
2003-12-06 20:58:49 +01:00
|
|
|
cancel_timer(StateData#state.timer),
|
|
|
|
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
|
2002-12-06 21:59:19 +01:00
|
|
|
case is_key_packet(El) of
|
|
|
|
{key, To, From, Id, Key} ->
|
2007-09-14 16:16:04 +02:00
|
|
|
?DEBUG("GET KEY: ~p", [{To, From, Id, Key}]),
|
2003-10-29 21:09:09 +01:00
|
|
|
LTo = jlib:nameprep(To),
|
|
|
|
LFrom = jlib:nameprep(From),
|
2007-09-14 16:15:44 +02:00
|
|
|
%% Checks if the from domain is allowed and if the to
|
|
|
|
%% domain is handled by this server:
|
2010-11-08 23:09:14 +01:00
|
|
|
case {ejabberd_s2s:allow_host(LTo, LFrom),
|
2007-07-19 23:17:13 +02:00
|
|
|
lists:member(LTo, ejabberd_router:dirty_get_all_domains())} of
|
|
|
|
{true, true} ->
|
2010-11-08 23:09:14 +01:00
|
|
|
ejabberd_s2s_out:terminate_if_waiting_delay(LTo, LFrom),
|
|
|
|
ejabberd_s2s_out:start(LTo, LFrom,
|
2003-09-03 19:49:42 +02:00
|
|
|
{verify, self(),
|
|
|
|
Key, StateData#state.streamid}),
|
2003-10-29 21:09:09 +01:00
|
|
|
Conns = ?DICT:store({LFrom, LTo}, wait_for_verification,
|
|
|
|
StateData#state.connections),
|
2005-06-20 05:18:13 +02:00
|
|
|
change_shaper(StateData, LTo, jlib:make_jid("", LFrom, "")),
|
2003-03-27 16:28:47 +01:00
|
|
|
{next_state,
|
2003-10-29 21:09:09 +01:00
|
|
|
stream_established,
|
2003-12-06 20:58:49 +01:00
|
|
|
StateData#state{connections = Conns,
|
|
|
|
timer = Timer}};
|
2007-07-19 23:17:13 +02:00
|
|
|
{_, false} ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_text(StateData, ?HOST_UNKNOWN_ERR),
|
2007-07-19 23:17:13 +02:00
|
|
|
{stop, normal, StateData};
|
|
|
|
{false, _} ->
|
|
|
|
send_text(StateData, ?INVALID_FROM_ERR),
|
|
|
|
{stop, normal, StateData}
|
2003-03-27 16:28:47 +01:00
|
|
|
end;
|
2002-12-06 21:59:19 +01:00
|
|
|
{verify, To, From, Id, Key} ->
|
2007-09-14 16:16:04 +02:00
|
|
|
?DEBUG("VERIFY KEY: ~p", [{To, From, Id, Key}]),
|
2003-10-29 21:09:09 +01:00
|
|
|
LTo = jlib:nameprep(To),
|
|
|
|
LFrom = jlib:nameprep(From),
|
2007-09-14 16:15:44 +02:00
|
|
|
Type = case ejabberd_s2s:has_key({LTo, LFrom}, Key) of
|
|
|
|
true -> "valid";
|
|
|
|
_ -> "invalid"
|
2002-12-07 21:27:26 +01:00
|
|
|
end,
|
2007-09-14 16:15:44 +02:00
|
|
|
%Type = if Key == Key1 -> "valid";
|
|
|
|
% true -> "invalid"
|
|
|
|
% end,
|
2005-10-25 03:08:37 +02:00
|
|
|
send_element(StateData,
|
2002-12-07 21:27:26 +01:00
|
|
|
{xmlelement,
|
|
|
|
"db:verify",
|
2003-10-29 21:09:09 +01:00
|
|
|
[{"from", To},
|
2002-12-07 21:27:26 +01:00
|
|
|
{"to", From},
|
|
|
|
{"id", Id},
|
|
|
|
{"type", Type}],
|
|
|
|
[]}),
|
2003-12-06 20:58:49 +01:00
|
|
|
{next_state, stream_established, StateData#state{timer = Timer}};
|
2002-12-06 21:59:19 +01:00
|
|
|
_ ->
|
2006-01-25 01:35:12 +01:00
|
|
|
