25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00
xmpp.chapril.org-ejabberd/src/ejabberd_s2s_out.erl
Holger Weiss 15d184a909 Disable TLS compression for s2s by default
TLS compression is not recommended, and it's already disabled by default
for c2s connections and for ejabberd_http.
2016-04-11 22:50:11 +02:00

1361 lines
46 KiB
Erlang

%%%----------------------------------------------------------------------
%%% File : ejabberd_s2s_out.erl
%%% Author : Alexey Shchepin <alexey@process-one.net>
%%% Purpose : Manage outgoing server-to-server connections
%%% Created : 6 Dec 2002 by Alexey Shchepin <alexey@process-one.net>
%%%
%%%
%%% ejabberd, Copyright (C) 2002-2016 ProcessOne
%%%
%%% This program is free software; you can redistribute it and/or
%%% modify it under the terms of the GNU General Public License as
%%% published by the Free Software Foundation; either version 2 of the
%%% License, or (at your option) any later version.
%%%
%%% This program is distributed in the hope that it will be useful,
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
%%% General Public License for more details.
%%%
%%% You should have received a copy of the GNU General Public License along
%%% with this program; if not, write to the Free Software Foundation, Inc.,
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
%%%
%%%----------------------------------------------------------------------
-module(ejabberd_s2s_out).
-behaviour(ejabberd_config).
-author('alexey@process-one.net').
-behaviour(p1_fsm).
%% External exports
-export([start/3,
start_link/3,
start_connection/1,
terminate_if_waiting_delay/2,
stop_connection/1,
transform_options/1]).
-export([init/1, open_socket/2, wait_for_stream/2,
wait_for_validation/2, wait_for_features/2,
wait_for_auth_result/2, wait_for_starttls_proceed/2,
relay_to_bridge/2, reopen_socket/2, wait_before_retry/2,
stream_established/2, handle_event/3,
handle_sync_event/4, handle_info/3, terminate/3,
print_state/1, code_change/4, test_get_addr_port/1,
get_addr_port/1, opt_type/1]).
-include("ejabberd.hrl").
-include("logger.hrl").
-include("jlib.hrl").
-record(state,
{socket :: ejabberd_socket:socket_state(),
streamid = <<"">> :: binary(),
remote_streamid = <<"">> :: binary(),
use_v10 = true :: boolean(),
tls = false :: boolean(),
tls_required = false :: boolean(),
tls_certverify = false :: boolean(),
tls_enabled = false :: boolean(),
tls_options = [connect] :: list(),
authenticated = false :: boolean(),
db_enabled = true :: boolean(),
try_auth = true :: boolean(),
myname = <<"">> :: binary(),
server = <<"">> :: binary(),
queue = queue:new() :: ?TQUEUE,
delay_to_retry = undefined_delay :: undefined_delay | non_neg_integer(),
new = false :: boolean(),
verify = false :: false | {pid(), binary(), binary()},
bridge :: {atom(), atom()},
timer = make_ref() :: reference()}).
%%-define(DBGFSM, true).
-ifdef(DBGFSM).
-define(FSMOPTS, [{debug, [trace]}]).
-else.
-define(FSMOPTS, []).
-endif.
-define(FSMTIMEOUT, 30000).
%% We do not block on send anymore.
-define(TCP_SEND_TIMEOUT, 15000).
%% Maximum delay to wait before retrying to connect after a failed attempt.
%% Specified in miliseconds. Default value is 5 minutes.
-define(MAX_RETRY_DELAY, 300000).
-define(STREAM_HEADER,
<<"<?xml version='1.0'?><stream:stream "
"xmlns:stream='http://etherx.jabber.org/stream"
"s' xmlns='jabber:server' xmlns:db='jabber:ser"
"ver:dialback' from='~s' to='~s'~s>">>).
-define(STREAM_TRAILER, <<"</stream:stream>">>).
-define(INVALID_NAMESPACE_ERR,
fxml:element_to_binary(?SERR_INVALID_NAMESPACE)).
-define(HOST_UNKNOWN_ERR,
fxml:element_to_binary(?SERR_HOST_UNKNOWN)).
-define(INVALID_XML_ERR,
fxml:element_to_binary(?SERR_XML_NOT_WELL_FORMED)).
-define(SOCKET_DEFAULT_RESULT, {error, badarg}).
%%%----------------------------------------------------------------------
%%% API
%%%----------------------------------------------------------------------
start(From, Host, Type) ->
supervisor:start_child(ejabberd_s2s_out_sup,
[From, Host, Type]).
start_link(From, Host, Type) ->
p1_fsm:start_link(ejabberd_s2s_out, [From, Host, Type],
fsm_limit_opts() ++ (?FSMOPTS)).
start_connection(Pid) -> p1_fsm:send_event(Pid, init).
stop_connection(Pid) -> p1_fsm:send_event(Pid, closed).
