25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00
xmpp.chapril.org-ejabberd/src/ejabberd_s2s_out.erl

1143 lines
41 KiB
Erlang

%%%----------------------------------------------------------------------
%%% File : ejabberd_s2s_out.erl
%%% Author : Alexey Shchepin <alexey@process-one.net>
%%% Purpose : Manage outgoing server-to-server connections
%%% Created : 6 Dec 2002 by Alexey Shchepin <alexey@process-one.net>
%%%
%%%
%%% ejabberd, Copyright (C) 2002-2017 ProcessOne
%%%
%%% This program is free software; you can redistribute it and/or
%%% modify it under the terms of the GNU General Public License as
%%% published by the Free Software Foundation; either version 2 of the
%%% License, or (at your option) any later version.
%%%
%%% This program is distributed in the hope that it will be useful,
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
%%% General Public License for more details.
%%%
%%% You should have received a copy of the GNU General Public License along
%%% with this program; if not, write to the Free Software Foundation, Inc.,
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
%%%
%%%----------------------------------------------------------------------
-module(ejabberd_s2s_out).
-behaviour(ejabberd_config).
-author('alexey@process-one.net').
-behaviour(p1_fsm).
%% External exports
-export([start/3,
start_link/3,
start_connection/1,
terminate_if_waiting_delay/2,
stop_connection/1,
transform_options/1]).
-export([init/1, open_socket/2, wait_for_stream/2,
wait_for_validation/2, wait_for_features/2,
wait_for_auth_result/2, wait_for_starttls_proceed/2,
relay_to_bridge/2, reopen_socket/2, wait_before_retry/2,
stream_established/2, handle_event/3,
handle_sync_event/4, handle_info/3, terminate/3,
print_state/1, code_change/4, test_get_addr_port/1,
get_addr_port/1, opt_type/1]).
-include("ejabberd.hrl").
-include("logger.hrl").
-include("xmpp.hrl").
-record(state,
{socket :: ejabberd_socket:socket_state(),
streamid = <<"">> :: binary(),
remote_streamid = <<"">> :: binary(),
use_v10 = true :: boolean(),
tls = false :: boolean(),
tls_required = false :: boolean(),
tls_certverify = false :: boolean(),
tls_enabled = false :: boolean(),
tls_options = [connect] :: list(),
authenticated = false :: boolean(),
db_enabled = true :: boolean(),
try_auth = true :: boolean(),
myname = <<"">> :: binary(),
server = <<"">> :: binary(),
queue = queue:new() :: ?TQUEUE,
delay_to_retry = undefined_delay :: undefined_delay | non_neg_integer(),
new = false :: boolean(),
verify = false :: false | {pid(), binary(), binary()},
bridge :: {atom(), atom()},
timer = make_ref() :: reference()}).
-type state_name() :: open_socket | wait_for_stream |
wait_for_validation | wait_for_features |
wait_for_auth_result | wait_for_starttls_proceed |
relay_to_bridge | reopen_socket | wait_before_retry |
stream_established.
-type state() :: #state{}.
-type fsm_stop() :: {stop, normal, state()}.
-type fsm_next() :: {next_state, state_name(), state(), non_neg_integer()} |
{next_state, state_name(), state()}.
-type fsm_transition() :: fsm_stop() | fsm_next().
%%-define(DBGFSM, true).
-ifdef(DBGFSM).
-define(FSMOPTS, [{debug, [trace]}]).
-else.
-define(FSMOPTS, []).
-endif.
-define(FSMTIMEOUT, 30000).
%% We do not block on send anymore.
-define(TCP_SEND_TIMEOUT, 15000).
%% Maximum delay to wait before retrying to connect after a failed attempt.
%% Specified in miliseconds. Default value is 5 minutes.
-define(MAX_RETRY_DELAY, 300000).
-define(SOCKET_DEFAULT_RESULT, {error, badarg}).
%%%----------------------------------------------------------------------
%%% API
%%%----------------------------------------------------------------------
start(From, Host, Type) ->
supervisor:start_child(ejabberd_s2s_out_sup,
[From, Host, Type]).
start_link(From, Host, Type) ->
p1_fsm:start_link(ejabberd_s2s_out, [From, Host, Type],
fsm_limit_opts() ++ (?FSMOPTS)).
start_connection(Pid) -> p1_fsm:send_event(Pid, init).
stop_connection(Pid) -> p1_fsm:send_event(Pid, closed).
