/** send a packet to the client for this session */
void sess_route(sess_t sess, pkt_t pkt) {
int ns;
log_debug(ZONE, "routing pkt 0x%X to %s (%s) for %s", pkt, sess->c2s, sess->c2s_id, jid_full(sess->jid));
if(pkt == NULL)
return;
/* wrap it up */
ns = nad_append_namespace(pkt->nad, 1, uri_SESSION, "sm");
nad_set_attr(pkt->nad, 1, ns, "c2s", sess->c2s_id, 0);
nad_set_attr(pkt->nad, 1, ns, "sm", sess->sm_id, 0);
nad_set_attr(pkt->nad, 0, -1, "to", sess->c2s, 0);
nad_set_attr(pkt->nad, 0, -1, "from", sess->user->jid->domain, 0);
/* remove error attribute */
nad_set_attr(pkt->nad, 0, -1, "error", NULL, 0);
/* and send it out */
sx_nad_write(sess->user->sm->router, pkt->nad);
/* free up the packet */
if(pkt->rto != NULL) jid_free(pkt->rto);
if(pkt->rfrom != NULL) jid_free(pkt->rfrom);
if(pkt->to != NULL) jid_free(pkt->to);
if(pkt->from != NULL) jid_free(pkt->from);
free(pkt);
}
int stream_start (stream_t* strm, account_t* account) {
if (strm == NULL)
fatal ("stream_start: strm is null");
if (account == NULL)
fatal ("stream_start: account is null");
if (strm->state != STREAM_STATE_NONE)
fatal ("stream_start: strm->state is not STREAM_STATE_NONE");
int err = 0;
err = xmlwriter_start_stream (&strm->writer);
if (err != 0) return err;
struct stream_start_t sst;
sst.fTo = jid_of_string (account->jid->domain);
sst.fFrom = NULL;
sst.fId = NULL;
sst.fLang = strm->lang;
sst.fVersion = "1.0";
err = stream_start_encode (&strm->writer, &sst);
if (err != 0) return err;
jid_free (sst.fTo);
err = xmlwriter_flush (&strm->writer);
if (err != 0) return err;
strm->state = STREAM_STATE_START;
return 0;
}
/* presence packets to the sm */
static mod_ret_t _presence_pkt_sm(mod_instance_t mi, pkt_t pkt) {
module_t mod = mi->mod;
jid_t smjid;
/* only check presence/subs to server JID */
if(!(pkt->type & pkt_PRESENCE || pkt->type & pkt_S10N))
return mod_PASS;
smjid = jid_new(jid_user(pkt->to), -1);
/* handle subscription requests */
if(pkt->type == pkt_S10N) {
log_debug(ZONE, "accepting subscription request from %s", jid_full(pkt->from));
/* accept request */
pkt_router(pkt_create(mod->mm->sm, "presence", "subscribed", jid_user(pkt->from), jid_user(smjid)));
/* and subscribe back to theirs */
pkt_router(pkt_create(mod->mm->sm, "presence", "subscribe", jid_user(pkt->from), jid_user(smjid)));
pkt_free(pkt);
jid_free(smjid);
return mod_HANDLED;
}
/* handle unsubscribe requests */
if(pkt->type == pkt_S10N_UN) {
log_debug(ZONE, "accepting unsubscribe request from %s", jid_full(pkt->from));
/* ack the request */
pkt_router(pkt_create(mod->mm->sm, "presence", "unsubscribed", jid_user(pkt->from), jid_user(smjid)));
pkt_free(pkt);
jid_free(smjid);
return mod_HANDLED;
}
/* drop the rest */
log_debug(ZONE, "dropping presence from %s", jid_full(pkt->from));
pkt_free(pkt);
jid_free(smjid);
return mod_HANDLED;
}
static void _router_process_unbind(component_t comp, nad_t nad) {
int attr;
jid_t name;
attr = nad_find_attr(nad, 0, -1, "name", NULL);
if(attr < 0 || (name = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
log_debug(ZONE, "no or invalid 'name' on unbind packet, bouncing");
nad_set_attr(nad, 0, -1, "error", "400", 3);
sx_nad_write(comp->s, nad);
return;
}
if(xhash_get(comp->routes, name->domain) == NULL) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to unbind '%s', but it's not bound to this component", comp->ip, comp->port, name->domain);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
nad_set_attr(nad, 0, -1, "error", "404", 3);
sx_nad_write(comp->s, nad);
jid_free(name);
return;
}
xhash_zap(comp->r->log_sinks, name->domain);
_route_remove(comp->r->routes, name->domain, comp);
xhash_zap(comp->routes, name->domain);
if(comp->r->default_route != NULL && strcmp(comp->r->default_route, name->domain) == 0) {
log_write(comp->r->log, LOG_NOTICE, "[%s] default route offline", name->domain);
free((void*)(comp->r->default_route));
comp->r->default_route = NULL;
}
log_write(comp->r->log, LOG_NOTICE, "[%s] offline", name->domain);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
sx_nad_write(comp->s, nad);
/* deadvertise name */
if(xhash_get(comp->r->routes, name->domain) == NULL)
_router_advertise(comp->r, name->domain, comp, 1);
jid_free(name);
}
/** see if a jid is in an acl */
int aci_check(xht acls, char *type, jid_t jid)
{
jid_t list, dup;
dup = jid_dup(jid);
if (dup->resource[0]) {
/* resourceless version */
dup->resource[0] = '\0';
dup->dirty = 1;
}
log_debug(ZONE, "checking for '%s' in acl 'all'", jid_full(jid));
list = (jid_t) xhash_get(acls, "all");
if(jid_search(list, jid)) {
jid_free(dup);
return 1;
}
log_debug(ZONE, "checking for '%s' in acl 'all'", jid_user(dup));
if(jid_search(list, dup)) {
jid_free(dup);
return 1;
}
if(type != NULL) {
log_debug(ZONE, "checking for '%s' in acl '%s'", jid_full(jid), type);
list = (jid_t) xhash_get(acls, type);
if(jid_search(list, jid)) {
jid_free(dup);
return 1;
}
log_debug(ZONE, "checking for '%s' in acl '%s'", jid_user(dup), type);
if(jid_search(list, dup)) {
