1 files changed, 273 insertions, 0 deletions
diff --git a/src/mod_s2s_dialback.erl b/src/mod_s2s_dialback.erl
new file mode 100644
index 000000000..ce9d2705b
--- /dev/null
+++ b/src/mod_s2s_dialback.erl
@@ -0,0 +1,273 @@
+%%%-------------------------------------------------------------------
+%%% Created : 16 Dec 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%-------------------------------------------------------------------
+-module(mod_s2s_dialback).
+-behaviour(gen_mod).
+
+-protocol({xep, 220, '1.1.1'}).
+-protocol({xep, 185, '1.0'}).
+
+%% gen_mod API
+-export([start/2, stop/1, depends/2, mod_opt_type/1]).
+%% Hooks
+-export([s2s_out_auth_result/2, s2s_in_packet/2, s2s_out_packet/2,
+	 s2s_in_features/2, s2s_out_init/2, s2s_out_closed/2]).
+
+-include("ejabberd.hrl").
+-include("xmpp.hrl").
+-include("logger.hrl").
+
+%%%===================================================================
+%%% API
+%%%===================================================================
+start(Host, _Opts) ->
+    case ejabberd_s2s:tls_verify(Host) of
+	true ->
+	    ?ERROR_MSG("disabling ~s for host ~s because option "
+		       "'s2s_use_starttls' is set to 'required_trusted'",
+		       [?MODULE, Host]);
+	false ->
+	    ejabberd_hooks:add(s2s_out_init, Host, ?MODULE, s2s_out_init, 50),
+	    ejabberd_hooks:add(s2s_out_closed, Host, ?MODULE, s2s_out_closed, 50),
+	    ejabberd_hooks:add(s2s_in_pre_auth_features, Host, ?MODULE,
+			       s2s_in_features, 50),
+	    ejabberd_hooks:add(s2s_in_post_auth_features, Host, ?MODULE,
+			       s2s_in_features, 50),
+	    ejabberd_hooks:add(s2s_in_unauthenticated_packet, Host, ?MODULE,
+			       s2s_in_packet, 50),
+	    ejabberd_hooks:add(s2s_in_authenticated_packet, Host, ?MODULE,
+			       s2s_in_packet, 50),
+	    ejabberd_hooks:add(s2s_out_packet, Host, ?MODULE,
+			       s2s_out_packet, 50),
+	    ejabberd_hooks:add(s2s_out_auth_result, Host, ?MODULE,
+			       s2s_out_auth_result, 50)
+    end.
+
+stop(Host) ->
+    ejabberd_hooks:delete(s2s_out_init, Host, ?MODULE, s2s_out_init, 50),
+    ejabberd_hooks:delete(s2s_out_closed, Host, ?MODULE, s2s_out_closed, 50),
+    ejabberd_hooks:delete(s2s_in_pre_auth_features, Host, ?MODULE,
+			  s2s_in_features, 50),
+    ejabberd_hooks:delete(s2s_in_post_auth_features, Host, ?MODULE,
+			  s2s_in_features, 50),
+    ejabberd_hooks:delete(s2s_in_unauthenticated_packet, Host, ?MODULE,
+			  s2s_in_packet, 50),
+    ejabberd_hooks:delete(s2s_in_authenticated_packet, Host, ?MODULE,
+			  s2s_in_packet, 50),
+    ejabberd_hooks:delete(s2s_out_packet, Host, ?MODULE,
+			  s2s_out_packet, 50),
+    ejabberd_hooks:delete(s2s_out_auth_result, Host, ?MODULE,
+			  s2s_out_auth_result, 50).
+
+depends(_Host, _Opts) ->
+    [].
+
+mod_opt_type(_) ->
+    [].
+
+s2s_in_features(Acc, _) ->
+    [#db_feature{errors = true}|Acc].
+
+s2s_out_init({ok, State}, Opts) ->
+    case proplists:get_value(db_verify, Opts) of
+	{StreamID, Key, Pid} ->
+	    %% This is an outbound s2s connection created at step 1.
+	    %% The purpose of this connection is to verify dialback key ONLY.
+	    %% The connection is not registered in s2s table and thus is not
+	    %% seen by anyone.