%%%----------------------------------------------------------------------
%%% Callback functions from p1_fsm
%%%----------------------------------------------------------------------
init([From, Server, Type]) ->
process_flag(trap_exit, true),
?DEBUG("started: ~p", [{From, Server, Type}]),
{TLS, TLSRequired, TLSCertverify} =
case ejabberd_config:get_option(
s2s_use_starttls,
fun(true) -> true;
(false) -> false;
(optional) -> optional;
(required) -> required;
(required_trusted) -> required_trusted
end)
of
UseTls
when (UseTls == undefined) or (UseTls == false) ->
{false, false, false};
UseTls
when (UseTls == true) or (UseTls == optional) ->
{true, false, false};
required ->
{true, true, false};
required_trusted ->
{true, true, true}
end,
UseV10 = TLS,
TLSOpts1 = case
ejabberd_config:get_option(
s2s_certfile, fun iolist_to_binary/1)
of
undefined -> [connect];
CertFile -> [{certfile, CertFile}, connect]
end,
TLSOpts2 = case ejabberd_config:get_option(
s2s_ciphers, fun iolist_to_binary/1) of
undefined -> TLSOpts1;
Ciphers -> [{ciphers, Ciphers} | TLSOpts1]
end,
TLSOpts3 = case ejabberd_config:get_option(
s2s_protocol_options,
fun (Options) ->
[_|O] = lists:foldl(
fun(X, Acc) -> X ++ Acc end, [],
[["|" | binary_to_list(Opt)] || Opt <- Options, is_binary(Opt)]
),
iolist_to_binary(O)
end) of
undefined -> TLSOpts2;
ProtocolOpts -> [{protocol_options, ProtocolOpts} | TLSOpts2]
end,
TLSOpts4 = case ejabberd_config:get_option(
s2s_dhfile, fun iolist_to_binary/1) of
undefined -> TLSOpts3;
DHFile -> [{dhfile, DHFile} | TLSOpts3]
end,
TLSOpts = case ejabberd_config:get_option(
{s2s_tls_compression, From},
fun(true) -> true;
(false) -> false
end, false) of
false -> [compression_none | TLSOpts4];
true -> TLSOpts4
end,
{New, Verify} = case Type of
new -> {true, false};
{verify, Pid, Key, SID} ->
start_connection(self()), {false, {Pid, Key, SID}}
end,
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
{ok, open_socket,
#state{use_v10 = UseV10, tls = TLS,
tls_required = TLSRequired, tls_certverify = TLSCertverify,
tls_options = TLSOpts, queue = queue:new(), myname = From,
server = Server, new = New, verify = Verify, timer = Timer}}.
open_socket(init, StateData) ->
log_s2s_out(StateData#state.new, StateData#state.myname,
StateData#state.server, StateData#state.tls),
?DEBUG("open_socket: ~p",
[{StateData#state.myname, StateData#state.server,
StateData#state.new, StateData#state.verify}]),
AddrList = case
ejabberd_idna:domain_utf8_to_ascii(StateData#state.server)
of
false -> [];
ASCIIAddr -> get_addr_port(ASCIIAddr)
end,
case lists:foldl(fun ({Addr, Port}, Acc) ->
case Acc of
{ok, Socket} -> {ok, Socket};
_ -> open_socket1(Addr, Port)
end
end,
?SOCKET_DEFAULT_RESULT, AddrList)
of
{ok, Socket} ->
Version = if StateData#state.use_v10 -> {1,0};
true -> undefined
end,
NewStateData = StateData#state{socket = Socket,
tls_enabled = false,
streamid = new_id()},
send_header(NewStateData, Version),
{next_state, wait_for_stream, NewStateData,
?FSMTIMEOUT};
{error, Reason} ->
?INFO_MSG("s2s connection: ~s -> ~s (remote server "
"not found: ~p)",
[StateData#state.myname, StateData#state.server, Reason]),
case ejabberd_hooks:run_fold(find_s2s_bridge, undefined,
[StateData#state.myname,
StateData#state.server])
of
{Mod, Fun, Type} ->
?INFO_MSG("found a bridge to ~s for: ~s -> ~s",
[Type, StateData#state.myname,
StateData#state.server]),
NewStateData = StateData#state{bridge = {Mod, Fun}},
{next_state, relay_to_bridge, NewStateData};
_ -> wait_before_reconnect(StateData)
end
end;
open_socket(Event, StateData) ->
handle_unexpected_event(Event, open_socket, StateData).
open_socket1({_, _, _, _} = Addr, Port) ->
open_socket2(inet, Addr, Port);
%% IPv6
open_socket1({_, _, _, _, _, _, _, _} = Addr, Port) ->
open_socket2(inet6, Addr, Port);
%% Hostname
open_socket1(Host, Port) ->
lists:foldl(fun (_Family, {ok, _Socket} = R) -> R;
(Family, _) ->
Addrs = get_addrs(Host, Family),
lists:foldl(fun (_Addr, {ok, _Socket} = R) -> R;
(Addr, _) -> open_socket1(Addr, Port)
end,
?SOCKET_DEFAULT_RESULT, Addrs)
end,
?SOCKET_DEFAULT_RESULT, outgoing_s2s_families()).
open_socket2(Type, Addr, Port) ->
?DEBUG("s2s_out: connecting to ~p:~p~n", [Addr, Port]),
Timeout = outgoing_s2s_timeout(),
case catch ejabberd_socket:connect(Addr, Port,
[binary, {packet, 0},
{send_timeout, ?TCP_SEND_TIMEOUT},
{send_timeout_close, true},
{active, false}, Type],
Timeout)
of
{ok, _Socket} = R -> R;
{error, Reason} = R ->
?DEBUG("s2s_out: connect return ~p~n", [Reason]), R;
{'EXIT', Reason} ->
?DEBUG("s2s_out: connect crashed ~p~n", [Reason]),
{error, Reason}
end.