%%%----------------------------------------------------------------------
%%% Callback functions from p1_fsm
%%%----------------------------------------------------------------------
init([From, Server, Type]) ->
process_flag(trap_exit, true),
?DEBUG("started: ~p", [{From, Server, Type}]),
{TLS, TLSRequired, TLSCertverify} =
case ejabberd_config:get_option(
s2s_use_starttls,
fun(true) -> true;
(false) -> false;
(optional) -> optional;
(required) -> required;
(required_trusted) -> required_trusted
end)
of
UseTls
when (UseTls == undefined) or (UseTls == false) ->
{false, false, false};
UseTls
when (UseTls == true) or (UseTls == optional) ->
{true, false, false};
required ->
{true, true, false};
required_trusted ->
{true, true, true}
end,
UseV10 = TLS,
TLSOpts1 = case
ejabberd_config:get_option(
s2s_certfile, fun iolist_to_binary/1)
of
undefined -> [connect];
CertFile -> [{certfile, CertFile}, connect]
end,
TLSOpts2 = case ejabberd_config:get_option(
s2s_ciphers, fun iolist_to_binary/1) of
undefined -> TLSOpts1;
Ciphers -> [{ciphers, Ciphers} | TLSOpts1]
end,
TLSOpts3 = case ejabberd_config:get_option(
s2s_protocol_options,
fun (Options) ->
[_|O] = lists:foldl(
fun(X, Acc) -> X ++ Acc end, [],
[["|" | binary_to_list(Opt)] || Opt <- Options, is_binary(Opt)]
),
iolist_to_binary(O)
end) of
undefined -> TLSOpts2;
ProtocolOpts -> [{protocol_options, ProtocolOpts} | TLSOpts2]
end,
TLSOpts4 = case ejabberd_config:get_option(
s2s_dhfile, fun iolist_to_binary/1) of
undefined -> TLSOpts3;
DHFile -> [{dhfile, DHFile} | TLSOpts3]
end,
TLSOpts = case ejabberd_config:get_option(
{s2s_tls_compression, From},
fun(true) -> true;
(false) -> false
end, false) of
false -> [compression_none | TLSOpts4];
true -> TLSOpts4
end,
{New, Verify} = case Type of
new -> {true, false};
{verify, Pid, Key, SID} ->
start_connection(self()), {false, {Pid, Key, SID}}
end,
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
{ok, open_socket,
#state{use_v10 = UseV10, tls = TLS,
tls_required = TLSRequired, tls_certverify = TLSCertverify,
tls_options = TLSOpts, queue = queue:new(), myname = From,
server = Server, new = New, verify = Verify, timer = Timer}}.
open_socket(init, StateData) ->
log_s2s_out(StateData#state.new, StateData#state.myname,
StateData#state.server, StateData#state.tls),
?DEBUG("open_socket: ~p",
[{StateData#state.myname, StateData#state.server,
StateData#state.new, StateData#state.verify}]),
AddrList = case
ejabberd_idna:domain_utf8_to_ascii(StateData#state.server)
of
false -> [];
ASCIIAddr -> get_addr_port(ASCIIAddr)
end,
case lists:foldl(fun ({Addr, Port}, Acc) ->
case Acc of
{ok, Socket} -> {ok, Socket};
_ -> open_socket1(Addr, Port)
end
end,
?SOCKET_DEFAULT_RESULT, AddrList)
of
{ok, Socket} ->
Version = if StateData#state.use_v10 ->
<<" version='1.0'">>;
true -> <<"">>
end,
NewStateData = StateData#state{socket = Socket,
tls_enabled = false,
streamid = new_id()},
send_text(NewStateData,
io_lib:format(?STREAM_HEADER,
[StateData#state.myname,
StateData#state.server, Version])),
{next_state, wait_for_stream, NewStateData,
?FSMTIMEOUT};
{error, _Reason} ->
?INFO_MSG("s2s connection: ~s -> ~s (remote server "
"not found)",
[StateData#state.myname, StateData#state.server]),
case ejabberd_hooks:run_fold(find_s2s_bridge, undefined,
[StateData#state.myname,
StateData#state.server])
of
{Mod, Fun, Type} ->
?INFO_MSG("found a bridge to ~s for: ~s -> ~s",
[Type, StateData#state.myname,
StateData#state.server]),
NewStateData = StateData#state{bridge = {Mod, Fun}},
{next_state, relay_to_bridge, NewStateData};
_ -> wait_before_reconnect(StateData)
end
end;
open_socket(closed, StateData) ->
?INFO_MSG("s2s connection: ~s -> ~s (stopped in "
"open socket)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
open_socket(timeout, StateData) ->
?INFO_MSG("s2s connection: ~s -> ~s (timeout in "
"open socket)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
open_socket(_, StateData) ->
{next_state, open_socket, StateData}.
open_socket1({_, _, _, _} = Addr, Port) ->
open_socket2(inet, Addr, Port);
%% IPv6
open_socket1({_, _, _, _, _, _, _, _} = Addr, Port) ->
open_socket2(inet6, Addr, Port);
%% Hostname
open_socket1(Host, Port) ->
lists:foldl(fun (_Family, {ok, _Socket} = R) -> R;
(Family, _) ->
Addrs = get_addrs(Host, Family),
lists:foldl(fun (_Addr, {ok, _Socket} = R) -> R;
(Addr, _) -> open_socket1(Addr, Port)
end,
?SOCKET_DEFAULT_RESULT, Addrs)
end,
?SOCKET_DEFAULT_RESULT, outgoing_s2s_families()).
open_socket2(Type, Addr, Port) ->
?DEBUG("s2s_out: connecting to ~p:~p~n", [Addr, Port]),
Timeout = outgoing_s2s_timeout(),
case catch ejabberd_socket:connect(Addr, Port,
[binary, {packet, 0},
{send_timeout, ?TCP_SEND_TIMEOUT},
{send_timeout_close, true},
{active, false}, Type],
Timeout)
of
{ok, _Socket} = R -> R;
{error, Reason} = R ->
?DEBUG("s2s_out: connect return ~p~n", [Reason]), R;
{'EXIT', Reason} ->
?DEBUG("s2s_out: connect crashed ~p~n", [Reason]),
{error, Reason}
end.