+	    %% The connection will be closed immediately after receiving the
+	    %% verification response (at step 3)
+	    {ok, State#{db_verify => {StreamID, Key, Pid}}};
+	undefined ->
+	    {ok, State#{db_enabled => true}}
+    end;
+s2s_out_init(Acc, _Opts) ->
+    Acc.
+
+s2s_out_closed(#{server := LServer,
+		 remote_server := RServer,
+		 db_verify := {StreamID, _Key, _Pid}} = State, _Reason) ->
+    %% Outbound s2s verificating connection (created at step 1) is
+    %% closed suddenly without receiving the response.
+    %% Building a response on our own
+    Response = #db_verify{from = RServer, to = LServer,
+			  id = StreamID, type = error,
+			  sub_els = [mk_error(internal_server_error)]},
+    s2s_out_packet(State, Response);
+s2s_out_closed(State, _Reason) ->
+    State.
+
+s2s_out_auth_result(#{server := LServer,
+		      remote_server := RServer,
+		      db_verify := {StreamID, Key, _Pid}} = State,
+		    _) ->
+    %% The temporary outbound s2s connect (intended for verification)
+    %% has passed authentication state (either successfully or not, no matter)
+    %% and at this point we can send verification request as described
+    %% in section 2.1.2, step 2
+    Request = #db_verify{from = LServer, to = RServer,
+			 key = Key, id = StreamID},
+    {stop, ejabberd_s2s_out:send(State, Request)};
+s2s_out_auth_result(#{db_enabled := true,
+		      socket := Socket, ip := IP,
+		      server := LServer,
+		      remote_server := RServer,
+		      stream_remote_id := StreamID} = State, false) ->
+    %% SASL authentication has failed, retrying with dialback
+    %% Sending dialback request, section 2.1.1, step 1
+    ?INFO_MSG("(~s) Retrying with s2s dialback authentication: ~s -> ~s (~s)",
+	      [ejabberd_socket:pp(Socket), LServer, RServer,
+	       ejabberd_config:may_hide_data(jlib:ip_to_list(IP))]),
+    Key = make_key(LServer, RServer, StreamID),
+    State1 = maps:remove(stop_reason, State#{on_route => queue}),
+    State2 = ejabberd_s2s_out:send(State1, #db_result{from = LServer,
+						      to = RServer,
+						      key = Key}),
+    {stop, State2};
+s2s_out_auth_result(State, _) ->
+    State.
+
+s2s_in_packet(#{stream_id := StreamID} = State,
+	      #db_result{from = From, to = To, key = Key, type = undefined}) ->
+    %% Received dialback request, section 2.2.1, step 1
+    try
+	ok = check_from_to(From, To),
+	%% We're creating a temporary outbound s2s connection to
+	%% send verification request and to receive verification response
+	{ok, Pid} = ejabberd_s2s_out:start(
+		      To, From, [{db_verify, {StreamID, Key, self()}}]),
+	ejabberd_s2s_out:connect(Pid),
+	State
+    catch _:{badmatch, {error, Reason}} ->
+	    send_db_result(State,
+			   #db_verify{from = From, to = To, type = error,
+				      sub_els = [mk_error(Reason)]})
+    end;
+s2s_in_packet(State, #db_verify{to = To, from = From, key = Key,
+				id = StreamID, type = undefined}) ->
+    %% Received verification request, section 2.2.2, step 2
+    Type = case make_key(To, From, StreamID) of
+	       Key -> valid;
+	       _ -> invalid
+	   end,
+    Response = #db_verify{from = To, to = From, id = StreamID, type = Type},
+    ejabberd_s2s_in:send(State, Response);
+s2s_in_packet(State, Pkt) when is_record(Pkt, db_result);
+			       is_record(Pkt, db_verify) ->
+    ?WARNING_MSG("Got stray dialback packet:~n~s", [xmpp:pp(Pkt)]),
+    State;
+s2s_in_packet(State, _) ->
+    State.