%%----------------------------------------------------------------------
wait_for_stream({xmlstreamstart, Name, Attrs}, StateData0) ->
{CertCheckRes, CertCheckMsg, StateData} =
if StateData0#state.tls_certverify, StateData0#state.tls_enabled ->
{Res, Msg} =
ejabberd_s2s:check_peer_certificate(ejabberd_socket,
StateData0#state.socket,
StateData0#state.server),
?DEBUG("Certificate verification result for ~s: ~s",
[StateData0#state.server, Msg]),
{Res, Msg, StateData0#state{tls_certverify = false}};
true ->
{no_verify, <<"Not verified">>, StateData0}
end,
try xmpp:decode(#xmlel{name = Name, attrs = Attrs}) of
_ when CertCheckRes == error ->
send_element(StateData,
xmpp:serr_policy_violation(CertCheckMsg, ?MYLANG)),
?INFO_MSG("Closing s2s connection: ~s -> ~s (~s)",
[StateData#state.myname, StateData#state.server,
CertCheckMsg]),
{stop, normal, StateData};
#stream_start{xmlns = NS_SERVER, stream_xmlns = NS_STREAM}
when NS_SERVER /= ?NS_SERVER; NS_STREAM /= ?NS_STREAM ->
send_element(StateData, xmpp:serr_invalid_namespace()),
{stop, normal, StateData};
#stream_start{db_xmlns = ?NS_SERVER_DIALBACK, id = ID,
version = V} when V /= {1,0} ->
send_db_request(StateData#state{remote_streamid = ID});
#stream_start{db_xmlns = ?NS_SERVER_DIALBACK, id = ID}
when StateData#state.use_v10 ->
{next_state, wait_for_features,
StateData#state{remote_streamid = ID}, ?FSMTIMEOUT};
#stream_start{db_xmlns = ?NS_SERVER_DIALBACK, id = ID}
when not StateData#state.use_v10 ->
%% Handle Tigase's workaround for an old ejabberd bug:
send_db_request(StateData#state{remote_streamid = ID});
#stream_start{id = ID} when StateData#state.use_v10 ->
{next_state, wait_for_features,
StateData#state{db_enabled = false, remote_streamid = ID},
?FSMTIMEOUT};
#stream_start{} ->
send_element(StateData, xmpp:serr_invalid_namespace()),
{stop, normal, StateData};
_ ->
send_element(StateData, xmpp:serr_invalid_xml()),
{stop, normal, StateData}
catch _:{xmpp_codec, Why} ->
Txt = xmpp:format_error(Why),
send_element(StateData, xmpp:serr_invalid_xml(Txt, ?MYLANG)),
{stop, normal, StateData}
end;
wait_for_stream(Event, StateData) ->
handle_unexpected_event(Event, wait_for_stream, StateData).
wait_for_validation({xmlstreamelement, El}, StateData) ->
decode_element(El, wait_for_validation, StateData);
wait_for_validation(#db_result{to = To, from = From, type = Type}, StateData) ->
?DEBUG("recv result: ~p", [{From, To, Type}]),
case {Type, StateData#state.tls_enabled, StateData#state.tls_required} of
{valid, Enabled, Required} when (Enabled == true) or (Required == false) ->
send_queue(StateData, StateData#state.queue),
?INFO_MSG("Connection established: ~s -> ~s with "
"TLS=~p",
[StateData#state.myname, StateData#state.server,
StateData#state.tls_enabled]),
ejabberd_hooks:run(s2s_connect_hook,
[StateData#state.myname,
StateData#state.server]),
{next_state, stream_established, StateData#state{queue = queue:new()}};
{valid, Enabled, Required} when (Enabled == false) and (Required == true) ->
?INFO_MSG("Closing s2s connection: ~s -> ~s (TLS "
"is required but unavailable)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
_ ->
?INFO_MSG("Closing s2s connection: ~s -> ~s (invalid "
"dialback key result)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}
end;
wait_for_validation(#db_verify{to = To, from = From, id = Id, type = Type},
StateData) ->
?DEBUG("recv verify: ~p", [{From, To, Id, Type}]),
case StateData#state.verify of
false ->
NextState = wait_for_validation,
{next_state, NextState, StateData, get_timeout_interval(NextState)};
{Pid, _Key, _SID} ->
case Type of
valid ->
p1_fsm:send_event(Pid,
{valid, StateData#state.server,
StateData#state.myname});
_ ->
p1_fsm:send_event(Pid,
{invalid, StateData#state.server,
StateData#state.myname})
end,
if StateData#state.verify == false ->
{stop, normal, StateData};
true ->
NextState = wait_for_validation,
{next_state, NextState, StateData, get_timeout_interval(NextState)}
end
end;
wait_for_validation(timeout,
#state{verify = {VPid, VKey, SID}} = StateData)
when is_pid(VPid) and is_binary(VKey) and is_binary(SID) ->
?DEBUG("wait_for_validation: ~s -> ~s (timeout in verify connection)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
wait_for_validation(Event, StateData) ->
handle_unexpected_event(Event, wait_for_validation, StateData).