%%----------------------------------------------------------------------
wait_for_stream({xmlstreamstart, _Name, Attrs},
StateData) ->
{CertCheckRes, CertCheckMsg, StateData0} =
if StateData#state.tls_certverify, StateData#state.tls_enabled ->
{Res, Msg} =
ejabberd_s2s:check_peer_certificate(ejabberd_socket,
StateData#state.socket,
StateData#state.server),
?DEBUG("Certificate verification result for ~s: ~s",
[StateData#state.server, Msg]),
{Res, Msg, StateData#state{tls_certverify = false}};
true ->
{no_verify, <<"Not verified">>, StateData}
end,
RemoteStreamID = fxml:get_attr_s(<<"id">>, Attrs),
NewStateData = StateData0#state{remote_streamid = RemoteStreamID},
case {fxml:get_attr_s(<<"xmlns">>, Attrs),
fxml:get_attr_s(<<"xmlns:db">>, Attrs),
fxml:get_attr_s(<<"version">>, Attrs) == <<"1.0">>}
of
_ when CertCheckRes == error ->
send_text(NewStateData,
<<(fxml:element_to_binary(?SERRT_POLICY_VIOLATION(<<"en">>,
CertCheckMsg)))/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("Closing s2s connection: ~s -> ~s (~s)",
[NewStateData#state.myname,
NewStateData#state.server,
CertCheckMsg]),
{stop, normal, NewStateData};
{<<"jabber:server">>, <<"jabber:server:dialback">>,
false} ->
send_db_request(NewStateData);
{<<"jabber:server">>, <<"jabber:server:dialback">>,
true}
when NewStateData#state.use_v10 ->
{next_state, wait_for_features, NewStateData, ?FSMTIMEOUT};
%% Clause added to handle Tigase's workaround for an old ejabberd bug:
{<<"jabber:server">>, <<"jabber:server:dialback">>,
true}
when not NewStateData#state.use_v10 ->
send_db_request(NewStateData);
{<<"jabber:server">>, <<"">>, true}
when NewStateData#state.use_v10 ->
{next_state, wait_for_features,
NewStateData#state{db_enabled = false}, ?FSMTIMEOUT};
{NSProvided, DB, _} ->
send_text(NewStateData, ?INVALID_NAMESPACE_ERR),
?INFO_MSG("Closing s2s connection: ~s -> ~s (invalid "
"namespace).~nNamespace provided: ~p~nNamespac"
"e expected: \"jabber:server\"~nxmlns:db "
"provided: ~p~nAll attributes: ~p",
[NewStateData#state.myname, NewStateData#state.server,
NSProvided, DB, Attrs]),
{stop, normal, NewStateData}
end;
wait_for_stream({xmlstreamerror, _}, StateData) ->
send_text(StateData,
<<(?INVALID_XML_ERR)/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("Closing s2s connection: ~s -> ~s (invalid "
"xml)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
wait_for_stream({xmlstreamend, _Name}, StateData) ->
?INFO_MSG("Closing s2s connection: ~s -> ~s (xmlstreamend)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
wait_for_stream(timeout, StateData) ->
?INFO_MSG("Closing s2s connection: ~s -> ~s (timeout "
"in wait_for_stream)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
wait_for_stream(closed, StateData) ->
?INFO_MSG("Closing s2s connection: ~s -> ~s (close "
"in wait_for_stream)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}.
wait_for_validation({xmlstreamelement, El},
StateData) ->
case is_verify_res(El) of
{result, To, From, Id, Type} ->
?DEBUG("recv result: ~p", [{From, To, Id, Type}]),
case {Type, StateData#state.tls_enabled,
StateData#state.tls_required}
of
{<<"valid">>, Enabled, Required}
when (Enabled == true) or (Required == false) ->
send_queue(StateData, StateData#state.queue),
?INFO_MSG("Connection established: ~s -> ~s with "
"TLS=~p",
[StateData#state.myname, StateData#state.server,
StateData#state.tls_enabled]),
ejabberd_hooks:run(s2s_connect_hook,
[StateData#state.myname,
StateData#state.server]),
{next_state, stream_established,
StateData#state{queue = queue:new()}};
{<<"valid">>, Enabled, Required}
when (Enabled == false) and (Required == true) ->
?INFO_MSG("Closing s2s connection: ~s -> ~s (TLS "
"is required but unavailable)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
_ ->
?INFO_MSG("Closing s2s connection: ~s -> ~s (invalid "
"dialback key)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}
end;
{verify, To, From, Id, Type} ->
?DEBUG("recv verify: ~p", [{From, To, Id, Type}]),
case StateData#state.verify of
false ->
NextState = wait_for_validation,
{next_state, NextState, StateData,
get_timeout_interval(NextState)};
{Pid, _Key, _SID} ->
case Type of
<<"valid">> ->
p1_fsm:send_event(Pid,
{valid, StateData#state.server,
StateData#state.myname});
_ ->
p1_fsm:send_event(Pid,
{invalid, StateData#state.server,
StateData#state.myname})
end,
if StateData#state.verify == false ->
{stop, normal, StateData};
true ->
NextState = wait_for_validation,
{next_state, NextState, StateData,
get_timeout_interval(NextState)}
end
end;
_ ->
{next_state, wait_for_validation, StateData,
(?FSMTIMEOUT) * 3}
end;
wait_for_validation({xmlstreamend, _Name}, StateData) ->
?INFO_MSG("wait for validation: ~s -> ~s (xmlstreamend)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
wait_for_validation({xmlstreamerror, _}, StateData) ->
?INFO_MSG("wait for validation: ~s -> ~s (xmlstreamerror)",
[StateData#state.myname, StateData#state.server]),
send_text(StateData,
<<(?INVALID_XML_ERR)/binary,
(?STREAM_TRAILER)/binary>>),
{stop, normal, StateData};
wait_for_validation(timeout,
#state{verify = {VPid, VKey, SID}} = StateData)
when is_pid(VPid) and is_binary(VKey) and
is_binary(SID) ->
?DEBUG("wait_for_validation: ~s -> ~s (timeout "
"in verify connection)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
wait_for_validation(timeout, StateData) ->
?INFO_MSG("wait_for_validation: ~s -> ~s (connect "
"timeout)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
wait_for_validation(closed, StateData) ->
?INFO_MSG("wait for validation: ~s -> ~s (closed)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}.
