util.startup: Fix exiting on pidfile trouble
prosody.shutdown() relies on prosody.main_thread, which has not been set
yet at this point.
Doing a clean shutdown might actually be harmful in case it tears down
things set up by the conflicting Prosody, such as the very pidfile we
were looking at.
Thanks again SigmaTel71 for noticing
-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local hosts = _G.hosts;
local log = module._log;
local st = require "prosody.util.stanza";
local sha256_hash = require "prosody.util.hashes".sha256;
local sha256_hmac = require "prosody.util.hashes".hmac_sha256;
local secure_equals = require "prosody.util.hashes".equals;
local nameprep = require "prosody.util.encodings".stringprep.nameprep;
local uuid_gen = require"prosody.util.uuid".generate;
local xmlns_stream = "http://etherx.jabber.org/streams";
local dialback_requests = setmetatable({}, { __mode = 'v' });
local dialback_secret = sha256_hash(module:get_option_string("dialback_secret", uuid_gen()), true);
function module.save()
return { dialback_secret = dialback_secret };
end
function module.restore(state)
dialback_secret = state.dialback_secret;
end
function generate_dialback(id, to, from)
return sha256_hmac(dialback_secret, to .. ' ' .. from .. ' ' .. id, true);
end
function initiate_dialback(session)
-- generate dialback key
session.dialback_key = generate_dialback(session.streamid, session.to_host, session.from_host);
session.sends2s(st.stanza("db:result", { from = session.from_host, to = session.to_host }):text(session.dialback_key));
session.log("debug", "sent dialback key on outgoing s2s stream");
end
function verify_dialback(id, to, from, key)
return secure_equals(key, generate_dialback(id, to, from));
end
module:hook("stanza/jabber:server:dialback:verify", function(event)
local origin, stanza = event.origin, event.stanza;
if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
-- We are being asked to verify the key, to ensure it was generated by us
origin.log("debug", "verifying that dialback key is ours...");
local attr = stanza.attr;
if attr.type then
module:log("warn", "Ignoring incoming session from %s claiming a dialback key for %s is %s",
origin.from_host or "(unknown)", attr.from or "(unknown)", attr.type);
return true;
end
-- COMPAT: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34
--if attr.from ~= origin.to_host then error("invalid-from"); end
local type;
if verify_dialback(attr.id, attr.from, attr.to, stanza[1]) then
type = "valid"
else
type = "invalid"
origin.log("warn", "Asked to verify a dialback key that was incorrect. An imposter is claiming to be %s?", attr.to);
end
origin.log("debug", "verified dialback key... it is %s", type);
origin.sends2s(st.stanza("db:verify", { from = attr.to, to = attr.from, id = attr.id, type = type }):text(stanza[1]));
return true;
end
end);
module:hook("stanza/jabber:server:dialback:result", function(event)
local origin, stanza = event.origin, event.stanza;
if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
-- They want to be identified through dialback
-- We need to check the key with the Authoritative server
local attr = stanza.attr;
if not attr.to or not attr.from then
origin.log("debug", "Missing Dialback addressing (from=%q, to=%q)", attr.from, attr.to);
origin:close("improper-addressing");
return true;
end
local to, from = nameprep(attr.to), nameprep(attr.from);
if not hosts[to] then
-- Not a host that we serve
origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
origin:close("host-unknown");
return true;
elseif not from then
origin:close("improper-addressing");
return true;
end
origin.hosts[from] = { dialback_key = stanza[1] };
dialback_requests[from.."/"..origin.streamid] = origin;
-- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from'
-- on streams. We fill in the session's to/from here instead.
if not origin.from_host then
origin.from_host = from;
end
if not origin.to_host then
origin.to_host = to;
end
origin.log("debug", "asking %s if key %s belongs to them", from, stanza[1]);
module:fire_event("route/remote", {
from_host = to, to_host = from;
stanza = st.stanza("db:verify", { from = to, to = from, id = origin.streamid }):text(stanza[1]);
});
return true;
end
end);
module:hook("stanza/jabber:server:dialback:verify", function(event)
local origin, stanza = event.origin, event.stanza;
if origin.type == "s2sout_unauthed" or origin.type == "s2sout" then
local attr = stanza.attr;
local dialback_verifying = dialback_requests[attr.from.."/"..(attr.id or "")];
if dialback_verifying and attr.from == origin.to_host then
local valid;
if attr.type == "valid" then
module:fire_event("s2s-authenticated", { session = dialback_verifying, host = attr.from, mechanism = "dialback" });
valid = "valid";
else
-- Warn the original connection that is was not verified successfully
log("warn", "authoritative server for %s denied the key", attr.from or "(unknown)");
valid = "invalid";
end
if dialback_verifying.destroyed then
log("warn", "Incoming s2s session %s was closed in the meantime, so we can't notify it of the dialback result",
tostring(dialback_verifying):match("%w+$"));
else
dialback_verifying.sends2s(
st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = valid })
:text(dialback_verifying.hosts[attr.from].dialback_key));
end
dialback_requests[attr.from.."/"..(attr.id or "")] = nil;
end
return true;
end
end);
module:hook("stanza/jabber:server:dialback:result", function(event)
local origin, stanza = event.origin, event.stanza;
if origin.type == "s2sout_unauthed" or origin.type == "s2sout" then
-- Remote server is telling us whether we passed dialback
local attr = stanza.attr;
if not hosts[attr.to] then
origin:close("host-unknown");
return true;
elseif hosts[attr.to].s2sout[attr.from] ~= origin then
-- This isn't right
origin:close("invalid-id");
return true;
end
if stanza.attr.type == "valid" then
module:fire_event("s2s-authenticated", { session = origin, host = attr.from, mechanism = "dialback" });
else
origin:close("not-authorized", "dialback authentication failed");
end
return true;
end
end);
module:hook_tag("urn:ietf:params:xml:ns:xmpp-sasl", "failure", function (origin, stanza) -- luacheck: ignore 212/stanza
if origin.external_auth == "failed" then
module:log("debug", "SASL EXTERNAL failed, falling back to dialback");
initiate_dialback(origin);
return true;
end
end, 100);
module:hook_tag(xmlns_stream, "features", function (origin, stanza) -- luacheck: ignore 212/stanza
if not origin.external_auth or origin.external_auth == "failed" then
module:log("debug", "Initiating dialback...");
initiate_dialback(origin);
return true;
end
end, 100);
module:hook("s2sout-authenticate-legacy", function (event)
module:log("debug", "Initiating dialback...");
initiate_dialback(event.origin);
return true;
end, 100);
-- Offer dialback to incoming hosts
module:hook("s2s-stream-features", function (data)
data.features:tag("dialback", { xmlns='urn:xmpp:features:dialback' }):up();
end);