wait_for_features({xmlstreamelement, El}, StateData) ->
decode_element(El, wait_for_features, StateData);
wait_for_features(#stream_features{sub_els = Els}, StateData) ->
{SASLEXT, StartTLS, StartTLSRequired} =
lists:foldl(
fun(#sasl_mechanisms{list = Mechs}, {_, STLS, STLSReq}) ->
{lists:member(<<"EXTERNAL">>, Mechs), STLS, STLSReq};
(#starttls{required = Required}, {SEXT, _, _}) ->
{SEXT, true, Required};
(_, Acc) ->
Acc
end, {false, false, false}, Els),
if not SASLEXT and not StartTLS and StateData#state.authenticated ->
send_queue(StateData, StateData#state.queue),
?INFO_MSG("Connection established: ~s -> ~s with "
"SASL EXTERNAL and TLS=~p",
[StateData#state.myname, StateData#state.server,
StateData#state.tls_enabled]),
ejabberd_hooks:run(s2s_connect_hook,
[StateData#state.myname,
StateData#state.server]),
{next_state, stream_established,
StateData#state{queue = queue:new()}};
SASLEXT and StateData#state.try_auth and
(StateData#state.new /= false) and
(StateData#state.tls_enabled or
not StateData#state.tls_required) ->
send_element(StateData,
#sasl_auth{mechanism = <<"EXTERNAL">>,
text = StateData#state.myname}),
{next_state, wait_for_auth_result,
StateData#state{try_auth = false}, ?FSMTIMEOUT};
StartTLS and StateData#state.tls and
not StateData#state.tls_enabled ->
send_element(StateData, #starttls{}),
{next_state, wait_for_starttls_proceed, StateData, ?FSMTIMEOUT};
StartTLSRequired and not StateData#state.tls ->
?DEBUG("restarted: ~p",
[{StateData#state.myname, StateData#state.server}]),
ejabberd_socket:close(StateData#state.socket),
{next_state, reopen_socket,
StateData#state{socket = undefined, use_v10 = false},
?FSMTIMEOUT};
StateData#state.db_enabled ->
send_db_request(StateData);
true ->
?DEBUG("restarted: ~p",
[{StateData#state.myname, StateData#state.server}]),
ejabberd_socket:close(StateData#state.socket),
{next_state, reopen_socket,
StateData#state{socket = undefined, use_v10 = false}, ?FSMTIMEOUT}
end;
wait_for_features(Event, StateData) ->
handle_unexpected_event(Event, wait_for_features, StateData).
wait_for_auth_result({xmlstreamelement, El}, StateData) ->
decode_element(El, wait_for_auth_result, StateData);
wait_for_auth_result(#sasl_success{}, StateData) ->
?DEBUG("auth: ~p", [{StateData#state.myname, StateData#state.server}]),
ejabberd_socket:reset_stream(StateData#state.socket),
send_header(StateData, {1,0}),
{next_state, wait_for_stream,
StateData#state{streamid = new_id(), authenticated = true},
?FSMTIMEOUT};
wait_for_auth_result(#sasl_failure{}, StateData) ->
?DEBUG("restarted: ~p", [{StateData#state.myname, StateData#state.server}]),
ejabberd_socket:close(StateData#state.socket),
{next_state, reopen_socket,
StateData#state{socket = undefined}, ?FSMTIMEOUT};
wait_for_auth_result(Event, StateData) ->
handle_unexpected_event(Event, wait_for_auth_result, StateData).
wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
decode_element(El, wait_for_starttls_proceed, StateData);
wait_for_starttls_proceed(#starttls_proceed{}, StateData) ->
?DEBUG("starttls: ~p", [{StateData#state.myname, StateData#state.server}]),
Socket = StateData#state.socket,
TLSOpts = case ejabberd_config:get_option(
{domain_certfile, StateData#state.myname},
fun iolist_to_binary/1) of
undefined -> StateData#state.tls_options;
CertFile ->
[{certfile, CertFile}
| lists:keydelete(certfile, 1,
StateData#state.tls_options)]
end,
TLSSocket = ejabberd_socket:starttls(Socket, TLSOpts),
NewStateData = StateData#state{socket = TLSSocket,
streamid = new_id(),
tls_enabled = true,
tls_options = TLSOpts},
send_header(NewStateData, {1,0}),
{next_state, wait_for_stream, NewStateData, ?FSMTIMEOUT};
wait_for_starttls_proceed(Event, StateData) ->
handle_unexpected_event(Event, wait_for_starttls_proceed, StateData).
reopen_socket({xmlstreamelement, _El}, StateData) ->
{next_state, reopen_socket, StateData, ?FSMTIMEOUT};
reopen_socket({xmlstreamend, _Name}, StateData) ->
{next_state, reopen_socket, StateData, ?FSMTIMEOUT};
reopen_socket({xmlstreamerror, _}, StateData) ->
{next_state, reopen_socket, StateData, ?FSMTIMEOUT};
reopen_socket(timeout, StateData) ->
?INFO_MSG("reopen socket: timeout", []),
{stop, normal, StateData};
reopen_socket(closed, StateData) ->
p1_fsm:send_event(self(), init),
{next_state, open_socket, StateData, ?FSMTIMEOUT}.
%% This state is use to avoid reconnecting to often to bad sockets
wait_before_retry(_Event, StateData) ->
{next_state, wait_before_retry, StateData, ?FSMTIMEOUT}.
relay_to_bridge(stop, StateData) ->
wait_before_reconnect(StateData);
relay_to_bridge(closed, StateData) ->
?INFO_MSG("relay to bridge: ~s -> ~s (closed)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
relay_to_bridge(_Event, StateData) ->
{next_state, relay_to_bridge, StateData}.
stream_established({xmlstreamelement, El}, StateData) ->
decode_element(El, stream_established, StateData);
stream_established(#db_verify{to = VTo, from = VFrom, id = VId, type = VType},
StateData) ->
?DEBUG("recv verify: ~p", [{VFrom, VTo, VId, VType}]),
case StateData#state.verify of
{VPid, _VKey, _SID} ->
case VType of
valid ->
p1_fsm:send_event(VPid,
{valid, StateData#state.server,
StateData#state.myname});
_ ->
p1_fsm:send_event(VPid,
{invalid, StateData#state.server,
StateData#state.myname})
end;
_ -> ok
end,
{next_state, stream_established, StateData};
stream_established(Event, StateData) ->
handle_unexpected_event(Event, stream_established, StateData).