wait_for_features({xmlstreamelement, El}, StateData) ->
case El of
#xmlel{name = <<"stream:features">>, children = Els} ->
{SASLEXT, StartTLS, StartTLSRequired} = lists:foldl(fun
(#xmlel{name =
<<"mechanisms">>,
attrs =
Attrs1,
children
=
Els1} =
_El1,
{_SEXT, STLS,
STLSReq} =
Acc) ->
case
fxml:get_attr_s(<<"xmlns">>,
Attrs1)
of
?NS_SASL ->
NewSEXT =
lists:any(fun
(#xmlel{name
=
<<"mechanism">>,
children
=
Els2}) ->
case
fxml:get_cdata(Els2)
of
<<"EXTERNAL">> ->
true;
_ ->
false
end;
(_) ->
false
end,
Els1),
{NewSEXT,
STLS,
STLSReq};
_ -> Acc
end;
(#xmlel{name =
<<"starttls">>,
attrs =
Attrs1} =
El1,
{SEXT, _STLS,
_STLSReq} =
Acc) ->
case
fxml:get_attr_s(<<"xmlns">>,
Attrs1)
of
?NS_TLS ->
Req =
case
fxml:get_subtag(El1,
<<"required">>)
of
#xmlel{} ->
true;
false ->
false
end,
{SEXT,
true,
Req};
_ -> Acc
end;
(_, Acc) -> Acc
end,
{false, false,
false},
Els),
if not SASLEXT and not StartTLS and
StateData#state.authenticated ->
send_queue(StateData, StateData#state.queue),
?INFO_MSG("Connection established: ~s -> ~s with "
"SASL EXTERNAL and TLS=~p",
[StateData#state.myname, StateData#state.server,
StateData#state.tls_enabled]),
ejabberd_hooks:run(s2s_connect_hook,
[StateData#state.myname,
StateData#state.server]),
{next_state, stream_established,
StateData#state{queue = queue:new()}};
SASLEXT and StateData#state.try_auth and
(StateData#state.new /= false) and
(StateData#state.tls_enabled or
not StateData#state.tls_required) ->
send_element(StateData,
#xmlel{name = <<"auth">>,
attrs =
[{<<"xmlns">>, ?NS_SASL},
{<<"mechanism">>, <<"EXTERNAL">>}],
children =
[{xmlcdata,
jlib:encode_base64(StateData#state.myname)}]}),
{next_state, wait_for_auth_result,
StateData#state{try_auth = false}, ?FSMTIMEOUT};
StartTLS and StateData#state.tls and
not StateData#state.tls_enabled ->
send_element(StateData,
#xmlel{name = <<"starttls">>,
attrs = [{<<"xmlns">>, ?NS_TLS}],
children = []}),
{next_state, wait_for_starttls_proceed, StateData,
?FSMTIMEOUT};
StartTLSRequired and not StateData#state.tls ->
?DEBUG("restarted: ~p",
[{StateData#state.myname, StateData#state.server}]),
ejabberd_socket:close(StateData#state.socket),
{next_state, reopen_socket,
StateData#state{socket = undefined, use_v10 = false},
?FSMTIMEOUT};
StateData#state.db_enabled ->
send_db_request(StateData);
true ->
?DEBUG("restarted: ~p",
[{StateData#state.myname, StateData#state.server}]),
ejabberd_socket:close(StateData#state.socket),
{next_state, reopen_socket,
StateData#state{socket = undefined, use_v10 = false},
?FSMTIMEOUT}
end;
_ ->
send_text(StateData,
<<(fxml:element_to_binary(?SERR_BAD_FORMAT))/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("Closing s2s connection: ~s -> ~s (bad "
"format)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}
end;
wait_for_features({xmlstreamend, _Name}, StateData) ->
?INFO_MSG("wait_for_features: xmlstreamend", []),
{stop, normal, StateData};
wait_for_features({xmlstreamerror, _}, StateData) ->
send_text(StateData,
<<(?INVALID_XML_ERR)/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("wait for features: xmlstreamerror", []),
{stop, normal, StateData};
wait_for_features(timeout, StateData) ->
?INFO_MSG("wait for features: timeout", []),
{stop, normal, StateData};
wait_for_features(closed, StateData) ->
?INFO_MSG("wait for features: closed", []),
{stop, normal, StateData}.
wait_for_auth_result({xmlstreamelement, El},
StateData) ->
case El of
#xmlel{name = <<"success">>, attrs = Attrs} ->
case fxml:get_attr_s(<<"xmlns">>, Attrs) of
?NS_SASL ->
?DEBUG("auth: ~p",
[{StateData#state.myname, StateData#state.server}]),
ejabberd_socket:reset_stream(StateData#state.socket),
send_text(StateData,
io_lib:format(?STREAM_HEADER,
[StateData#state.myname,
StateData#state.server,
<<" version='1.0'">>])),
{next_state, wait_for_stream,
StateData#state{streamid = new_id(),
authenticated = true},
?FSMTIMEOUT};
_ ->
send_text(StateData,
<<(fxml:element_to_binary(?SERR_BAD_FORMAT))/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("Closing s2s connection: ~s -> ~s (bad "
"format)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}
end;
#xmlel{name = <<"failure">>, attrs = Attrs} ->
case fxml:get_attr_s(<<"xmlns">>, Attrs) of
?NS_SASL ->
?DEBUG("restarted: ~p",
[{StateData#state.myname, StateData#state.server}]),
ejabberd_socket:close(StateData#state.socket),
{next_state, reopen_socket,
StateData#state{socket = undefined}, ?FSMTIMEOUT};
_ ->
send_text(StateData,
<<(fxml:element_to_binary(?SERR_BAD_FORMAT))/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("Closing s2s connection: ~s -> ~s (bad "
"format)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}
end;
_ ->
send_text(StateData,
<<(fxml:element_to_binary(?SERR_BAD_FORMAT))/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("Closing s2s connection: ~s -> ~s (bad "
"format)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}
end;
wait_for_auth_result({xmlstreamend, _Name},
StateData) ->
?INFO_MSG("wait for auth result: xmlstreamend", []),
{stop, normal, StateData};
wait_for_auth_result({xmlstreamerror, _}, StateData) ->
send_text(StateData,
<<(?INVALID_XML_ERR)/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("wait for auth result: xmlstreamerror", []),
{stop, normal, StateData};
wait_for_auth_result(timeout, StateData) ->
?INFO_MSG("wait for auth result: timeout", []),
{stop, normal, StateData};
wait_for_auth_result(closed, StateData) ->
?INFO_MSG("wait for auth result: closed", []),
{stop, normal, StateData}.