jid_free(dup);
return 1;
}
}
jid_free(dup);
return 0;
}
xht aci_load(sm_t sm)
{
xht acls;
int aelem, jelem, attr;
char type[33];
jid_t list, jid;
log_debug(ZONE, "loading aci");
acls = xhash_new(51);
if((aelem = nad_find_elem(sm->config->nad, 0, -1, "aci", 1)) < 0)
return acls;
aelem = nad_find_elem(sm->config->nad, aelem, -1, "acl", 1);
while(aelem >= 0)
{
list = NULL;
if((attr = nad_find_attr(sm->config->nad, aelem, -1, "type", NULL)) < 0)
{
aelem = nad_find_elem(sm->config->nad, aelem, -1, "acl", 0);
continue;
}
snprintf(type, 33, "%.*s", NAD_AVAL_L(sm->config->nad, attr), NAD_AVAL(sm->config->nad, attr));
log_debug(ZONE, "building list for '%s'", type);
jelem = nad_find_elem(sm->config->nad, aelem, -1, "jid", 1);
while(jelem >= 0)
{
if(NAD_CDATA_L(sm->config->nad, jelem) > 0)
{
jid = jid_new(NAD_CDATA(sm->config->nad, jelem), NAD_CDATA_L(sm->config->nad, jelem));
list = jid_append(list, jid);
log_debug(ZONE, "added '%s'", jid_user(jid));
jid_free(jid);
}
jelem = nad_find_elem(sm->config->nad, jelem, -1, "jid", 0);
}
if(list != NULL) {
xhash_put(acls, pstrdup(xhash_pool(acls), type), (void *) list);
}
aelem = nad_find_elem(sm->config->nad, aelem, -1, "acl", 0);
}
return acls;
}
/** free a single roster item */
static void _roster_free_walker(xht roster, const char *key, void *val, void *arg)
{
item_t item = (item_t) val;
int i;
jid_free(item->jid);
if(item->name != NULL)
free(item->name);
for(i = 0; i < item->ngroups; i++)
free(item->groups[i]);
free(item->groups);
free(item);
}
void aci_unload(xht acls)
{
jid_t list, jid;
log_debug(ZONE, "unloading acls");
if(xhash_iter_first(acls))
do {
xhash_iter_get(acls, NULL, NULL, (void *) &list);
while (list != NULL) {
jid = list;
list = list->next;
jid_free(jid);
}
} while(xhash_iter_next(acls));
return;
}
/** presence from the session */
static mod_ret_t _presence_in_sess(mod_instance_t mi, sess_t sess, pkt_t pkt) {
/* only handle presence */
if(!(pkt->type & pkt_PRESENCE))
return mod_PASS;
/* reset from if necessary */
if(pkt->from == NULL || jid_compare_user(pkt->from, sess->jid) != 0) {
if(pkt->from != NULL)
jid_free(pkt->from);
pkt->from = jid_dup(sess->jid);
nad_set_attr(pkt->nad, 1, -1, "from", jid_full(pkt->from), 0);
}
/* presence broadcast (T1, T2, T3) */
if(pkt->to == NULL)
pres_update(sess, pkt);
/* directed presence (T7, T8) */
else
pres_deliver(sess, pkt);
return mod_HANDLED;
}
static mod_ret_t _iq_private_in_sess(mod_instance_t mi, sess_t sess, pkt_t pkt) {
module_t mod = mi->mod;
int ns, elem, target, targetns;
st_ret_t ret;
char filter[4096];
os_t os;
os_object_t o;
nad_t nad;
pkt_t result;
sess_t sscan;
/* only handle private sets and gets */
if((pkt->type != pkt_IQ && pkt->type != pkt_IQ_SET) || pkt->ns != ns_PRIVATE)
return mod_PASS;
/* we're only interested in no to, to our host, or to us */
if(pkt->to != NULL && jid_compare_user(sess->jid, pkt->to) != 0 && strcmp(sess->jid->domain, jid_user(pkt->to)) != 0)
return mod_PASS;
ns = nad_find_scoped_namespace(pkt->nad, uri_PRIVATE, NULL);
elem = nad_find_elem(pkt->nad, 1, ns, "query", 1);
/* find the first child */
target = elem + 1;
while(target < pkt->nad->ecur)
{
if(pkt->nad->elems[target].depth > pkt->nad->elems[elem].depth)
break;
target++;
}
/* not found, so we're done */
if(target == pkt->nad->ecur)
return -stanza_err_BAD_REQUEST;
/* find the target namespace */
targetns = NAD_ENS(pkt->nad, target);
/* gotta have a namespace */
if(targetns < 0)
{
log_debug(ZONE, "no namespace specified");
return -stanza_err_BAD_REQUEST;
}
log_debug(ZONE, "processing private request for %.*s", NAD_NURI_L(pkt->nad, targetns), NAD_NURI(pkt->nad, targetns));
/* get */
if(pkt->type == pkt_IQ) {
#ifdef ENABLE_EXPERIMENTAL
/* remember that this resource requested the namespace */
if(sess->module_data[mod->index] == NULL) {
/* create new hash if necesary */
sess->module_data[mod->index] = xhash_new(101);
pool_cleanup(sess->p, (void (*))(void *) xhash_free, sess->module_data[mod->index]);
}
xhash_put(sess->module_data[mod->index], pstrdupx(sess->p, NAD_NURI(pkt->nad, targetns), NAD_NURI_L(pkt->nad, targetns)), (void *) 1);
#endif
snprintf(filter, 4096, "(ns=%i:%.*s)", NAD_NURI_L(pkt->nad, targetns), NAD_NURI_L(pkt->nad, targetns), NAD_NURI(pkt->nad, targetns));
ret = storage_get(sess->user->sm->st, "private", jid_user(sess->jid), filter, &os);
switch(ret) {
case st_SUCCESS:
if(os_iter_first(os)) {
o = os_iter_object(os);
if(os_object_get_nad(os, o, "xml", &nad)) {
result = pkt_new(sess->user->sm, nad_copy(nad));
if(result != NULL) {
nad_set_attr(result->nad, 1, -1, "type", "result", 6);
pkt_id(pkt, result);
pkt_sess(result, sess);
pkt_free(pkt);
os_free(os);
return mod_HANDLED;
}
}
}
os_free(os);
/* drop through */
log_debug(ZONE, "storage_get succeeded, but couldn't make packet, faking st_NOTFOUND");
case st_NOTFOUND:
log_debug(ZONE, "namespace not found, returning");
/*
* !!! really, we should just return a 404. 1.4 just slaps a
* result on the packet and sends it back. hurrah for
* legacy namespaces.