+
+s2s_out_packet(#{server := LServer,
+		 remote_server := RServer,
+		 db_verify := {StreamID, _Key, Pid}} = State,
+	       #db_verify{from = RServer, to = LServer,
+			  id = StreamID, type = Type} = Response)
+  when Type /= undefined ->
+    %% Received verification response, section 2.1.2, step 3
+    %% This is a response for the request sent at step 2
+    ejabberd_s2s_in:update_state(
+      Pid, fun(S) -> send_db_result(S, Response) end),
+    %% At this point the connection is no longer needed and we can terminate it
+    ejabberd_s2s_out:stop(State);
+s2s_out_packet(#{server := LServer, remote_server := RServer} = State,
+	       #db_result{to = LServer, from = RServer,
+			  type = Type} = Result) when Type /= undefined ->
+    %% Received dialback response, section 2.1.1, step 4
+    %% This is a response to the request sent at step 1
+    State1 = maps:remove(db_enabled, State),
+    case Type of
+	valid ->
+	    State2 = ejabberd_s2s_out:handle_auth_success(<<"dialback">>, State1),
+	    ejabberd_s2s_out:establish(State2);
+	_ ->
+	    Reason = format_error(Result),
+	    ejabberd_s2s_out:handle_auth_failure(<<"dialback">>, Reason, State1)
+    end;
+s2s_out_packet(State, Pkt) when is_record(Pkt, db_result);
+				is_record(Pkt, db_verify) ->
+    ?WARNING_MSG("Got stray dialback packet:~n~s", [xmpp:pp(Pkt)]),
+    State;
+s2s_out_packet(State, _) ->
+    State.
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+-spec make_key(binary(), binary(), binary()) -> binary().
+make_key(From, To, StreamID) ->
+    Secret = ejabberd_config:get_option(shared_key, fun(V) -> V end),
+    p1_sha:to_hexlist(
+      crypto:hmac(sha256, p1_sha:to_hexlist(crypto:hash(sha256, Secret)),
+		  [To, " ", From, " ", StreamID])).
+
+-spec send_db_result(ejabberd_s2s_in:state(), db_verify()) -> ejabberd_s2s_in:state().
+send_db_result(State, #db_verify{from = From, to = To,
+				 type = Type, sub_els = Els}) ->
+    %% Sending dialback response, section 2.2.1, step 4
+    %% This is a response to the request received at step 1
+    Response = #db_result{from = To, to = From, type = Type, sub_els = Els},
+    State1 = ejabberd_s2s_in:send(State, Response),
+    case Type of
+	valid ->
+	    State2 = ejabberd_s2s_in:handle_auth_success(
+		       From, <<"dialback">>, undefined, State1),
+	    ejabberd_s2s_in:establish(State2);
+	_ ->
+	    Reason = format_error(Response),
+	    ejabberd_s2s_in:handle_auth_failure(
+	      From, <<"dialback">>, Reason, State1)
+    end.
+
+-spec check_from_to(binary(), binary()) -> ok | {error, forbidden | host_unknown}.
+check_from_to(From, To) ->
+    case ejabberd_router:is_my_route(To) of
+    	false -> {error, host_unknown};
+    	true ->
+	    LServer = ejabberd_router:host_of_route(To),
+    	    case ejabberd_s2s:allow_host(LServer, From) of
+    		true -> ok;
+    		false -> {error, forbidden}
+    	    end
+    end.
+
+-spec mk_error(term()) -> stanza_error().
+mk_error(forbidden) ->
+    xmpp:err_forbidden(<<"Denied by ACL">>, ?MYLANG);
+mk_error(host_unknown) ->
+    xmpp:err_not_allowed(<<"Host unknown">>, ?MYLANG);
+mk_error(_) ->
+    xmpp:err_internal_server_error().
+
+-spec format_error(db_result()) -> binary().
+format_error(#db_result{type = invalid}) ->
+    <<"invalid dialback key">>;
+format_error(#db_result{type = error, sub_els = Els}) ->
+    %% TODO: improve xmpp.erl
+    case xmpp:get_error(#message{sub_els = Els}) of
+	#stanza_error{reason = Reason} ->
+	    erlang:atom_to_binary(Reason, latin1);
+	undefined ->
+	    <<"unrecognized error">>
+    end;
+format_error(_) ->
+    <<"unexpected dialback result">>.