wait_for_starttls_proceed({xmlstreamelement, El},
StateData) ->
case El of
#xmlel{name = <<"proceed">>, attrs = Attrs} ->
case fxml:get_attr_s(<<"xmlns">>, Attrs) of
?NS_TLS ->
?DEBUG("starttls: ~p",
[{StateData#state.myname, StateData#state.server}]),
Socket = StateData#state.socket,
TLSOpts = case
ejabberd_config:get_option(
{domain_certfile, StateData#state.myname},
fun iolist_to_binary/1)
of
undefined -> StateData#state.tls_options;
CertFile ->
[{certfile, CertFile}
| lists:keydelete(certfile, 1,
StateData#state.tls_options)]
end,
TLSSocket = ejabberd_socket:starttls(Socket, TLSOpts),
NewStateData = StateData#state{socket = TLSSocket,
streamid = new_id(),
tls_enabled = true,
tls_options = TLSOpts},
send_text(NewStateData,
io_lib:format(?STREAM_HEADER,
[NewStateData#state.myname,
NewStateData#state.server,
<<" version='1.0'">>])),
{next_state, wait_for_stream, NewStateData,
?FSMTIMEOUT};
_ ->
send_text(StateData,
<<(fxml:element_to_binary(?SERR_BAD_FORMAT))/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("Closing s2s connection: ~s -> ~s (bad "
"format)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}
end;
_ ->
?INFO_MSG("Closing s2s connection: ~s -> ~s (bad "
"format)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}
end;
wait_for_starttls_proceed({xmlstreamend, _Name},
StateData) ->
?INFO_MSG("wait for starttls proceed: xmlstreamend",
[]),
{stop, normal, StateData};
wait_for_starttls_proceed({xmlstreamerror, _},
StateData) ->
send_text(StateData,
<<(?INVALID_XML_ERR)/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("wait for starttls proceed: xmlstreamerror",
[]),
{stop, normal, StateData};
wait_for_starttls_proceed(timeout, StateData) ->
?INFO_MSG("wait for starttls proceed: timeout", []),
{stop, normal, StateData};
wait_for_starttls_proceed(closed, StateData) ->
?INFO_MSG("wait for starttls proceed: closed", []),
{stop, normal, StateData}.
reopen_socket({xmlstreamelement, _El}, StateData) ->
{next_state, reopen_socket, StateData, ?FSMTIMEOUT};
reopen_socket({xmlstreamend, _Name}, StateData) ->
{next_state, reopen_socket, StateData, ?FSMTIMEOUT};
reopen_socket({xmlstreamerror, _}, StateData) ->
{next_state, reopen_socket, StateData, ?FSMTIMEOUT};
reopen_socket(timeout, StateData) ->
?INFO_MSG("reopen socket: timeout", []),
{stop, normal, StateData};
reopen_socket(closed, StateData) ->
p1_fsm:send_event(self(), init),
{next_state, open_socket, StateData, ?FSMTIMEOUT}.
%% This state is use to avoid reconnecting to often to bad sockets
wait_before_retry(_Event, StateData) ->
{next_state, wait_before_retry, StateData, ?FSMTIMEOUT}.
relay_to_bridge(stop, StateData) ->
wait_before_reconnect(StateData);
relay_to_bridge(closed, StateData) ->
?INFO_MSG("relay to bridge: ~s -> ~s (closed)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
relay_to_bridge(_Event, StateData) ->
{next_state, relay_to_bridge, StateData}.
stream_established({xmlstreamelement, El}, StateData) ->
?DEBUG("s2S stream established", []),
case is_verify_res(El) of
{verify, VTo, VFrom, VId, VType} ->
?DEBUG("recv verify: ~p", [{VFrom, VTo, VId, VType}]),
case StateData#state.verify of
{VPid, _VKey, _SID} ->
case VType of
<<"valid">> ->
p1_fsm:send_event(VPid,
{valid, StateData#state.server,
StateData#state.myname});
_ ->
p1_fsm:send_event(VPid,
{invalid, StateData#state.server,
StateData#state.myname})
end;
_ -> ok
end;
_ -> ok
end,
{next_state, stream_established, StateData};
stream_established({xmlstreamend, _Name}, StateData) ->
?INFO_MSG("Connection closed in stream established: "
"~s -> ~s (xmlstreamend)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
stream_established({xmlstreamerror, _}, StateData) ->
send_text(StateData,
<<(?INVALID_XML_ERR)/binary,
(?STREAM_TRAILER)/binary>>),
?INFO_MSG("stream established: ~s -> ~s (xmlstreamerror)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
stream_established(timeout, StateData) ->
?INFO_MSG("stream established: ~s -> ~s (timeout)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData};
stream_established(closed, StateData) ->
?INFO_MSG("stream established: ~s -> ~s (closed)",
[StateData#state.myname, StateData#state.server]),
{stop, normal, StateData}.
%%----------------------------------------------------------------------
%% Func: StateName/3
%% Returns: {next_state, NextStateName, NextStateData} |
%% {next_state, NextStateName, NextStateData, Timeout} |
%% {reply, Reply, NextStateName, NextStateData} |
%% {reply, Reply, NextStateName, NextStateData, Timeout} |
%% {stop, Reason, NewStateData} |
%% {stop, Reason, Reply, NewStateData}
%%----------------------------------------------------------------------
%%state_name(Event, From, StateData) ->
%% Reply = ok,
%% {reply, Reply, state_name, StateData}.
handle_event(_Event, StateName, StateData) ->
{next_state, StateName, StateData,
get_timeout_interval(StateName)}.