-spec handle_unexpected_event(term(), state_name(), state()) -> fsm_transition().
handle_unexpected_event(Event, StateName, StateData) ->
case Event of
{xmlstreamerror, _} ->
send_element(StateData, xmpp:serr_not_well_formed()),
?INFO_MSG("Closing s2s connection ~s -> ~s in state ~s: "
"got invalid XML from peer",
[StateData#state.myname, StateData#state.server,
StateName]),
{stop, normal, StateData};
{xmlstreamend, _} ->
?INFO_MSG("Closing s2s connection ~s -> ~s in state ~s: "
"XML stream closed by peer",
[StateData#state.myname, StateData#state.server,
StateName]),
{stop, normal, StateData};
timeout ->
send_element(StateData, xmpp:serr_connection_timeout()),
?INFO_MSG("Closing s2s connection ~s -> ~s in state ~s: "
"timed out during establishing an XML stream",
[StateData#state.myname, StateData#state.server,
StateName]),
{stop, normal, StateData};
closed ->
?INFO_MSG("Closing s2s connection ~s -> ~s in state ~s: "
"connection socket closed",
[StateData#state.myname, StateData#state.server,
StateName]),
{stop, normal, StateData};
Pkt when StateName == wait_for_stream;
StateName == wait_for_features;
StateName == wait_for_auth_result;
StateName == wait_for_starttls_proceed ->
send_element(StateData, xmpp:serr_bad_format()),
?INFO_MSG("Closing s2s connection ~s -> ~s in state ~s: "
"got unexpected event ~p",
[StateData#state.myname, StateData#state.server,
StateName, Pkt]),
{stop, normal, StateData};
_ ->
{next_state, StateName, StateData, get_timeout_interval(StateName)}
end.
%%----------------------------------------------------------------------
%% Func: StateName/3
%% Returns: {next_state, NextStateName, NextStateData} |
%% {next_state, NextStateName, NextStateData, Timeout} |
%% {reply, Reply, NextStateName, NextStateData} |
%% {reply, Reply, NextStateName, NextStateData, Timeout} |
%% {stop, Reason, NewStateData} |
%% {stop, Reason, Reply, NewStateData}
%%----------------------------------------------------------------------
%%state_name(Event, From, StateData) ->
%% Reply = ok,
%% {reply, Reply, state_name, StateData}.
handle_event(_Event, StateName, StateData) ->
{next_state, StateName, StateData,
get_timeout_interval(StateName)}.
handle_sync_event(get_state_infos, _From, StateName,
StateData) ->
{Addr, Port} = try
ejabberd_socket:peername(StateData#state.socket)
of
{ok, {A, P}} -> {A, P};
{error, _} -> {unknown, unknown}
catch
_:_ -> {unknown, unknown}
end,
Infos = [{direction, out}, {statename, StateName},
{addr, Addr}, {port, Port},
{streamid, StateData#state.streamid},
{use_v10, StateData#state.use_v10},
{tls, StateData#state.tls},
{tls_required, StateData#state.tls_required},
{tls_enabled, StateData#state.tls_enabled},
{tls_options, StateData#state.tls_options},
{authenticated, StateData#state.authenticated},
{db_enabled, StateData#state.db_enabled},
{try_auth, StateData#state.try_auth},
{myname, StateData#state.myname},
{server, StateData#state.server},
{delay_to_retry, StateData#state.delay_to_retry},
{verify, StateData#state.verify}],
Reply = {state_infos, Infos},
{reply, Reply, StateName, StateData};
%%----------------------------------------------------------------------
%% Func: handle_sync_event/4
%% Returns: {next_state, NextStateName, NextStateData} |
%% {next_state, NextStateName, NextStateData, Timeout} |
%% {reply, Reply, NextStateName, NextStateData} |
%% {reply, Reply, NextStateName, NextStateData, Timeout} |
%% {stop, Reason, NewStateData} |
%% {stop, Reason, Reply, NewStateData}
%%----------------------------------------------------------------------
handle_sync_event(_Event, _From, StateName,
StateData) ->
Reply = ok,
{reply, Reply, StateName, StateData,
get_timeout_interval(StateName)}.
code_change(_OldVsn, StateName, StateData, _Extra) ->
{ok, StateName, StateData}.
handle_info({send_text, Text}, StateName, StateData) ->
send_text(StateData, Text),
cancel_timer(StateData#state.timer),
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
{next_state, StateName, StateData#state{timer = Timer},
get_timeout_interval(StateName)};
handle_info({send_element, El}, StateName, StateData) ->
case StateName of
stream_established ->
cancel_timer(StateData#state.timer),
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
send_element(StateData, El),
{next_state, StateName, StateData#state{timer = Timer}};
%% In this state we bounce all message: We are waiting before
%% trying to reconnect
wait_before_retry ->
bounce_element(El, xmpp:err_remote_server_not_found()),
{next_state, StateName, StateData};
relay_to_bridge ->
{Mod, Fun} = StateData#state.bridge,
?DEBUG("relaying stanza via ~p:~p/1", [Mod, Fun]),
case catch Mod:Fun(El) of
{'EXIT', Reason} ->
?ERROR_MSG("Error while relaying to bridge: ~p",
[Reason]),
bounce_element(El, xmpp:err_internal_server_error()),
wait_before_reconnect(StateData);
_ -> {next_state, StateName, StateData}
end;
_ ->
Q = queue:in(El, StateData#state.queue),
{next_state, StateName, StateData#state{queue = Q},
get_timeout_interval(StateName)}
end;
handle_info({timeout, Timer, _}, wait_before_retry,
#state{timer = Timer} = StateData) ->
?INFO_MSG("Reconnect delay expired: Will now retry "
"to connect to ~s when needed.",
[StateData#state.server]),
{stop, normal, StateData};
handle_info({timeout, Timer, _}, _StateName,
#state{timer = Timer} = StateData) ->
?INFO_MSG("Closing connection with ~s: timeout",
[StateData#state.server]),
{stop, normal, StateData};
handle_info(terminate_if_waiting_before_retry,
wait_before_retry, StateData) ->
{stop, normal, StateData};
handle_info(terminate_if_waiting_before_retry,
StateName, StateData) ->
{next_state, StateName, StateData,
get_timeout_interval(StateName)};
handle_info(_, StateName, StateData) ->
{next_state, StateName, StateData,
get_timeout_interval(StateName)}.