*/
nad_set_attr(pkt->nad, 1, -1, "type", "result", 6);
pkt_sess(pkt_tofrom(pkt), sess);
return mod_HANDLED;
case st_FAILED:
return -stanza_err_INTERNAL_SERVER_ERROR;
case st_NOTIMPL:
return -stanza_err_FEATURE_NOT_IMPLEMENTED;
}
}
os = os_new();
o = os_object_new(os);
snprintf(filter, 4096, "%.*s", NAD_NURI_L(pkt->nad, targetns), NAD_NURI(pkt->nad, targetns));
os_object_put(o, "ns", filter, os_type_STRING);
os_object_put(o, "xml", pkt->nad, os_type_NAD);
snprintf(filter, 4096, "(ns=%i:%.*s)", NAD_NURI_L(pkt->nad, targetns), NAD_NURI_L(pkt->nad, targetns), NAD_NURI(pkt->nad, targetns));
ret = storage_replace(sess->user->sm->st, "private", jid_user(sess->jid), filter, os);
os_free(os);
switch(ret) {
case st_FAILED:
return -stanza_err_INTERNAL_SERVER_ERROR;
case st_NOTIMPL:
return -stanza_err_FEATURE_NOT_IMPLEMENTED;
default:
/* create result packet */
result = pkt_create(sess->user->sm, "iq", "result", NULL, NULL);
pkt_id(pkt, result);
/* and flush it to the session */
pkt_sess(result, sess);
#ifdef ENABLE_EXPERIMENTAL
/* push it to all resources that read this xmlns item */
snprintf(filter, 4096, "%.*s", NAD_NURI_L(pkt->nad, targetns), NAD_NURI(pkt->nad, targetns));
for(sscan = sess->user->sessions; sscan != NULL; sscan = sscan->next) {
/* skip our resource and those that didn't read any private-storage */
if(sscan == sess || sscan->module_data[mod->index] == NULL)
continue;
/* check whether namespace was read */
if(xhash_get(sscan->module_data[mod->index], filter)) {
result = pkt_dup(pkt, jid_full(sscan->jid), NULL);
if(result->from != NULL) {
jid_free(result->from);
nad_set_attr(result->nad, 1, -1, "from", NULL, 0);
}
pkt_id_new(result);
pkt_sess(result, sscan);
}
}
#endif
/* finally free the packet */
pkt_free(pkt);
return mod_HANDLED;
}
/* we never get here */
return 0;
}
static void _router_process_route(component_t comp, nad_t nad) {
int atype, ato, afrom;
unsigned int dest;
struct jid_st sto, sfrom;
jid_static_buf sto_buf, sfrom_buf;
jid_t to = NULL, from = NULL;
routes_t targets;
component_t target;
union xhashv xhv;
/* init static jid */
jid_static(&sto,&sto_buf);
jid_static(&sfrom,&sfrom_buf);
if(nad_find_attr(nad, 0, -1, "error", NULL) >= 0) {
log_debug(ZONE, "dropping error packet, trying to avoid loops");
nad_free(nad);
return;
}
atype = nad_find_attr(nad, 0, -1, "type", NULL);
ato = nad_find_attr(nad, 0, -1, "to", NULL);
afrom = nad_find_attr(nad, 0, -1, "from", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
if(afrom >= 0) from = jid_reset(&sfrom, NAD_AVAL(nad, afrom), NAD_AVAL_L(nad, afrom));
/* unicast */
if(atype < 0) {
if(to == NULL || from == NULL) {
log_debug(ZONE, "unicast route with missing or invalid to or from, bouncing");
nad_set_attr(nad, 0, -1, "error", "400", 3);
_router_comp_write(comp, nad);
return;
}
log_debug(ZONE, "unicast route from %s to %s", from->domain, to->domain);
/* check the from */
if(xhash_get(comp->routes, from->domain) == NULL) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to send a packet from '%s', but that name is not bound to this component", comp->ip, comp->port, from->domain);
nad_set_attr(nad, 0, -1, "error", "401", 3);
_router_comp_write(comp, nad);
return;
}
/* filter it */
if(comp->r->filter != NULL) {
int ret = filter_packet(comp->r, nad);
if(ret == stanza_err_REDIRECT) {
ato = nad_find_attr(nad, 0, -1, "to", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
}
else if(ret > 0) {
log_debug(ZONE, "packet filtered out: %s (%s)", _stanza_errors[ret - stanza_err_BAD_REQUEST].name, _stanza_errors[ret - stanza_err_BAD_REQUEST].code);
nad_set_attr(nad, 0, -1, "error", _stanza_errors[ret - stanza_err_BAD_REQUEST].code, 3);
_router_comp_write(comp, nad);
return;
}
}
/* find a target */
targets = xhash_get(comp->r->routes, to->domain);
if(targets == NULL) {
if(comp->r->default_route != NULL && strcmp(from->domain, comp->r->default_route) == 0) {
log_debug(ZONE, "%s is unbound, bouncing", from->domain);
nad_set_attr(nad, 0, -1, "error", "404", 3);
_router_comp_write(comp, nad);
return;
}
targets = xhash_get(comp->r->routes, comp->r->default_route);
}
if(targets == NULL) {
log_debug(ZONE, "%s is unbound, and no default route, bouncing", to->domain);
nad_set_attr(nad, 0, -1, "error", "404", 3);
_router_comp_write(comp, nad);
return;
}
/* copy to any log sinks */
if(xhash_count(comp->r->log_sinks) > 0)
xhash_walk(comp->r->log_sinks, _router_route_log_sink, (void *) nad);
/* get route candidate */
if(targets->ncomp == 1) {