handle_sync_event(get_state_infos, _From, StateName,
StateData) ->
{Addr, Port} = try
ejabberd_socket:peername(StateData#state.socket)
of
{ok, {A, P}} -> {A, P};
{error, _} -> {unknown, unknown}
catch
_:_ -> {unknown, unknown}
end,
Infos = [{direction, out}, {statename, StateName},
{addr, Addr}, {port, Port},
{streamid, StateData#state.streamid},
{use_v10, StateData#state.use_v10},
{tls, StateData#state.tls},
{tls_required, StateData#state.tls_required},
{tls_enabled, StateData#state.tls_enabled},
{tls_options, StateData#state.tls_options},
{authenticated, StateData#state.authenticated},
{db_enabled, StateData#state.db_enabled},
{try_auth, StateData#state.try_auth},
{myname, StateData#state.myname},
{server, StateData#state.server},
{delay_to_retry, StateData#state.delay_to_retry},
{verify, StateData#state.verify}],
Reply = {state_infos, Infos},
{reply, Reply, StateName, StateData};
%%----------------------------------------------------------------------
%% Func: handle_sync_event/4
%% Returns: {next_state, NextStateName, NextStateData} |
%% {next_state, NextStateName, NextStateData, Timeout} |
%% {reply, Reply, NextStateName, NextStateData} |
%% {reply, Reply, NextStateName, NextStateData, Timeout} |
%% {stop, Reason, NewStateData} |
%% {stop, Reason, Reply, NewStateData}
%%----------------------------------------------------------------------
handle_sync_event(_Event, _From, StateName,
StateData) ->
Reply = ok,
{reply, Reply, StateName, StateData,
get_timeout_interval(StateName)}.
code_change(_OldVsn, StateName, StateData, _Extra) ->
{ok, StateName, StateData}.
handle_info({send_text, Text}, StateName, StateData) ->
send_text(StateData, Text),
cancel_timer(StateData#state.timer),
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
{next_state, StateName, StateData#state{timer = Timer},
get_timeout_interval(StateName)};
handle_info({send_element, El}, StateName, StateData) ->
case StateName of
stream_established ->
cancel_timer(StateData#state.timer),
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
send_element(StateData, El),
{next_state, StateName, StateData#state{timer = Timer}};
%% In this state we bounce all message: We are waiting before
%% trying to reconnect
wait_before_retry ->
bounce_element(El, ?ERR_REMOTE_SERVER_NOT_FOUND),
{next_state, StateName, StateData};
relay_to_bridge ->
{Mod, Fun} = StateData#state.bridge,
?DEBUG("relaying stanza via ~p:~p/1", [Mod, Fun]),
case catch Mod:Fun(El) of
{'EXIT', Reason} ->
?ERROR_MSG("Error while relaying to bridge: ~p",
[Reason]),
bounce_element(El, ?ERR_INTERNAL_SERVER_ERROR),
wait_before_reconnect(StateData);
_ -> {next_state, StateName, StateData}
end;
_ ->
Q = queue:in(El, StateData#state.queue),
{next_state, StateName, StateData#state{queue = Q},
get_timeout_interval(StateName)}
end;
handle_info({timeout, Timer, _}, wait_before_retry,
#state{timer = Timer} = StateData) ->
?INFO_MSG("Reconnect delay expired: Will now retry "
"to connect to ~s when needed.",
[StateData#state.server]),
{stop, normal, StateData};
handle_info({timeout, Timer, _}, _StateName,
#state{timer = Timer} = StateData) ->
?INFO_MSG("Closing connection with ~s: timeout",
[StateData#state.server]),
{stop, normal, StateData};
handle_info(terminate_if_waiting_before_retry,
wait_before_retry, StateData) ->
{stop, normal, StateData};
handle_info(terminate_if_waiting_before_retry,
StateName, StateData) ->
{next_state, StateName, StateData,
get_timeout_interval(StateName)};
handle_info(_, StateName, StateData) ->
{next_state, StateName, StateData,
get_timeout_interval(StateName)}.
terminate(Reason, StateName, StateData) ->
?DEBUG("terminated: ~p", [{Reason, StateName}]),
case StateData#state.new of
false -> ok;
true ->
ejabberd_s2s:remove_connection({StateData#state.myname,
StateData#state.server},
self())
end,
bounce_queue(StateData#state.queue,
?ERR_REMOTE_SERVER_NOT_FOUND),
bounce_messages(?ERR_REMOTE_SERVER_NOT_FOUND),
case StateData#state.socket of
undefined -> ok;
_Socket -> ejabberd_socket:close(StateData#state.socket)
end,
ok.
print_state(State) -> State.
%%%----------------------------------------------------------------------
%%% Internal functions
%%%----------------------------------------------------------------------
send_text(StateData, Text) ->
ejabberd_socket:send(StateData#state.socket, Text).
send_element(StateData, El) ->
send_text(StateData, fxml:element_to_binary(El)).
send_queue(StateData, Q) ->
case queue:out(Q) of
{{value, El}, Q1} ->
send_element(StateData, El), send_queue(StateData, Q1);
{empty, _Q1} -> ok
end.
%% Bounce a single message (xmlelement)
bounce_element(El, Error) ->
#xmlel{attrs = Attrs} = El,
case fxml:get_attr_s(<<"type">>, Attrs) of
<<"error">> -> ok;
<<"result">> -> ok;
_ ->
Err = jlib:make_error_reply(El, Error),
From = jid:from_string(fxml:get_tag_attr_s(<<"from">>,
El)),
To = jid:from_string(fxml:get_tag_attr_s(<<"to">>,
El)),
ejabberd_router:route(To, From, Err)
end.
bounce_queue(Q, Error) ->
case queue:out(Q) of
{{value, El}, Q1} ->
bounce_element(El, Error), bounce_queue(Q1, Error);
{empty, _} -> ok
end.
new_id() -> randoms:get_string().
cancel_timer(Timer) ->
erlang:cancel_timer(Timer),
receive {timeout, Timer, _} -> ok after 0 -> ok end.
bounce_messages(Error) ->
receive
{send_element, El} ->
bounce_element(El, Error), bounce_messages(Error)
after 0 -> ok
end.
