annotate mod_s2soutinjection/mod_s2soutinjection.lua @ 4127:e9e10ec1b91c

mod_firewall: Add checkcerts option for HTTP lists, cert verification disabled when SNI unsupported This provides a balance between security and usability. SNI is supported in Prosody trunk and in Prosody 0.11 from commit 30d3f6f85eb8 (scheduled for 0.11.7).
author Matthew Wild <mwild1@gmail.com>
date Tue, 15 Sep 2020 11:49:55 +0100
parents 4057f176be7b
children 864fefec1c07
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1089
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local st = require"util.stanza";
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local new_ip = require"util.ip".new_ip;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local new_outgoing = require"core.s2smanager".new_outgoing;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local bounce_sendq = module:depends"s2s".route_to_new_session.bounce_sendq;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local s2sout = module:depends"s2s".route_to_new_session.s2sout;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local injected = module:get_option("s2s_connect_overrides");
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local function isip(addr)
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 return not not (addr and addr:match("^%d+%.%d+%.%d+%.%d+$") or addr:match("^[%x:]*:[%x:]-:[%x:]*$"));
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 end
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 module:hook("route/remote", function(event)
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local inject = injected and injected[to_host];
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 if not inject then return end
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 log("debug", "opening a new outgoing connection for this stanza");
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local host_session = new_outgoing(from_host, to_host);
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 -- Store in buffer
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 host_session.bounce_sendq = bounce_sendq;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} };
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 log("debug", "stanza [%s] queued until connection complete", tostring(stanza.name));
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 local ip_hosts, srv_hosts = {}, {};
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 host_session.srv_hosts = srv_hosts;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 host_session.srv_choice = 0;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 if type(inject) == "string" then inject = { inject } end
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 for _, item in ipairs(inject) do
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 local host, port = item[1] or item, tonumber(item[2]) or 5269;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 if isip(host) then
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 ip_hosts[#ip_hosts+1] = { ip = new_ip(host), port = port }
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 else
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 srv_hosts[#srv_hosts+1] = { target = host, port = port }
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 end
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 end
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 if #ip_hosts > 0 then
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 host_session.ip_hosts = ip_hosts;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 host_session.ip_choice = 0; -- Incremented by try_next_ip
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 s2sout.try_next_ip(host_session);
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 return true;
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 end
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 return s2sout.try_connect(host_session, host_session.srv_hosts[1].target, host_session.srv_hosts[1].port);
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 end, -2);
4057f176be7b mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48