dest = 0;
}
else {
switch(targets->rtype) {
case route_MULTI_TO:
ato = nad_find_attr(nad, 1, -1, "to", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
else {
ato = nad_find_attr(nad, 1, -1, "target", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
else {
const char *out; int len;
nad_print(nad, 0, &out, &len);
log_write(comp->r->log, LOG_ERR, "Cannot get destination for multiple route: %.*s", len, out);
}
}
break;
case route_MULTI_FROM:
ato = nad_find_attr(nad, 1, -1, "from", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
else {
const char *out; int len;
nad_print(nad, 0, &out, &len);
log_write(comp->r->log, LOG_ERR, "Cannot get source for multiple route: %.*s", len, out);
}
break;
default:
log_write(comp->r->log, LOG_ERR, "Multiple components bound to single component route '%s'", targets->name);
/* simulate no 'to' info in this case */
}
if(to->node == NULL || strlen(to->node) == 0) {
/* no node in destination JID - going random */
dest = rand();
log_debug(ZONE, "randomized to %u %% %d = %d", dest, targets->ncomp, dest % targets->ncomp);
}
else {
/* use JID hash */
unsigned char hashval[20];
unsigned int *val;
int i;
shahash_raw(jid_user(to), hashval);
val = (unsigned int *) hashval;
dest = *val;
for(i=1; i < 20 / (sizeof(unsigned int)/sizeof(unsigned char)); i++, val++) {
dest ^= *val;
}
dest >>= 2;
log_debug(ZONE, "JID %s hashed to %u %% %d = %d", jid_user(to), dest, targets->ncomp, dest % targets->ncomp);
/* jid_user() calls jid_expand() which may allocate some memory in _user and _full */
if (to->_user != NULL )
free(to->_user);
if (to->_full != NULL )
free(to->_full);
}
dest = dest % targets->ncomp;
}
target = targets->comp[dest];
/* push it out */
log_debug(ZONE, "writing route for '%s'*%u to %s, port %d", to->domain, dest+1, target->ip, target->port);
/* if logging enabled, log messages that match our criteria */
if (comp->r->message_logging_enabled && comp->r->message_logging_file != NULL) {
int attr_msg_to;
int attr_msg_from;
int attr_route_to;
int attr_route_from;
jid_t jid_msg_from = NULL;
jid_t jid_msg_to = NULL;
jid_t jid_route_from = NULL;
jid_t jid_route_to = NULL;
if ((NAD_ENAME_L(nad, 1) == 7 && strncmp("message", NAD_ENAME(nad, 1), 7) == 0) && // has a "message" element
((attr_route_from = nad_find_attr(nad, 0, -1, "from", NULL)) >= 0) &&
((attr_route_to = nad_find_attr(nad, 0, -1, "to", NULL)) >= 0) &&
((strncmp(NAD_AVAL(nad, attr_route_to), "c2s", 3)) != 0) && // ignore messages to "c2s" or we'd have dups
((jid_route_from = jid_new(NAD_AVAL(nad, attr_route_from), NAD_AVAL_L(nad, attr_route_from))) != NULL) && // has valid JID source in route
((jid_route_to = jid_new(NAD_AVAL(nad, attr_route_to), NAD_AVAL_L(nad, attr_route_to))) != NULL) && // has valid JID destination in route
((attr_msg_from = nad_find_attr(nad, 1, -1, "from", NULL)) >= 0) &&
((attr_msg_to = nad_find_attr(nad, 1, -1, "to", NULL)) >= 0) &&
((jid_msg_from = jid_new(NAD_AVAL(nad, attr_msg_from), NAD_AVAL_L(nad, attr_msg_from))) != NULL) && // has valid JID source in message
((jid_msg_to = jid_new(NAD_AVAL(nad, attr_msg_to), NAD_AVAL_L(nad, attr_msg_to))) != NULL)) // has valid JID dest in message
{
message_log(nad, comp->r, jid_full(jid_msg_from), jid_full(jid_msg_to));
}
if (jid_msg_from != NULL)
jid_free(jid_msg_from);
if (jid_msg_to != NULL)
jid_free(jid_msg_to);
if (jid_route_from != NULL)
jid_free(jid_route_from);
if (jid_route_to != NULL)
jid_free(jid_route_to);
}
_router_comp_write(target, nad);
return;
}
/* broadcast */
if(NAD_AVAL_L(nad, atype) == 9 && strncmp("broadcast", NAD_AVAL(nad, atype), 9) == 0) {
if(from == NULL) {
log_debug(ZONE, "broadcast route with missing or invalid from, bouncing");
nad_set_attr(nad, 0, -1, "error", "400", 3);
_router_comp_write(comp, nad);
return;
}
log_debug(ZONE, "broadcast route from %s", from->domain);
/* check the from */
if(xhash_get(comp->routes, from->domain) == NULL) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to send a packet from '%s', but that name is not bound to this component", comp->ip, comp->port, from->domain);
nad_set_attr(nad, 0, -1, "error", "401", 3);
_router_comp_write(comp, nad);
return;
}
/* loop the components and distribute */
if(xhash_iter_first(comp->r->components))
do {
xhv.comp_val = ⌖
xhash_iter_get(comp->r->components, NULL, NULL, xhv.val);
if(target != comp) {
log_debug(ZONE, "writing broadcast to %s, port %d", target->ip, target->port);
_router_comp_write(target, nad_copy(nad));
}