terminate(Reason, StateName, StateData) ->
?DEBUG("terminated: ~p", [{Reason, StateName}]),
case StateData#state.new of
false -> ok;
true ->
ejabberd_s2s:remove_connection({StateData#state.myname,
StateData#state.server},
self())
end,
bounce_queue(StateData#state.queue, xmpp:err_remote_server_not_found()),
bounce_messages(xmpp:err_remote_server_not_found()),
case StateData#state.socket of
undefined -> ok;
_Socket ->
catch send_trailer(StateData),
ejabberd_socket:close(StateData#state.socket)
end,
ok.
print_state(State) -> State.
%%%----------------------------------------------------------------------
%%% Internal functions
%%%----------------------------------------------------------------------
-spec send_text(state(), iodata()) -> ok.
send_text(StateData, Text) ->
?DEBUG("Send Text on stream = ~s", [Text]),
ejabberd_socket:send(StateData#state.socket, Text).
-spec send_element(state(), xmpp_element()) -> ok.
send_element(StateData, El) ->
El1 = xmpp:encode(El, ?NS_SERVER),
send_text(StateData, fxml:element_to_binary(El1)).
-spec send_header(state(), undefined | {integer(), integer()}) -> ok.
send_header(StateData, Version) ->
Header = xmpp:encode(
#stream_start{xmlns = ?NS_SERVER,
stream_xmlns = ?NS_STREAM,
db_xmlns = ?NS_SERVER_DIALBACK,
from = jid:make(StateData#state.myname),
to = jid:make(StateData#state.server),
version = Version}),
send_text(StateData, fxml:element_to_header(Header)).
-spec send_trailer(state()) -> ok.
send_trailer(StateData) ->
send_text(StateData, <<"</stream:stream>">>).
-spec send_queue(state(), queue:queue()) -> ok.
send_queue(StateData, Q) ->
case queue:out(Q) of
{{value, El}, Q1} ->
send_element(StateData, El), send_queue(StateData, Q1);
{empty, _Q1} -> ok
end.
%% Bounce a single message (xmlelement)
-spec bounce_element(stanza(), stanza_error()) -> ok.
bounce_element(El, Error) ->
From = xmpp:get_from(El),
To = xmpp:get_to(El),
ejabberd_router:route_error(To, From, El, Error).
-spec bounce_queue(queue:queue(), stanza_error()) -> ok.
bounce_queue(Q, Error) ->
case queue:out(Q) of
{{value, El}, Q1} ->
bounce_element(El, Error), bounce_queue(Q1, Error);
{empty, _} -> ok
end.
-spec new_id() -> binary().
new_id() -> randoms:get_string().
-spec cancel_timer(reference()) -> ok.
cancel_timer(Timer) ->
erlang:cancel_timer(Timer),
receive {timeout, Timer, _} -> ok after 0 -> ok end.
-spec bounce_messages(stanza_error()) -> ok.
bounce_messages(Error) ->
receive
{send_element, El} ->
bounce_element(El, Error), bounce_messages(Error)
after 0 -> ok
end.
-spec send_db_request(state()) -> fsm_transition().
send_db_request(StateData) ->
Server = StateData#state.server,
New = case StateData#state.new of
false ->
ejabberd_s2s:try_register({StateData#state.myname, Server});
true ->
true
end,
NewStateData = StateData#state{new = New},
try case New of
false -> ok;
true ->
Key1 = ejabberd_s2s:make_key(
{StateData#state.myname, Server},
StateData#state.remote_streamid),
send_element(StateData,
#db_result{from = StateData#state.myname,
to = Server,
key = Key1})
end,
case StateData#state.verify of
false -> ok;
{_Pid, Key2, SID} ->
send_element(StateData,
#db_verify{from = StateData#state.myname,
to = StateData#state.server,
id = SID,
key = Key2})
end,
{next_state, wait_for_validation, NewStateData,
(?FSMTIMEOUT) * 6}
catch
_:_ -> {stop, normal, NewStateData}
end.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% SRV support
-include_lib("kernel/include/inet.hrl").