NewEl = jlib:remove_attr("xmlns", El),
|
|
|
|
{xmlelement, Name, Attrs, _Els} = NewEl,
|
2003-10-29 21:09:09 +01:00
|
|
|
From_s = xml:get_attr_s("from", Attrs),
|
|
|
|
From = jlib:string_to_jid(From_s),
|
|
|
|
To_s = xml:get_attr_s("to", Attrs),
|
|
|
|
To = jlib:string_to_jid(To_s),
|
|
|
|
if
|
|
|
|
(To /= error) and (From /= error) ->
|
|
|
|
LFrom = From#jid.lserver,
|
|
|
|
LTo = To#jid.lserver,
|
2005-11-03 06:04:54 +01:00
|
|
|
if
|
|
|
|
StateData#state.authenticated ->
|
|
|
|
case (LFrom == StateData#state.auth_domain)
|
|
|
|
andalso
|
|
|
|
lists:member(
|
|
|
|
LTo,
|
|
|
|
ejabberd_router:dirty_get_all_domains()) of
|
|
|
|
true ->
|
|
|
|
if ((Name == "iq") or
|
|
|
|
(Name == "message") or
|
|
|
|
(Name == "presence")) ->
|
2008-05-22 12:53:49 +02:00
|
|
|
ejabberd_hooks:run(
|
|
|
|
s2s_receive_packet,
|
2009-09-04 23:31:03 +02:00
|
|
|
LTo,
|
2008-05-22 12:53:49 +02:00
|
|
|
[From, To, NewEl]),
|
2006-01-25 01:35:12 +01:00
|
|
|
ejabberd_router:route(
|
|
|
|
From, To, NewEl);
|
2005-11-03 06:04:54 +01:00
|
|
|
true ->
|
|
|
|
error
|
|
|
|
end;
|
|
|
|
false ->
|
2003-10-29 21:09:09 +01:00
|
|
|
error
|
|
|
|
end;
|
2005-11-03 06:04:54 +01:00
|
|
|
true ->
|
|
|
|
case ?DICT:find({LFrom, LTo},
|
|
|
|
StateData#state.connections) of
|
|
|
|
{ok, established} ->
|
|
|
|
if ((Name == "iq") or
|
|
|
|
(Name == "message") or
|
|
|
|
(Name == "presence")) ->
|
2008-05-22 12:53:49 +02:00
|
|
|
ejabberd_hooks:run(
|
|
|
|
s2s_receive_packet,
|
2009-09-04 23:31:03 +02:00
|
|
|
LTo,
|
2008-05-22 12:53:49 +02:00
|
|
|
[From, To, NewEl]),
|
2006-01-25 01:35:12 +01:00
|
|
|
ejabberd_router:route(
|
|
|
|
From, To, NewEl);
|
2005-11-03 06:04:54 +01:00
|
|
|
true ->
|
|
|
|
error
|
|
|
|
end;
|
|
|
|
_ ->
|
|
|
|
error
|
|
|
|
end
|
2003-10-29 21:09:09 +01:00
|
|
|
end;
|
|
|
|
true ->
|
|
|
|
error
|
2003-12-06 20:58:49 +01:00
|
|
|
end,
|
2007-09-14 16:21:12 +02:00
|
|
|
ejabberd_hooks:run(s2s_loop_debug, [{xmlstreamelement, El}]),
|
2003-12-06 20:58:49 +01:00
|
|
|
{next_state, stream_established, StateData#state{timer = Timer}}
|
|
|
|
end;
|
2002-12-06 21:59:19 +01:00
|
|
|
|
2003-10-29 21:09:09 +01:00
|
|
|
stream_established({valid, From, To}, StateData) ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_element(StateData,
|
2002-12-07 21:27:26 +01:00
|
|
|
{xmlelement,
|
|
|
|
"db:result",
|
2003-10-29 21:09:09 +01:00
|
|
|
[{"from", To},
|
|
|
|
{"to", From},
|
2002-12-07 21:27:26 +01:00
|
|
|
{"type", "valid"}],
|
|
|
|
[]}),
|
2003-10-29 21:09:09 +01:00
|
|
|
LFrom = jlib:nameprep(From),
|
|
|
|
LTo = jlib:nameprep(To),
|
|
|
|
NSD = StateData#state{
|
|
|
|
connections = ?DICT:store({LFrom, LTo}, established,
|
|
|
|
StateData#state.connections)},
|
2003-12-06 20:58:49 +01:00