send_db_request(StateData) ->
Server = StateData#state.server,
New = case StateData#state.new of
false ->
ejabberd_s2s:try_register({StateData#state.myname, Server});
true ->
true
end,
NewStateData = StateData#state{new = New},
try case New of
false -> ok;
true ->
Key1 = ejabberd_s2s:make_key(
{StateData#state.myname, Server},
StateData#state.remote_streamid),
send_element(StateData,
#xmlel{name = <<"db:result">>,
attrs =
[{<<"from">>, StateData#state.myname},
{<<"to">>, Server}],
children = [{xmlcdata, Key1}]})
end,
case StateData#state.verify of
false -> ok;
{_Pid, Key2, SID} ->
send_element(StateData,
#xmlel{name = <<"db:verify">>,
attrs =
[{<<"from">>, StateData#state.myname},
{<<"to">>, StateData#state.server},
{<<"id">>, SID}],
children = [{xmlcdata, Key2}]})
end,
{next_state, wait_for_validation, NewStateData,
(?FSMTIMEOUT) * 6}
catch
_:_ -> {stop, normal, NewStateData}
end.
is_verify_res(#xmlel{name = Name, attrs = Attrs})
when Name == <<"db:result">> ->
{result, fxml:get_attr_s(<<"to">>, Attrs),
fxml:get_attr_s(<<"from">>, Attrs),
fxml:get_attr_s(<<"id">>, Attrs),
fxml:get_attr_s(<<"type">>, Attrs)};
is_verify_res(#xmlel{name = Name, attrs = Attrs})
when Name == <<"db:verify">> ->
{verify, fxml:get_attr_s(<<"to">>, Attrs),
fxml:get_attr_s(<<"from">>, Attrs),
fxml:get_attr_s(<<"id">>, Attrs),
fxml:get_attr_s(<<"type">>, Attrs)};
is_verify_res(_) -> false.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% SRV support
-include_lib("kernel/include/inet.hrl").
-spec get_addr_port(binary()) -> [{binary(), inet:port_number()}].
get_addr_port(Server) ->
Res = srv_lookup(Server),
case Res of
{error, Reason} ->
?DEBUG("srv lookup of '~s' failed: ~p~n",
[Server, Reason]),
[{Server, outgoing_s2s_port()}];
{ok, HEnt} ->
?DEBUG("srv lookup of '~s': ~p~n",
[Server, HEnt#hostent.h_addr_list]),
AddrList = HEnt#hostent.h_addr_list,
random:seed(p1_time_compat:timestamp()),
case catch lists:map(fun ({Priority, Weight, Port,
Host}) ->
N = case Weight of
0 -> 0;
_ ->
(Weight + 1) * random:uniform()
end,
{Priority * 65536 - N, Host, Port}
end,
AddrList)
of
SortedList = [_ | _] ->
List = lists:map(fun ({_, Host, Port}) ->
{list_to_binary(Host), Port}
end,
lists:keysort(1, SortedList)),
?DEBUG("srv lookup of '~s': ~p~n", [Server, List]),
List;
_ -> [{Server, outgoing_s2s_port()}]
end
end.
srv_lookup(Server) ->
TimeoutMs = timer:seconds(
ejabberd_config:get_option(
s2s_dns_timeout,
fun(I) when is_integer(I), I>=0 -> I end,
10)),
Retries = ejabberd_config:get_option(
s2s_dns_retries,
fun(I) when is_integer(I), I>=0 -> I end,
2),
srv_lookup(binary_to_list(Server), TimeoutMs, Retries).
%% XXX - this behaviour is suboptimal in the case that the domain
%% has a "_xmpp-server._tcp." but not a "_jabber._tcp." record and
%% we don't get a DNS reply for the "_xmpp-server._tcp." lookup. In this
%% case we'll give up when we get the "_jabber._tcp." nxdomain reply.
srv_lookup(_Server, _Timeout, Retries)
when Retries < 1 ->
{error, timeout};
srv_lookup(Server, Timeout, Retries) ->
case inet_res:getbyname("_xmpp-server._tcp." ++ Server,
srv, Timeout)
of
{error, _Reason} ->
case inet_res:getbyname("_jabber._tcp." ++ Server, srv,
Timeout)
of
{error, timeout} ->
?ERROR_MSG("The DNS servers~n ~p~ntimed out on "
"request for ~p IN SRV. You should check "
"your DNS configuration.",
[inet_db:res_option(nameserver), Server]),
srv_lookup(Server, Timeout, Retries - 1);
R -> R
end;
{ok, _HEnt} = R -> R
end.
test_get_addr_port(Server) ->
lists:foldl(fun (_, Acc) ->
[HostPort | _] = get_addr_port(Server),
case lists:keysearch(HostPort, 1, Acc) of
false -> [{HostPort, 1} | Acc];
{value, {_, Num}} ->
lists:keyreplace(HostPort, 1, Acc,
{HostPort, Num + 1})
end
end,
[], lists:seq(1, 100000)).
get_addrs(Host, Family) ->
Type = case Family of
inet4 -> inet;
ipv4 -> inet;
inet6 -> inet6;
ipv6 -> inet6
end,
case inet:gethostbyname(binary_to_list(Host), Type) of
{ok, #hostent{h_addr_list = Addrs}} ->
?DEBUG("~s of ~s resolved to: ~p~n",
[Type, Host, Addrs]),
Addrs;
{error, Reason} ->
?DEBUG("~s lookup of '~s' failed: ~p~n",
[Type, Host, Reason]),
[]
end.
outgoing_s2s_port() ->
ejabberd_config:get_option(
outgoing_s2s_port,
fun(I) when is_integer(I), I > 0, I =< 65536 -> I end,
5269).
outgoing_s2s_families() ->
ejabberd_config:get_option(
outgoing_s2s_families,
fun(Families) ->
true = lists:all(
fun(ipv4) -> true;
(ipv6) -> true
end, Families),
Families
end, [ipv4, ipv6]).