-spec get_addr_port(binary()) -> [{binary(), inet:port_number()}].
get_addr_port(Server) ->
Res = srv_lookup(Server),
case Res of
{error, Reason} ->
?DEBUG("srv lookup of '~s' failed: ~p~n",
[Server, Reason]),
[{Server, outgoing_s2s_port()}];
{ok, HEnt} ->
?DEBUG("srv lookup of '~s': ~p~n",
[Server, HEnt#hostent.h_addr_list]),
AddrList = HEnt#hostent.h_addr_list,
case catch lists:map(fun ({Priority, Weight, Port,
Host}) ->
N = case Weight of
0 -> 0;
_ ->
(Weight + 1) * randoms:uniform()
end,
{Priority * 65536 - N, Host, Port}
end,
AddrList)
of
SortedList = [_ | _] ->
List = lists:map(fun ({_, Host, Port}) ->
{list_to_binary(Host), Port}
end,
lists:keysort(1, SortedList)),
?DEBUG("srv lookup of '~s': ~p~n", [Server, List]),
List;
_ -> [{Server, outgoing_s2s_port()}]
end
end.
srv_lookup(Server) ->
TimeoutMs = timer:seconds(
ejabberd_config:get_option(
s2s_dns_timeout,
fun(I) when is_integer(I), I>=0 -> I end,
10)),
Retries = ejabberd_config:get_option(
s2s_dns_retries,
fun(I) when is_integer(I), I>=0 -> I end,
2),
srv_lookup(binary_to_list(Server), TimeoutMs, Retries).
%% XXX - this behaviour is suboptimal in the case that the domain
%% has a "_xmpp-server._tcp." but not a "_jabber._tcp." record and
%% we don't get a DNS reply for the "_xmpp-server._tcp." lookup. In this
%% case we'll give up when we get the "_jabber._tcp." nxdomain reply.
srv_lookup(_Server, _Timeout, Retries)
when Retries < 1 ->
{error, timeout};
srv_lookup(Server, Timeout, Retries) ->
case inet_res:getbyname("_xmpp-server._tcp." ++ Server,
srv, Timeout)
of
{error, _Reason} ->
case inet_res:getbyname("_jabber._tcp." ++ Server, srv,
Timeout)
of
{error, timeout} ->
?ERROR_MSG("The DNS servers~n ~p~ntimed out on "
"request for ~p IN SRV. You should check "
"your DNS configuration.",
[inet_db:res_option(nameserver), Server]),
srv_lookup(Server, Timeout, Retries - 1);
R -> R
end;
{ok, _HEnt} = R -> R
end.
test_get_addr_port(Server) ->
lists:foldl(fun (_, Acc) ->
[HostPort | _] = get_addr_port(Server),
case lists:keysearch(HostPort, 1, Acc) of
false -> [{HostPort, 1} | Acc];
{value, {_, Num}} ->
lists:keyreplace(HostPort, 1, Acc,
{HostPort, Num + 1})
end
end,
[], lists:seq(1, 100000)).
get_addrs(Host, Family) ->
Type = case Family of
inet4 -> inet;
ipv4 -> inet;
inet6 -> inet6;
ipv6 -> inet6
end,
case inet:gethostbyname(binary_to_list(Host), Type) of
{ok, #hostent{h_addr_list = Addrs}} ->
?DEBUG("~s of ~s resolved to: ~p~n",
[Type, Host, Addrs]),
Addrs;
{error, Reason} ->
?DEBUG("~s lookup of '~s' failed: ~p~n",
[Type, Host, Reason]),
[]
end.
-spec outgoing_s2s_port() -> pos_integer().
outgoing_s2s_port() ->
ejabberd_config:get_option(
outgoing_s2s_port,
fun(I) when is_integer(I), I > 0, I =< 65536 -> I end,
5269).
-spec outgoing_s2s_families() -> [ipv4 | ipv6].
outgoing_s2s_families() ->
ejabberd_config:get_option(
outgoing_s2s_families,
fun(Families) ->
true = lists:all(
fun(ipv4) -> true;
(ipv6) -> true
end, Families),
Families
end, [ipv4, ipv6]).
-spec outgoing_s2s_timeout() -> pos_integer().
outgoing_s2s_timeout() ->
ejabberd_config:get_option(
outgoing_s2s_timeout,
fun(TimeOut) when is_integer(TimeOut), TimeOut > 0 ->
TimeOut;
(infinity) ->
infinity
end, 10000).
transform_options(Opts) ->
lists:foldl(fun transform_options/2, [], Opts).
transform_options({outgoing_s2s_options, Families, Timeout}, Opts) ->
?WARNING_MSG("Option 'outgoing_s2s_options' is deprecated. "
"The option is still supported "
"but it is better to fix your config: "
"use 'outgoing_s2s_timeout' and "
"'outgoing_s2s_families' instead.", []),
[{outgoing_s2s_families, Families},
{outgoing_s2s_timeout, Timeout}
| Opts];
transform_options({s2s_dns_options, S2SDNSOpts}, AllOpts) ->
?WARNING_MSG("Option 's2s_dns_options' is deprecated. "
"The option is still supported "
"but it is better to fix your config: "
"use 's2s_dns_timeout' and "
"'s2s_dns_retries' instead", []),
lists:foldr(
fun({timeout, T}, AccOpts) ->
[{s2s_dns_timeout, T}|AccOpts];
({retries, R}, AccOpts) ->
[{s2s_dns_retries, R}|AccOpts];
(_, AccOpts) ->
AccOpts
end, AllOpts, S2SDNSOpts);
transform_options(Opt, Opts) ->
[Opt|Opts].
%% Human readable S2S logging: Log only new outgoing connections as INFO
%% Do not log dialback
log_s2s_out(false, _, _, _) -> ok;
%% Log new outgoing connections:
log_s2s_out(_, Myname, Server, Tls) ->
?INFO_MSG("Trying to open s2s connection: ~s -> "
"~s with TLS=~p",
[Myname, Server, Tls]).