|
|
|
{next_state, stream_established, NSD};
|
2003-10-29 21:09:09 +01:00
|
|
|
|
|
|
|
stream_established({invalid, From, To}, StateData) ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_element(StateData,
|
2002-12-07 21:27:26 +01:00
|
|
|
{xmlelement,
|
|
|
|
"db:result",
|
2003-10-29 21:09:09 +01:00
|
|
|
[{"from", To},
|
|
|
|
{"to", From},
|
2002-12-07 21:27:26 +01:00
|
|
|
{"type", "invalid"}],
|
|
|
|
[]}),
|
2003-10-29 21:09:09 +01:00
|
|
|
LFrom = jlib:nameprep(From),
|
|
|
|
LTo = jlib:nameprep(To),
|
|
|
|
NSD = StateData#state{
|
2003-12-06 20:58:49 +01:00
|
|
|
connections = ?DICT:erase({LFrom, LTo},
|
2003-10-29 21:09:09 +01:00
|
|
|
StateData#state.connections)},
|
2003-12-06 20:58:49 +01:00
|
|
|
{next_state, stream_established, NSD};
|
2003-10-29 21:09:09 +01:00
|
|
|
|
|
|
|
stream_established({xmlstreamend, _Name}, StateData) ->
|
2003-05-12 20:36:13 +02:00
|
|
|
{stop, normal, StateData};
|
|
|
|
|
|
|
|
stream_established({xmlstreamerror, _}, StateData) ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_text(StateData,
|
|
|
|
?INVALID_XML_ERR ++ ?STREAM_TRAILER),
|
2002-12-07 21:27:26 +01:00
|
|
|
{stop, normal, StateData};
|
2002-12-06 21:59:19 +01:00
|
|
|
|
2003-01-26 21:16:53 +01:00
|
|
|
stream_established(timeout, StateData) ->
|
|
|
|
{stop, normal, StateData};
|
|
|
|
|
2002-12-07 21:27:26 +01:00
|
|
|
stream_established(closed, StateData) ->
|
2002-12-06 21:59:19 +01:00
|
|
|
{stop, normal, StateData}.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
%% Func: StateName/3
|
|
|
|
%% Returns: {next_state, NextStateName, NextStateData} |
|
|
|
|
%% {next_state, NextStateName, NextStateData, Timeout} |
|
|
|
|
%% {reply, Reply, NextStateName, NextStateData} |
|
|
|
|
%% {reply, Reply, NextStateName, NextStateData, Timeout} |
|
|
|
|
%% {stop, Reason, NewStateData} |
|
2007-09-14 16:15:44 +02:00
|
|
|
%% {stop, Reason, Reply, NewStateData}
|
2002-12-06 21:59:19 +01:00
|
|
|
%%----------------------------------------------------------------------
|
2003-01-24 21:18:33 +01:00
|
|
|
%state_name(Event, From, StateData) ->
|
|
|
|
% Reply = ok,
|
|
|
|
% {reply, Reply, state_name, StateData}.
|
2002-12-06 21:59:19 +01:00
|
|
|
|
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
%% Func: handle_event/3
|
|
|
|
%% Returns: {next_state, NextStateName, NextStateData} |
|
|
|
|
%% {next_state, NextStateName, NextStateData, Timeout} |
|
2007-09-14 16:15:44 +02:00
|
|
|
%% {stop, Reason, NewStateData}
|
2002-12-06 21:59:19 +01:00
|
|
|
%%----------------------------------------------------------------------
|
2003-10-29 21:09:09 +01:00
|
|
|
handle_event(_Event, StateName, StateData) ->
|
2003-12-06 20:58:49 +01:00
|
|
|
{next_state, StateName, StateData}.