outgoing_s2s_timeout() ->
ejabberd_config:get_option(
outgoing_s2s_timeout,
fun(TimeOut) when is_integer(TimeOut), TimeOut > 0 ->
TimeOut;
(infinity) ->
infinity
end, 10000).
transform_options(Opts) ->
lists:foldl(fun transform_options/2, [], Opts).
transform_options({outgoing_s2s_options, Families, Timeout}, Opts) ->
?WARNING_MSG("Option 'outgoing_s2s_options' is deprecated. "
"The option is still supported "
"but it is better to fix your config: "
"use 'outgoing_s2s_timeout' and "
"'outgoing_s2s_families' instead.", []),
[{outgoing_s2s_families, Families},
{outgoing_s2s_timeout, Timeout}
| Opts];
transform_options({s2s_dns_options, S2SDNSOpts}, AllOpts) ->
?WARNING_MSG("Option 's2s_dns_options' is deprecated. "
"The option is still supported "
"but it is better to fix your config: "
"use 's2s_dns_timeout' and "
"'s2s_dns_retries' instead", []),
lists:foldr(
fun({timeout, T}, AccOpts) ->
[{s2s_dns_timeout, T}|AccOpts];
({retries, R}, AccOpts) ->
[{s2s_dns_retries, R}|AccOpts];
(_, AccOpts) ->
AccOpts
end, AllOpts, S2SDNSOpts);
transform_options(Opt, Opts) ->
[Opt|Opts].
%% Human readable S2S logging: Log only new outgoing connections as INFO
%% Do not log dialback
log_s2s_out(false, _, _, _) -> ok;
%% Log new outgoing connections:
log_s2s_out(_, Myname, Server, Tls) ->
?INFO_MSG("Trying to open s2s connection: ~s -> "
"~s with TLS=~p",
[Myname, Server, Tls]).
%% Calculate timeout depending on which state we are in:
%% Can return integer > 0 | infinity
get_timeout_interval(StateName) ->
case StateName of
%% Validation implies dialback: Networking can take longer:
wait_for_validation -> (?FSMTIMEOUT) * 6;
%% When stream is established, we only rely on S2S Timeout timer:
stream_established -> infinity;
_ -> ?FSMTIMEOUT
end.
%% This function is intended to be called at the end of a state
%% function that want to wait for a reconnect delay before stopping.
wait_before_reconnect(StateData) ->
bounce_queue(StateData#state.queue,
?ERR_REMOTE_SERVER_NOT_FOUND),
bounce_messages(?ERR_REMOTE_SERVER_NOT_FOUND),
cancel_timer(StateData#state.timer),
Delay = case StateData#state.delay_to_retry of
undefined_delay ->
{_, _, MicroSecs} = p1_time_compat:timestamp(), MicroSecs rem 14000 + 1000;
D1 -> lists:min([D1 * 2, get_max_retry_delay()])
end,
Timer = erlang:start_timer(Delay, self(), []),
{next_state, wait_before_retry,
StateData#state{timer = Timer, delay_to_retry = Delay,
queue = queue:new()}}.
get_max_retry_delay() ->
case ejabberd_config:get_option(
s2s_max_retry_delay,
fun(I) when is_integer(I), I > 0 -> I end) of
undefined -> ?MAX_RETRY_DELAY;
Seconds -> Seconds * 1000
end.
%% Terminate s2s_out connections that are in state wait_before_retry
terminate_if_waiting_delay(From, To) ->
FromTo = {From, To},
Pids = ejabberd_s2s:get_connections_pids(FromTo),
lists:foreach(fun (Pid) ->
Pid ! terminate_if_waiting_before_retry
end,
Pids).
fsm_limit_opts() ->
case ejabberd_config:get_option(
max_fsm_queue,
fun(I) when is_integer(I), I > 0 -> I end) of
undefined -> [];
N -> [{max_queue, N}]
end.
opt_type(domain_certfile) -> fun iolist_to_binary/1;
opt_type(max_fsm_queue) ->
fun (I) when is_integer(I), I > 0 -> I end;
opt_type(outgoing_s2s_families) ->
fun (Families) ->
true = lists:all(fun (ipv4) -> true;
(ipv6) -> true
end,
Families),
Families
end;
opt_type(outgoing_s2s_port) ->
fun (I) when is_integer(I), I > 0, I =< 65536 -> I end;
opt_type(outgoing_s2s_timeout) ->
fun (TimeOut) when is_integer(TimeOut), TimeOut > 0 ->
TimeOut;
(infinity) -> infinity
end;
opt_type(s2s_certfile) -> fun iolist_to_binary/1;
opt_type(s2s_ciphers) -> fun iolist_to_binary/1;
opt_type(s2s_dhfile) -> fun iolist_to_binary/1;
opt_type(s2s_dns_retries) ->
fun (I) when is_integer(I), I >= 0 -> I end;
opt_type(s2s_dns_timeout) ->
fun (I) when is_integer(I), I >= 0 -> I end;
opt_type(s2s_max_retry_delay) ->
fun (I) when is_integer(I), I > 0 -> I end;
opt_type(s2s_protocol_options) ->
fun (Options) ->
[_ | O] = lists:foldl(fun (X, Acc) -> X ++ Acc end, [],
[["|" | binary_to_list(Opt)]
|| Opt <- Options, is_binary(Opt)]),
iolist_to_binary(O)
end;
opt_type(s2s_tls_compression) ->
fun (true) -> true;
(false) -> false
end;
opt_type(s2s_use_starttls) ->
fun (true) -> true;
(false) -> false;
(optional) -> optional;
(required) -> required;
(required_trusted) -> required_trusted
end;
opt_type(_) ->
[domain_certfile, max_fsm_queue, outgoing_s2s_families,
outgoing_s2s_port, outgoing_s2s_timeout, s2s_certfile,
s2s_ciphers, s2s_dhfile, s2s_dns_retries, s2s_dns_timeout,
s2s_max_retry_delay, s2s_protocol_options,
s2s_tls_compression, s2s_use_starttls].