%% Calculate timeout depending on which state we are in:
%% Can return integer > 0 | infinity
-spec get_timeout_interval(state_name()) -> pos_integer() | infinity.
get_timeout_interval(StateName) ->
case StateName of
%% Validation implies dialback: Networking can take longer:
wait_for_validation -> (?FSMTIMEOUT) * 6;
%% When stream is established, we only rely on S2S Timeout timer:
stream_established -> infinity;
relay_to_bridge -> infinity;
open_socket -> infinity;
_ -> ?FSMTIMEOUT
end.
%% This function is intended to be called at the end of a state
%% function that want to wait for a reconnect delay before stopping.
-spec wait_before_reconnect(state()) -> fsm_next().
wait_before_reconnect(StateData) ->
bounce_queue(StateData#state.queue, xmpp:err_remote_server_not_found()),
bounce_messages(xmpp:err_remote_server_not_found()),
cancel_timer(StateData#state.timer),
Delay = case StateData#state.delay_to_retry of
undefined_delay ->
{_, _, MicroSecs} = p1_time_compat:timestamp(), MicroSecs rem 14000 + 1000;
D1 -> lists:min([D1 * 2, get_max_retry_delay()])
end,
Timer = erlang:start_timer(Delay, self(), []),
{next_state, wait_before_retry,
StateData#state{timer = Timer, delay_to_retry = Delay,
queue = queue:new()}}.
-spec get_max_retry_delay() -> pos_integer().
get_max_retry_delay() ->
case ejabberd_config:get_option(
s2s_max_retry_delay,
fun(I) when is_integer(I), I > 0 -> I end) of
undefined -> ?MAX_RETRY_DELAY;
Seconds -> Seconds * 1000
end.
%% Terminate s2s_out connections that are in state wait_before_retry
-spec terminate_if_waiting_delay(binary(), binary()) -> ok.
terminate_if_waiting_delay(From, To) ->
FromTo = {From, To},
Pids = ejabberd_s2s:get_connections_pids(FromTo),
lists:foreach(fun (Pid) ->
Pid ! terminate_if_waiting_before_retry
end,
Pids).
-spec fsm_limit_opts() -> [{max_queue, pos_integer()}].
fsm_limit_opts() ->
case ejabberd_config:get_option(
max_fsm_queue,
fun(I) when is_integer(I), I > 0 -> I end) of
undefined -> [];
N -> [{max_queue, N}]
end.
-spec decode_element(xmlel(), state_name(), state()) -> fsm_next().
decode_element(#xmlel{} = El, StateName, StateData) ->
Opts = if StateName == stream_established ->
[ignore_els];
true ->
[]
end,
try xmpp:decode(El, ?NS_SERVER, Opts) of
Pkt -> ?MODULE:StateName(Pkt, StateData)
catch error:{xmpp_codec, Why} ->
Type = xmpp:get_type(El),
case xmpp:is_stanza(El) of
true when Type /= <<"result">>, Type /= <<"error">> ->
Lang = xmpp:get_lang(El),
Txt = xmpp:format_error(Why),
Err = xmpp:make_error(El, xmpp:err_bad_request(Txt, Lang)),
send_element(StateData, Err);
false ->
ok
end,
{next_state, StateName, StateData, get_timeout_interval(StateName)}
end.
opt_type(domain_certfile) -> fun iolist_to_binary/1;
opt_type(max_fsm_queue) ->
fun (I) when is_integer(I), I > 0 -> I end;
opt_type(outgoing_s2s_families) ->
fun (Families) ->
true = lists:all(fun (ipv4) -> true;
(ipv6) -> true
end,
Families),
Families
end;
opt_type(outgoing_s2s_port) ->
fun (I) when is_integer(I), I > 0, I =< 65536 -> I end;
opt_type(outgoing_s2s_timeout) ->
fun (TimeOut) when is_integer(TimeOut), TimeOut > 0 ->
TimeOut;
(infinity) -> infinity
end;
opt_type(s2s_certfile) -> fun iolist_to_binary/1;
opt_type(s2s_ciphers) -> fun iolist_to_binary/1;
opt_type(s2s_dhfile) -> fun iolist_to_binary/1;
opt_type(s2s_dns_retries) ->
fun (I) when is_integer(I), I >= 0 -> I end;
opt_type(s2s_dns_timeout) ->
fun (I) when is_integer(I), I >= 0 -> I end;
opt_type(s2s_max_retry_delay) ->
fun (I) when is_integer(I), I > 0 -> I end;
opt_type(s2s_protocol_options) ->
fun (Options) ->
[_ | O] = lists:foldl(fun (X, Acc) -> X ++ Acc end, [],
[["|" | binary_to_list(Opt)]
|| Opt <- Options, is_binary(Opt)]),
iolist_to_binary(O)
end;
opt_type(s2s_tls_compression) ->
fun (true) -> true;
(false) -> false
end;
opt_type(s2s_use_starttls) ->
fun (true) -> true;
(false) -> false;
(optional) -> optional;
(required) -> required;
(required_trusted) -> required_trusted
end;
opt_type(_) ->
[domain_certfile, max_fsm_queue, outgoing_s2s_families,
outgoing_s2s_port, outgoing_s2s_timeout, s2s_certfile,
s2s_ciphers, s2s_dhfile, s2s_dns_retries, s2s_dns_timeout,
s2s_max_retry_delay, s2s_protocol_options,
s2s_tls_compression, s2s_use_starttls].