} while(xhash_iter_next(comp->r->components));
nad_free(nad);
return;
}
log_debug(ZONE, "unknown route type '%.*s', dropping", NAD_AVAL_L(nad, atype), NAD_AVAL(nad, atype));
nad_free(nad);
}
static void _router_process_bind(component_t comp, nad_t nad) {
int attr, multi, n;
jid_t name;
alias_t alias;
char *user, *c;
attr = nad_find_attr(nad, 0, -1, "name", NULL);
if(attr < 0 || (name = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
log_debug(ZONE, "no or invalid 'name' on bind packet, bouncing");
nad_set_attr(nad, 0, -1, "error", "400", 3);
sx_nad_write(comp->s, nad);
return;
}
user = strdup(comp->s->auth_id);
c = strchr(user, '@');
if(c != NULL) *c = '\0';
if(strcmp(user, name->domain) != 0 && !aci_check(comp->r->aci, "bind", user)) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to bind '%s', but their username (%s) is not permitted to bind other names", comp->ip, comp->port, name->domain, user);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
nad_set_attr(nad, 0, -1, "error", "403", 3);
sx_nad_write(comp->s, nad);
jid_free(name);
free(user);
return;
}
multi = nad_find_attr(nad, 0, -1, "multi", NULL);
if(xhash_get(comp->r->routes, name->domain) != NULL && multi < 0) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to bind '%s', but it's already bound", comp->ip, comp->port, name->domain);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
nad_set_attr(nad, 0, -1, "error", "409", 3);
sx_nad_write(comp->s, nad);
jid_free(name);
free(user);
return;
}
for(alias = comp->r->aliases; alias != NULL; alias = alias->next)
if(strcmp(alias->name, name->domain) == 0) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to bind '%s', but that name is aliased", comp->ip, comp->port);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
nad_set_attr(nad, 0, -1, "error", "409", 3);
sx_nad_write(comp->s, nad);
jid_free(name);
free(user);
return;
}
/* default route */
if(nad_find_elem(nad, 0, NAD_ENS(nad, 0), "default", 1) >= 0) {
if(!aci_check(comp->r->aci, "default-route", user)) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to bind '%s' as the default route, but their username (%s) is not permitted to set a default route", comp->ip, comp->port, name->domain, user);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
nad_set_attr(nad, 0, -1, "error", "403", 3);
sx_nad_write(comp->s, nad);
jid_free(name);
free(user);
return;
}
if(comp->r->default_route != NULL) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to bind '%s' as the default route, but one already exists", comp->ip, comp->port, name->domain);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
nad_set_attr(nad, 0, -1, "error", "409", 3);
sx_nad_write(comp->s, nad);
jid_free(name);
return;
}
log_write(comp->r->log, LOG_NOTICE, "[%s] set as default route", name->domain);
comp->r->default_route = strdup(name->domain);
}
/* log sinks */
if(nad_find_elem(nad, 0, NAD_ENS(nad, 0), "log", 1) >= 0) {
if(!aci_check(comp->r->aci, "log", user)) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to bind '%s' as a log sink, but their username (%s) is not permitted to do this", comp->ip, comp->port, name->domain, user);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
nad_set_attr(nad, 0, -1, "error", "403", 3);
sx_nad_write(comp->s, nad);
jid_free(name);
free(user);
return;
}
log_write(comp->r->log, LOG_NOTICE, "[%s] set as log sink", name->domain);
xhash_put(comp->r->log_sinks, pstrdup(xhash_pool(comp->r->log_sinks), name->domain), (void *) comp);
}
free(user);
n = _route_add(comp->r->routes, name->domain, comp, multi<0?route_SINGLE:route_MULTI_TO);
xhash_put(comp->routes, pstrdup(xhash_pool(comp->routes), name->domain), (void *) comp);
if(n>1)
log_write(comp->r->log, LOG_NOTICE, "[%s]:%d online (bound to %s, port %d)", name->domain, n, comp->ip, comp->port);
else
log_write(comp->r->log, LOG_NOTICE, "[%s] online (bound to %s, port %d)", name->domain, comp->ip, comp->port);
nad_set_attr(nad, 0, -1, "name", NULL, 0);
sx_nad_write(comp->s, nad);
/* advertise name */
_router_advertise(comp->r, name->domain, comp, 0);
/* tell the new component about everyone else */
xhash_walk(comp->r->routes, _router_advertise_reverse, (void *) comp);
/* bind aliases */
for(alias = comp->r->aliases; alias != NULL; alias = alias->next) {
if(strcmp(alias->target, name->domain) == 0) {
_route_add(comp->r->routes, name->domain, comp, route_MULTI_TO);
xhash_put(comp->routes, pstrdup(xhash_pool(comp->routes), alias->name), (void *) comp);
