annotate mod_bidi/mod_bidi.lua @ 1329:8d99b9c4cf0c

mod_s2s_auth_dane: Verify that the pubkey method exists when the SPKI selector is used
author Kim Alvefur <zash@zash.se>
date Wed, 05 Mar 2014 17:42:15 +0100
parents 1818a7f08580
children db2ff8f29472
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- Bidirectional Server-to-Server Connections
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 -- http://xmpp.org/extensions/xep-0288.html
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Copyright (C) 2013 Kim Alvefur
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 --
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 -- This file is MIT/X11 licensed.
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 --
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local add_filter = require "util.filters".add_filter;
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local st = require "util.stanza";
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local jid_split = require"util.jid".prepped_split;
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
10 local core_process_stanza = prosody.core_process_stanza;
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
11 local traceback = debug.traceback;
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
12 local hosts = hosts;
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 local xmlns_bidi_feature = "urn:xmpp:features:bidi"
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local xmlns_bidi = "urn:xmpp:bidi";
1123
0e16e5e2f410 mod_bidi: Only allow or offer bidi on secure connections, with an option to revert to previous behaviour
Kim Alvefur <zash@zash.se>
parents: 1122
diff changeset
15 local secure_only = module:get_option_boolean("secure_bidi_only", true);
1127
38e56be11584 mod_bidi: Make sessions table weak
Kim Alvefur <zash@zash.se>
parents: 1126
diff changeset
16 local bidi_sessions = module:shared"sessions-cache";
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local function handleerr(err) log("error", "Traceback[s2s]: %s: %s", tostring(err), traceback()); end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 local function handlestanza(session, stanza)
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 if stanza.attr.xmlns == "jabber:client" then --COMPAT: Prosody pre-0.6.2 may send jabber:client
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 stanza.attr.xmlns = nil;
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 -- stanza = session.filter("stanzas/in", stanza);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 if stanza then
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 return xpcall(function () return core_process_stanza(session, stanza) end, handleerr);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 local function new_bidi(origin)
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
30 if origin.type == "s2sin" then -- then we create an "outgoing" bidirectional session
893
602e4c509095 mod_bidi: Close conflicting outgoing sessions when bidi is initiated, not requested.
Kim Alvefur <zash@zash.se>
parents: 892
diff changeset
31 local conflicting_session = hosts[origin.to_host].s2sout[origin.from_host]
602e4c509095 mod_bidi: Close conflicting outgoing sessions when bidi is initiated, not requested.
Kim Alvefur <zash@zash.se>
parents: 892
diff changeset
32 if conflicting_session then
894
d066987e00b7 mod_bidi: Lower severity of notice about outgoing stream being replaced by bidi
Kim Alvefur <zash@zash.se>
parents: 893
diff changeset
33 conflicting_session.log("info", "We already have an outgoing connection to %s, closing it...", origin.from_host);
893
602e4c509095 mod_bidi: Close conflicting outgoing sessions when bidi is initiated, not requested.
Kim Alvefur <zash@zash.se>
parents: 892
diff changeset
34 conflicting_session:close{ condition = "conflict", text = "Replaced by bidirectional stream" }
602e4c509095 mod_bidi: Close conflicting outgoing sessions when bidi is initiated, not requested.
Kim Alvefur <zash@zash.se>
parents: 892
diff changeset
35 end
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
36 bidi_sessions[origin.from_host] = origin;
1191
1818a7f08580 mod_bidi: Add missing 'is_bidi' flag for incoming s2s
Kim Alvefur <zash@zash.se>
parents: 1129
diff changeset
37 origin.is_bidi = true;
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
38 elseif origin.type == "s2sout" then -- handle incoming stanzas correctly
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
39 local bidi_session = {
1124
689e69df1cc4 mod_bidi: Make sure context for stanzas coming from bidi-enabled s2sout connections have the correct direction attribute
Kim Alvefur <zash@zash.se>
parents: 1123
diff changeset
40 type = "s2sin"; direction = "incoming";
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
41 is_bidi = true; orig_session = origin;
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
42 to_host = origin.from_host;
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
43 from_host = origin.to_host;
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
44 hosts = {};
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
45 }
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
46 origin.bidi_session = bidi_session;
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
47 setmetatable(bidi_session, { __index = origin });
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
48 module:fire_event("s2s-authenticated", { session = bidi_session, host = origin.to_host });
1125
901e361af918 mod_bidi: Fix accidentally module-global value
Kim Alvefur <zash@zash.se>
parents: 1124
diff changeset
49 local remote_host = origin.to_host;
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 add_filter(origin, "stanzas/in", function(stanza)
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 if stanza.attr.xmlns ~= nil then return stanza end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 local _, host = jid_split(stanza.attr.from);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 if host ~= remote_host then return stanza end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 handlestanza(bidi_session, stanza);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 end, 1);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 end
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
57 end
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
59 module:hook("route/remote", function(event)
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
60 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
61 if from_host ~= module.host then return end
1128