|
2009-05-19 11:38:17 +02:00
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
%% Func: handle_sync_event/4
|
|
|
|
%% Returns: The associated StateData for this connection
|
|
|
|
%% {reply, Reply, NextStateName, NextStateData}
|
|
|
|
%% Reply = {state_infos, [{InfoName::atom(), InfoValue::any()]
|
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
handle_sync_event(get_state_infos, _From, StateName, StateData) ->
|
|
|
|
SockMod = StateData#state.sockmod,
|
|
|
|
{Addr,Port} = try SockMod:peername(StateData#state.socket) of
|
|
|
|
{ok, {A,P}} -> {A,P};
|
|
|
|
{error, _} -> {unknown,unknown}
|
|
|
|
catch
|
|
|
|
_:_ -> {unknown,unknown}
|
|
|
|
end,
|
2011-12-02 19:30:20 +01:00
|
|
|
Domains = get_external_hosts(StateData),
|
2009-05-19 11:38:17 +02:00
|
|
|
Infos = [
|
|
|
|
{direction, in},
|
|
|
|
{statename, StateName},
|
|
|
|
{addr, Addr},
|
|
|
|
{port, Port},
|
|
|
|
{streamid, StateData#state.streamid},
|
|
|
|
{tls, StateData#state.tls},
|
|
|
|
{tls_enabled, StateData#state.tls_enabled},
|
|
|
|
{tls_options, StateData#state.tls_options},
|
|
|
|
{authenticated, StateData#state.authenticated},
|
|
|
|
{shaper, StateData#state.shaper},
|
2009-08-15 23:38:48 +02:00
|
|
|
{sockmod, SockMod},
|
|
|
|
{domains, Domains}
|
2009-05-19 11:38:17 +02:00
|
|
|
],
|
|
|
|
Reply = {state_infos, Infos},
|
|
|
|
{reply,Reply,StateName,StateData};
|
2002-12-06 21:59:19 +01:00
|
|
|
|
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
%% Func: handle_sync_event/4
|
|
|
|
%% Returns: {next_state, NextStateName, NextStateData} |
|
|
|
|
%% {next_state, NextStateName, NextStateData, Timeout} |
|
|
|
|
%% {reply, Reply, NextStateName, NextStateData} |
|
|
|
|
%% {reply, Reply, NextStateName, NextStateData, Timeout} |
|
|
|
|
%% {stop, Reason, NewStateData} |
|
2007-09-14 16:15:44 +02:00
|
|
|
%% {stop, Reason, Reply, NewStateData}
|
2002-12-06 21:59:19 +01:00
|
|
|
%%----------------------------------------------------------------------
|
2003-10-29 21:09:09 +01:00
|
|
|
handle_sync_event(_Event, _From, StateName, StateData) ->
|
2002-12-06 21:59:19 +01:00
|
|
|
Reply = ok,
|
|
|
|
{reply, Reply, StateName, StateData}.
|
|
|
|
|
2003-10-29 21:09:09 +01:00
|
|
|
code_change(_OldVsn, StateName, StateData, _Extra) ->
|
2003-01-24 21:18:33 +01:00
|
|
|
{ok, StateName, StateData}.
|
|
|
|
|
2002-12-06 21:59:19 +01:00
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
%% Func: handle_info/3
|
|
|
|
%% Returns: {next_state, NextStateName, NextStateData} |
|
|
|
|
%% {next_state, NextStateName, NextStateData, Timeout} |
|
2007-09-14 16:15:44 +02:00
|
|
|
%% {stop, Reason, NewStateData}
|
2002-12-06 21:59:19 +01:00
|
|
|
%%----------------------------------------------------------------------
|
|
|
|
handle_info({send_text, Text}, StateName, StateData) ->
|
2005-10-25 03:08:37 +02:00
|
|
|
send_text(StateData, Text),
|
2002-12-07 21:27:26 +01:00
|
|
|
{next_state, StateName, StateData};
|
2003-12-06 20:58:49 +01:00
|
|
|
|
2005-11-03 06:04:54 +01:00
|
|
|
handle_info({timeout, Timer, _}, _StateName,
|
|