log_write(comp->r->log, LOG_NOTICE, "[%s] online (alias of '%s', bound to %s, port %d)", alias->name, name->domain, comp->ip, comp->port);
/* advertise name */
_router_advertise(comp->r, alias->name, comp, 0);
}
}
/* done with this */
jid_free(name);
}
/** they're trying to send us something */
static void _in_packet(conn_t in, nad_t nad) {
int attr, ns, sns;
jid_t from, to;
char *rkey;
attr = nad_find_attr(nad, 0, -1, "from", NULL);
if(attr < 0 || (from = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
log_debug(ZONE, "missing or invalid from on incoming packet");
nad_free(nad);
return;
}
attr = nad_find_attr(nad, 0, -1, "to", NULL);
if(attr < 0 || (to = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
log_debug(ZONE, "missing or invalid to on incoming packet");
jid_free(from);
nad_free(nad);
return;
}
rkey = s2s_route_key(NULL, to->domain, from->domain);
log_debug(ZONE, "received packet from %s for %s", in->key, rkey);
/* drop packets received on routes not valid on that connection as per XMPP 8.3.10 */
if((conn_state_t) xhash_get(in->states, rkey) != conn_VALID) {
log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] dropping packet on unvalidated route: '%s'", in->fd->fd, in->ip, in->port, rkey);
free(rkey);
nad_free(nad);
jid_free(from);
jid_free(to);
return;
}
free(rkey);
/* its good, off to the router with it */
log_debug(ZONE, "incoming packet on valid route, preparing it for the router");
/* rewrite server packets into client packets */
ns = nad_find_namespace(nad, 0, uri_SERVER, NULL);
if(ns >= 0) {
if(nad->elems[0].ns == ns)
nad->elems[0].ns = nad->nss[nad->elems[0].ns].next;
else {
for(sns = nad->elems[0].ns; sns >= 0 && nad->nss[sns].next != ns; sns = nad->nss[sns].next);
nad->nss[sns].next = nad->nss[nad->nss[sns].next].next;
}
}
/*
* If stanza is not in any namespace (either because we removed the
* jabber:server namespace above or because it's in the default
* namespace for this stream) then this packet is intended to be
* handled by sm (and not just routed through the server), so set the
* jabber:client namespace.
*/
if(ns >= 0 || nad->elems[0].ns < 0) {
ns = nad_add_namespace(nad, uri_CLIENT, NULL);
nad->scope = -1;
nad->nss[ns].next = nad->elems[0].ns;
nad->elems[0].ns = ns;
}
nad->elems[0].my_ns = nad->elems[0].ns;
/* wrap up the packet */
ns = nad_add_namespace(nad, uri_COMPONENT, "comp");
nad_wrap_elem(nad, 0, ns, "route");
nad_set_attr(nad, 0, -1, "to", to->domain, 0);
nad_set_attr(nad, 0, -1, "from", in->s2s->id, 0); /* route is from s2s, not packet source */
log_debug(ZONE, "sending packet to %s", to->domain);
/* go */
sx_nad_write(in->s2s->router, nad);
jid_free(from);
jid_free(to);
}
/** validate their key */
static void _in_verify(conn_t in, nad_t nad) {
int attr;
jid_t from, to;
char *id, *dbkey, *type;
attr = nad_find_attr(nad, 0, -1, "from", NULL);
if(attr < 0 || (from = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
log_debug(ZONE, "missing or invalid from on db verify packet");
nad_free(nad);
return;
}
attr = nad_find_attr(nad, 0, -1, "to", NULL);
if(attr < 0 || (to = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
log_debug(ZONE, "missing or invalid to on db verify packet");
jid_free(from);
nad_free(nad);
return;
}
attr = nad_find_attr(nad, 0, -1, "id", NULL);
if(attr < 0) {
log_debug(ZONE, "missing id on db verify packet");
jid_free(from);
jid_free(to);
nad_free(nad);
return;
}
if(NAD_CDATA_L(nad, 0) <= 0) {
log_debug(ZONE, "no cdata on db verify packet");
jid_free(from);
jid_free(to);
nad_free(nad);
return;
}
/* extract the id */
id = (char *) malloc(sizeof(char) * (NAD_AVAL_L(nad, attr) + 1));
snprintf(id, NAD_AVAL_L(nad, attr) + 1, "%.*s", NAD_AVAL_L(nad, attr), NAD_AVAL(nad, attr));
/* generate a dialback key */
dbkey = s2s_db_key(NULL, in->s2s->local_secret, from->domain, id);
/* valid */
if(NAD_CDATA_L(nad, 0) == strlen(dbkey) && strncmp(dbkey, NAD_CDATA(nad, 0), NAD_CDATA_L(nad, 0)) == 0) {
log_debug(ZONE, "valid dialback key %s, verify succeeded", dbkey);
type = "valid";
} else {
log_debug(ZONE, "invalid dialback key %s, verify failed", dbkey);
type = "invalid";
}
log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] checking dialback verification from %s: sending %s", in->fd->fd, in->ip, in->port, from->domain, type);
log_debug(ZONE, "letting them know");
/* now munge the packet and send it back to them */
stanza_tofrom(nad, 0);
nad_set_attr(nad, 0, -1, "type", type, 0);
nad->elems[0].icdata = nad->elems[0].itail = -1;