6b344b7e4781 mod_bidi: Allow route/remote event to continue if we couldn't send a stanza (in case the session was destroyed)
Kim Alvefur <zash@zash.se>
parents: 1127
diff changeset
62 local to_session = bidi_sessions[to_host];
1126
6fd328b8e136 mod_bidi: Don't try to send on destroyed sessions
Kim Alvefur <zash@zash.se>
parents: 1125
diff changeset
63 if not to_session or to_session.type ~= "s2sin" then return end
1129
ae0fa4d2005d mod_bidi: Revert to sends2s (Go to sleep zash, you're too tired to code)
Kim Alvefur <zash@zash.se>
parents: 1128
diff changeset
64 if to_session.sends2s(stanza) then return true end
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
65 end, -2);
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 -- Incoming s2s
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 module:hook("s2s-stream-features", function(event)
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 local origin, features = event.origin, event.features;
1191
1818a7f08580 mod_bidi: Add missing 'is_bidi' flag for incoming s2s
Kim Alvefur <zash@zash.se>
parents: 1129
diff changeset
70 if not origin.is_bidi and not origin.bidi_session and not origin.do_bidi
1818a7f08580 mod_bidi: Add missing 'is_bidi' flag for incoming s2s
Kim Alvefur <zash@zash.se>
parents: 1129
diff changeset
71 and not hosts[module.host].s2sout[origin.from_host]
1818a7f08580 mod_bidi: Add missing 'is_bidi' flag for incoming s2s
Kim Alvefur <zash@zash.se>
parents: 1129
diff changeset
72 and (not secure_only or (origin.cert_chain_status == "valid"
1818a7f08580 mod_bidi: Add missing 'is_bidi' flag for incoming s2s
Kim Alvefur <zash@zash.se>
parents: 1129
diff changeset
73 and origin.cert_identity_status == "valid")) then
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 module:log("debug", "Announcing support for bidirectional streams");
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 features:tag("bidi", { xmlns = xmlns_bidi_feature }):up();
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 end);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 module:hook("stanza/urn:xmpp:bidi:bidi", function(event)
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 local origin = event.session or event.origin;
1123
0e16e5e2f410 mod_bidi: Only allow or offer bidi on secure connections, with an option to revert to previous behaviour
Kim Alvefur <zash@zash.se>
parents: 1122
diff changeset
81 if not origin.is_bidi and not origin.bidi_session
0e16e5e2f410 mod_bidi: Only allow or offer bidi on secure connections, with an option to revert to previous behaviour
Kim Alvefur <zash@zash.se>
parents: 1122
diff changeset
82 and (not secure_only or origin.cert_chain_status == "valid"
0e16e5e2f410 mod_bidi: Only allow or offer bidi on secure connections, with an option to revert to previous behaviour
Kim Alvefur <zash@zash.se>
parents: 1122
diff changeset
83 and origin.cert_identity_status == "valid") then
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 module:log("debug", "%s requested bidirectional stream", origin.from_host);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 origin.do_bidi = true;
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 return true;
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88 end);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90 -- Outgoing s2s
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
91 module:hook("stanza/http://etherx.jabber.org/streams:features", function(event)
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
92 local origin = event.session or event.origin;
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93 if not ( origin.bidi_session or origin.is_bidi or origin.do_bidi)
1123
0e16e5e2f410 mod_bidi: Only allow or offer bidi on secure connections, with an option to revert to previous behaviour
Kim Alvefur <zash@zash.se>
parents: 1122
diff changeset
94 and event.stanza:get_child("bidi", xmlns_bidi_feature)
0e16e5e2f410 mod_bidi: Only allow or offer bidi on secure connections, with an option to revert to previous behaviour
Kim Alvefur <zash@zash.se>
parents: 1122
diff changeset
95 and (not secure_only or origin.cert_chain_status == "valid"
0e16e5e2f410 mod_bidi: Only allow or offer bidi on secure connections, with an option to revert to previous behaviour
Kim Alvefur <zash@zash.se>
parents: 1122
diff changeset
96 and origin.cert_identity_status == "valid") then
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
97 module:log("debug", "%s supports bidirectional streams", origin.to_host);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
98 origin.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi }));
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99 origin.do_bidi = true;
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
100 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 end, 160);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
102
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103 function enable_bidi(event)
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 local session = event.session;
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 if session.do_bidi and not ( session.is_bidi or session.bidi_session ) then
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
106 session.do_bidi = nil;
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
107 new_bidi(session);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
110
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111 module:hook("s2sin-established", enable_bidi);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
112 module:hook("s2sout-established", enable_bidi);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
113
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
114 function disable_bidi(event)
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
115 local session = event.session;
1122
6094d57c5387 mod_bidi: Minor cleanup
Kim Alvefur <zash@zash.se>
parents: 1121
diff changeset
116 if session.type == "s2sin" then
1121
c714ed7de4ee mod_bidi: Clean up and use 0.9+ routing APIs
Kim Alvefur <zash@zash.se>
parents: 932
diff changeset
117 bidi_sessions[session.from_host] = nil;
892
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
118 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 end
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
120
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
121 module:hook("s2sin-destroyed", disable_bidi);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
122 module:hook("s2sout-destroyed", disable_bidi);
148865199003 mod_bidi: Initial commit of XEP-0288 implementation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
123