diff options
author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-01-09 17:02:17 +0300 |
---|---|---|
committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-01-09 17:02:17 +0300 |
commit | 1e55e018e534aa82541c5f460063a237192b768c (patch) | |
tree | 9584ed46fe2b18770343399254b0ba15ff591e51 /src/ejabberd_s2s_in.erl | |
parent | Get rid of "jlib.hrl" header in some files (diff) |
Adopt remaining code to support new hooks
Diffstat (limited to 'src/ejabberd_s2s_in.erl')
-rw-r--r-- | src/ejabberd_s2s_in.erl | 68 |
1 files changed, 50 insertions, 18 deletions
diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl index a31af337..cca8438c 100644 --- a/src/ejabberd_s2s_in.erl +++ b/src/ejabberd_s2s_in.erl @@ -120,12 +120,8 @@ process_closed(State, _Reason) -> %%%=================================================================== %%% xmpp_stream_in callbacks %%%=================================================================== -tls_options(#{tls_compression := Compression, server_host := LServer}) -> - Opts = case Compression of - false -> [compression_none]; - true -> [] - end, - ejabberd_s2s:tls_options(LServer, Opts). +tls_options(#{tls_options := TLSOpts, server_host := LServer}) -> + ejabberd_s2s:tls_options(LServer, TLSOpts). tls_required(#{server_host := LServer}) -> ejabberd_s2s:tls_required(LServer). @@ -164,16 +160,18 @@ handle_stream_established(State) -> set_idle_timeout(State#{established => true}). handle_auth_success(RServer, Mech, _AuthModule, - #{socket := Socket, ip := IP, + #{sockmod := SockMod, + socket := Socket, ip := IP, auth_domains := AuthDomains, server_host := ServerHost, lserver := LServer} = State) -> ?INFO_MSG("(~s) Accepted inbound s2s ~s authentication ~s -> ~s (~s)", - [ejabberd_socket:pp(Socket), Mech, RServer, LServer, + [SockMod:pp(Socket), Mech, RServer, LServer, ejabberd_config:may_hide_data(jlib:ip_to_list(IP))]), State1 = case ejabberd_s2s:allow_host(ServerHost, RServer) of true -> AuthDomains1 = sets:add_element(RServer, AuthDomains), + change_shaper(State, RServer), State#{auth_domains => AuthDomains1}; false -> State @@ -181,11 +179,12 @@ handle_auth_success(RServer, Mech, _AuthModule, ejabberd_hooks:run_fold(s2s_in_auth_result, ServerHost, State1, [true, RServer]). handle_auth_failure(RServer, Mech, Reason, - #{socket := Socket, ip := IP, + #{sockmod := SockMod, + socket := Socket, ip := IP, server_host := ServerHost, lserver := LServer} = State) -> ?INFO_MSG("(~s) Failed inbound s2s ~s authentication ~s -> ~s (~s): ~s", - [ejabberd_socket:pp(Socket), Mech, RServer, LServer, + [SockMod:pp(Socket), Mech, RServer, LServer, ejabberd_config:may_hide_data(jlib:ip_to_list(IP)), Reason]), ejabberd_hooks:run_fold(s2s_in_auth_result, ServerHost, State, [false, RServer]). @@ -204,10 +203,13 @@ handle_authenticated_packet(Pkt, State) -> LServer = ejabberd_router:host_of_route(To#jid.lserver), State1 = ejabberd_hooks:run_fold(s2s_in_authenticated_packet, LServer, State, [Pkt]), - Pkt1 = ejabberd_hooks:run_fold(s2s_receive_packet, LServer, - Pkt, [State1]), - ejabberd_router:route(From, To, Pkt1), - State1; + {Pkt1, State2} = ejabberd_hooks:run_fold(s2s_receive_packet, LServer, + {Pkt, State1}, []), + case Pkt1 of + drop -> ok; + _ -> ejabberd_router:route(From, To, Pkt1) + end, + State2; {error, Err} -> send(State, Err) end. @@ -225,8 +227,24 @@ handle_send(Pkt, Result, #{server_host := LServer} = State) -> init([State, Opts]) -> Shaper = gen_mod:get_opt(shaper, Opts, fun acl:shaper_rules_validator/1, none), - TLSCompression = proplists:get_bool(tls_compression, Opts), - State1 = State#{tls_compression => TLSCompression, + TLSOpts1 = lists:filter( + fun({certfile, _}) -> true; + ({ciphers, _}) -> true; + ({dhfile, _}) -> true; + ({cafile, _}) -> true; + (_) -> false + end, Opts), + TLSOpts2 = case lists:keyfind(protocol_options, 1, Opts) of + false -> TLSOpts1; + {_, OptString} -> + ProtoOpts = str:join(OptString, <<$|>>), + [{protocol_options, ProtoOpts}|TLSOpts1] + end, + TLSOpts3 = case proplists:get_bool(tls_compression, Opts) of + false -> [compression_none | TLSOpts2]; + true -> TLSOpts2 + end, + State1 = State#{tls_options => TLSOpts3, auth_domains => sets:new(), xmlns => ?NS_SERVER, lang => ?MYLANG, @@ -251,8 +269,16 @@ handle_cast(Msg, #{server_host := LServer} = State) -> handle_info(Info, #{server_host := LServer} = State) -> ejabberd_hooks:run_fold(s2s_in_handle_info, LServer, State, [Info]). -terminate(_Reason, _State) -> - ok. +terminate(Reason, #{auth_domains := AuthDomains}) -> + case Reason of + {process_limit, _} -> + sets:fold( + fun(Host, _) -> + ejabberd_s2s:external_host_overloaded(Host) + end, ok, AuthDomains); + _ -> + ok + end. code_change(_OldVsn, State, _Extra) -> {ok, State}. @@ -290,5 +316,11 @@ set_idle_timeout(#{server_host := LServer, set_idle_timeout(State) -> State. +-spec change_shaper(state(), binary()) -> ok. +change_shaper(#{shaper := ShaperName, server_host := ServerHost} = State, + RServer) -> + Shaper = acl:match_rule(ServerHost, ShaperName, jid:make(RServer)), + xmpp_stream_in:change_shaper(State, Shaper). + opt_type(_) -> []. |