nad->elems[0].lcdata = nad->elems[0].ltail = 0;
sx_nad_write(in->s, nad);
free(dbkey);
free(id);
jid_free(from);
jid_free(to);
return;
}
/** auth requests */
static void _in_result(conn_t in, nad_t nad) {
int attr, ns;
jid_t from, to;
char *rkey;
nad_t verify;
pkt_t pkt;
time_t now;
attr = nad_find_attr(nad, 0, -1, "from", NULL);
if(attr < 0 || (from = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
log_debug(ZONE, "missing or invalid from on db result packet");
nad_free(nad);
return;
}
attr = nad_find_attr(nad, 0, -1, "to", NULL);
if(attr < 0 || (to = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
log_debug(ZONE, "missing or invalid to on db result packet");
jid_free(from);
nad_free(nad);
return;
}
rkey = s2s_route_key(NULL, to->domain, from->domain);
log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] received dialback auth request for route '%s'", in->fd->fd, in->ip, in->port, rkey);
/* get current state */
if((conn_state_t) xhash_get(in->states, rkey) == conn_VALID) {
log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] route '%s' is already valid: sending valid", in->fd->fd, in->ip, in->port, rkey);
/* its already valid, just reply right now */
stanza_tofrom(nad, 0);
nad_set_attr(nad, 0, -1, "type", "valid", 5);
nad->elems[0].icdata = nad->elems[0].itail = -1;
nad->elems[0].lcdata = nad->elems[0].ltail = 0;
sx_nad_write(in->s, nad);
free(rkey);
jid_free(from);
jid_free(to);
return;
}
/* not valid, so we need to verify */
/* need the key */
if(NAD_CDATA_L(nad, 0) <= 0) {
log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] no dialback key given with db result packet", in->fd->fd, in->ip, in->port, rkey);
free(rkey);
nad_free(nad);
jid_free(from);
jid_free(to);
return;
}
log_debug(ZONE, "requesting verification for route %s", rkey);
/* set the route status to INPROGRESS and set timestamp */
xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_INPROGRESS);
/* record the time that we set conn_INPROGRESS state */
now = time(NULL);
xhash_put(in->states_time, pstrdup(xhash_pool(in->states_time), rkey), (void *) now);
free(rkey);
/* new packet */
verify = nad_new();
ns = nad_add_namespace(verify, uri_DIALBACK, "db");
nad_append_elem(verify, ns, "verify", 0);
nad_append_attr(verify, -1, "to", from->domain);
nad_append_attr(verify, -1, "from", to->domain);
nad_append_attr(verify, -1, "id", in->s->id);
nad_append_cdata(verify, NAD_CDATA(nad, 0), NAD_CDATA_L(nad, 0), 1);
/* new packet */
pkt = (pkt_t) calloc(1, sizeof(struct pkt_st));
pkt->nad = verify;
pkt->to = from;
pkt->from = to;
pkt->db = 1;
/* its away */
out_packet(in->s2s, pkt);
nad_free(nad);
}
static mod_ret_t _session_in_router(mod_instance_t mi, pkt_t pkt) {
sm_t sm = mi->mod->mm->sm;
int ns, iq, elem, attr;
jid_t jid;
sess_t sess = (sess_t) NULL;
mod_ret_t ret;
/* if we've got this namespace, its from a c2s */
if(pkt->nad->ecur <= 1 || (ns = nad_find_namespace(pkt->nad, 1, uri_SESSION, NULL)) < 0)
return mod_PASS;
/* don't bother if its a failure */
if(pkt->type & pkt_SESS_FAILED) {
/* !!! check failed=1, handle */
pkt_free(pkt);
return mod_HANDLED;
}
/* session commands */
if(pkt->type & pkt_SESS) {
ns = nad_find_namespace(pkt->nad, 1, uri_SESSION, NULL);
/* only end can get away without a target */
attr = nad_find_attr(pkt->nad, 1, -1, "target", NULL);
if(attr < 0 && pkt->type != pkt_SESS_END) {
nad_set_attr(pkt->nad, 1, ns, "failed", "1", 1);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
return mod_HANDLED;
}
/* session start */
if(pkt->type == pkt_SESS) {
jid = jid_new(NAD_AVAL(pkt->nad, attr), NAD_AVAL_L(pkt->nad, attr));
if(jid != NULL)
sess = sess_start(sm, jid);
if(jid == NULL || sess == NULL) {
nad_set_attr(pkt->nad, 1, ns, "failed", "1", 1);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
if(jid != NULL)
jid_free(jid);
return mod_HANDLED;
}
/* c2s component that is handling this session */
strcpy(sess->c2s, pkt->rfrom->domain);
/* remember what c2s calls us */
attr = nad_find_attr(pkt->nad, 1, ns, "c2s", NULL);
snprintf(sess->c2s_id, sizeof(sess->c2s_id), "%.*s", NAD_AVAL_L(pkt->nad, attr), NAD_AVAL(pkt->nad, attr));
/* mark PBX session as fake */
if(!strncmp("PBX", sess->c2s_id, 3)) {
sess->fake = 1;
}
/* add our id */
nad_set_attr(pkt->nad, 1, ns, "sm", sess->sm_id, 0);
/* mark that it started OK */
nad_set_attr(pkt->nad, 1, -1, "action", "started", 7);
/* set this SM name */
nad_set_attr(pkt->nad, 0, -1, "to", sm->id, 0);
/* inform c2s */
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
jid_free(jid);
return mod_HANDLED;
}
/* user create */
if(pkt->type == pkt_SESS_CREATE) {
jid = jid_new(NAD_AVAL(pkt->nad, attr), NAD_AVAL_L(pkt->nad, attr));
if(jid == NULL || user_create(sm, jid) != 0) {
nad_set_attr(pkt->nad, 1, ns, "failed", "1", 1);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
if(jid != NULL)
jid_free(jid);
return mod_HANDLED;
}
/* inform c2s */
nad_set_attr(pkt->nad, 1, -1, "action", "created", 7);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
jid_free(jid);
return mod_HANDLED;
}
/* user delete */
if(pkt->type == pkt_SESS_DELETE) {
jid = jid_new(NAD_AVAL(pkt->nad, attr), NAD_AVAL_L(pkt->nad, attr));
if(jid == NULL) {
pkt_free(pkt);
return mod_HANDLED;
}
user_delete(sm, jid);
/* inform c2s */
nad_set_attr(pkt->nad, 1, -1, "action", "deleted", 7);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
jid_free(jid);
return mod_HANDLED;
}
/* get the session id */
attr = nad_find_attr(pkt->nad, 1, ns, "sm", NULL);
if(attr < 0) {
log_debug(ZONE, "no session id, bouncing");
nad_set_attr(pkt->nad, 1, ns, "failed", "1", 1);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
return mod_HANDLED;
}
/* find the corresponding session */
sess = xhash_getx(sm->sessions, NAD_AVAL(pkt->nad, attr), NAD_AVAL_L(pkt->nad, attr));
/* active check */
if(sess == NULL) {
log_debug(ZONE, "session %.*s doesn't exist, bouncing", NAD_AVAL_L(pkt->nad, attr), NAD_AVAL(pkt->nad, attr));
nad_set_attr(pkt->nad, 1, ns, "failed", "1", 1);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
return mod_HANDLED;
}
/* make sure its from them */
attr = nad_find_attr(pkt->nad, 1, ns, "c2s", NULL);
if(attr >= 0 && (strlen(sess->c2s_id) != NAD_AVAL_L(pkt->nad, attr) || strncmp(sess->c2s_id, NAD_AVAL(pkt->nad, attr), NAD_AVAL_L(pkt->nad, attr)) != 0)) {
log_debug(ZONE, "invalid sender on route from %s for session %s (should be %s)", pkt->rfrom->domain, sess->sm_id, sess->c2s_id);
pkt_free(pkt);
return mod_HANDLED;
}
/* session end */
if(pkt->type == pkt_SESS_END) {
sm_c2s_action(sess, "ended", NULL);
sess_end(sess);
pkt_free(pkt);
return mod_HANDLED;
}
log_debug(ZONE, "unknown session packet, dropping");
pkt_free(pkt);
return mod_HANDLED;
}
/* otherwise, its a normal packet for the session */
/* #ifdef ENABLE_SUPERSEDED // FIXME XXX TODO clients are not yet ready for this */
/* check for RFC3920 session request *
* with RFC3920bis it is unneeded *
* session is activated by bind, so we just return back result */
if((ns = nad_find_scoped_namespace(pkt->nad, uri_XSESSION, NULL)) >= 0 &&
(iq = nad_find_elem(pkt->nad, 0, -1, "iq", 1)) >= 0 &&
(elem = nad_find_elem(pkt->nad, iq, ns, "session", 1)) >= 0) {
log_debug(ZONE, "session create request");
/* build a result packet */
nad_drop_elem(pkt->nad, elem);
nad_set_attr(pkt->nad, iq, -1, "type", "result", 6);
/* return the result */
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
return mod_HANDLED;
}
/* #endif */
/* get the session id */
attr = nad_find_attr(pkt->nad, 1, ns, "sm", NULL);
if(attr < 0) {
log_debug(ZONE, "no session id, bouncing");
nad_set_attr(pkt->nad, 1, ns, "failed", "1", 1);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
return mod_HANDLED;
}
/* find the corresponding session */
sess = xhash_getx(sm->sessions, NAD_AVAL(pkt->nad, attr), NAD_AVAL_L(pkt->nad, attr));
/* active check */
if(sess == NULL) {
log_debug(ZONE, "session %.*s doesn't exist, bouncing", NAD_AVAL_L(pkt->nad, attr), NAD_AVAL(pkt->nad, attr));
nad_set_attr(pkt->nad, 1, ns, "failed", "1", 1);
sx_nad_write(sm->router, stanza_tofrom(pkt->nad, 0));
pkt->nad = NULL;
pkt_free(pkt);
return mod_HANDLED;
}
/* make sure its from them */
attr = nad_find_attr(pkt->nad, 1, ns, "c2s", NULL);
if(attr >= 0 && (strlen(sess->c2s_id) != NAD_AVAL_L(pkt->nad, attr) || strncmp(sess->c2s_id, NAD_AVAL(pkt->nad, attr), NAD_AVAL_L(pkt->nad, attr)) != 0)) {
log_debug(ZONE, "invalid sender on route from %s for session %s (should be %s)", jid_full(pkt->rfrom), sess->sm_id, sess->c2s_id);
pkt_free(pkt);
return mod_HANDLED;
}
/* where it came from */
pkt->source = sess;
/* hand it to the modules */
ret = mm_in_sess(pkt->sm->mm, sess, pkt);
switch(ret) {
case mod_HANDLED:
break;
case mod_PASS:
/* ignore IQ result packets that haven't been handled - XMPP 9.2.3.4 */
if(pkt->type == pkt_IQ_RESULT)
break;
else
ret = -stanza_err_FEATURE_NOT_IMPLEMENTED;
default:
pkt_sess(pkt_error(pkt, -ret), sess);
break;
}
return mod_HANDLED;
}
