dialback.h File Reference

header for the dialback implementation More...

#include <jabberd.h>

Go to the source code of this file.

Data Structures
struct	db_struct
struct	miod_struct
struct	dboq_struct
struct	dboc
struct	dbic_struct
Typedefs
typedef struct db_struct *	db
typedef struct db_struct	_db
typedef struct miod_struct *	miod
typedef struct miod_struct	_miod
typedef struct dboq_struct *	dboq
typedef struct dboq_struct	_dboq
typedef struct dboc	_dboc
typedef struct dbic_struct *	dbic
typedef struct dbic_struct	_dbic
Enumerations
enum	db_request { not_requested, could_request, want_request, sent_request }
enum	db_connection_state {   created, connecting, connected, got_streamroot,   waiting_features, got_features, sent_db_request, db_succeeded,   db_failed, sasl_started, sasl_fail, sasl_success }
Functions
void	dialback_out_packet (db d, xmlnode x, char *ip)
result	dialback_out_beat_packets (void *arg)
void	dialback_in_read (mio s, int flags, void *arg, xmlnode x, char *unused1, int unused2)
void	dialback_in_verify (db d, xmlnode x)
int	dialback_check_settings (db d, mio m, const char *server, int is_outgoing, int auth_type, int version)
char *	dialback_randstr (void)
char *	dialback_merlin (pool p, char const *secret, char const *to, char const *from, char const *challenge)
void	dialback_miod_hash (miod md, xht ht, jid key)
miod	dialback_miod_new (db d, mio m)
void	dialback_miod_write (miod md, xmlnode x)
void	dialback_miod_read (miod md, xmlnode x)
char *	dialback_ip_get (db d, jid host, char *ip)
void	dialback_ip_set (db d, jid host, char *ip)
const char *	dialback_get_loopcheck_token (db d)

---

Detailed Description

header for the dialback implementation

---

Typedef Documentation

typedef struct db_struct _db

typedef struct dbic_struct _dbic

typedef struct dboc _dboc

typedef struct dboq_struct _dboq

typedef struct miod_struct _miod

typedef struct db_struct * db

s2s instance

typedef struct dbic_struct * dbic

incoming dialback streams

typedef struct dboq_struct * dboq

simple queue for out_queue

typedef struct miod_struct * miod

wrap an mio and track the idle time of it

---

Enumeration Type Documentation

enum db_connection_state

enumeration of connection establishment states an outgoing connection can have

used for more detailed logging of failed connections

Enumerator:

created	outgoing connection request created, but not yet started to connect
connecting	we started to connect, but have no connection yet
connected	we have connected to the other host
got_streamroot	we got the stream root of the other server
waiting_features	we are waiting for the stream features on a XMPP1.0 connection
got_features	we got the stream features on a XMPP1.0 connection
sent_db_request	we sent out a dialback request
db_succeeded	we had success with our dialback request
db_failed	dialback failed
sasl_started	we started to authenticate using sasl
sasl_fail	there was a failure in using sasl
sasl_success	we successfully used sasl

enum db_request

enumeration of dialback request states an outgoing connection can have

Enumerator:

not_requested	there was no packet yet, for that we want to request doing dialback (just sending db:verifys), and we could not yet send them
could_request	there was no packet yet, that requested doing dialback, but we could send out dialback requests
want_request	we want to send a dialback request
sent_request	we did sent a dialback request

---

Function Documentation

int dialback_check_settings	(	db	d,
		mio	m,
		const char *	server,
		int	is_outgoing,
		int	auth_type,
		int	version
	)

check TLS and authentication settings for a s2s connection

Parameters:

d	the dialback instance
m	the connection
server	the host at the other end of the connection
is_outgoing	0 for an outgoing connection, 1 for an incoming connection
auth_type	0 for dialback, 1 for sasl
version	0 for a preXMPP stream, 1 for a XMPP1.0 stream

Returns:

0 if connection is not allowed, else connection is acceptable

References db_struct::hosts_auth, db_struct::hosts_tls, db_struct::i, instance_struct::id, j_atoi(), j_strcmp(), j_strncmp(), log_debug2, log_notice(), log_warn(), LOGT_IO, mio_close(), mio_is_encrypted(), mio_ssl_verify(), mio_tls_get_certtype(), mio_tls_get_characteristics(), mio_tls_get_compression(), mio_write(), mio_st::ssl, xhash_get_by_domain(), and ZONE.

Referenced by dialback_in_read_db(), dialback_in_verify(), and dialback_out_read().

const char* dialback_get_loopcheck_token

(

db

d

)

we pass a token in the stream root to identify a looping connection to ourself. This generated the token of the server.

Parameters:

d	the dialback instance

Returns:

the token to use

References hmac_sha1_ascii_r(), and db_struct::secret.

Referenced by dialback_in_read(), and dialback_out_read().

void dialback_in_read	(	mio	m,
		int	flags,
		void *	arg,
		xmlnode	x,
		char *	unused1,
		int	unused2
	)

callback for mio for accepted sockets

Our task is:

• Verify the stream root element
• Check the type of server-to-server stream (we support: dialback, xmpp+dialback)
• For xmpp+dialback: send stream:features (we support: starttls)
• Reset the mio callback. Stanzas are handled by dialback_in_read_db()

Parameters:

m	the connection on which the stream root element has been received
flags	the mio action, everything but MIO_XML_ROOT is ignored
arg	the db instance
x	the stream root element
unused1	unused/ignored
unused2	unused/ignored

References mio_st::authed_other_side, dbic_struct::d, dialback_get_loopcheck_token(), dialback_in_read_db(), dialback_miod_hash(), dialback_miod_new(), mio_st::fd, xmppd::ns_decl_list::get_nsprefix(), db_struct::hosts_auth, db_struct::hosts_tls, db_struct::hosts_xmpp, dbic_struct::id, db_struct::in_ok_db, mio_st::in_root, j_atoi(), j_strcmp(), jid_full(), jid_new(), JID_RESOURCE, jid_set(), JID_USER, log_debug2, LOGT_IO, dbic_struct::m, mio_close(), mio_is_encrypted(), mio_reset(), mio_ssl_starttls_possible(), mio_ssl_verify(), mio_write(), mio_write_root(), MIO_XML_ROOT, NS_DIALBACK, NS_JABBERD_LOOPCHECK, NS_STREAM, NS_XMLNS, NS_XMPP_SASL, NS_XMPP_TLS, dbic_struct::other_domain, dbic_struct::we_domain, xhash_get_by_domain(), xmlnode_free(), xmlnode_get_attrib_ns(), xmlnode_insert_cdata(), xmlnode_insert_tag_ns(), xmlnode_new_tag_ns(), xmlnode_pool(), xmlnode_put_attrib_ns(), xmlnode_serialize_string(), dbic_struct::xmpp_version, xstream_header(), and ZONE.

Referenced by dialback(), and dialback_in_read_db().

void dialback_in_verify	(	db	d,
		xmlnode	x
	)

Handle db:verify packets, that we got as a result to our dialback to the authoritive server.

We expect the to attribute to be our name and the from attribute to be the remote name.

We have to do:

• Check if there is (still) a connection for this dialback result
• If the we got type='valid' we have to authorize the peer to use the verified sender address
• Inform the peer about the result

Note:

dialback_out_connection_cleanup() calls this function as well to trash pending verifies. In that case we don't get the db:verify result, but the db:verify query (no type attribute set).

Parameters:

d	the db instance
x	the db:verify answer packet

References dbic_struct::d, dialback_check_settings(), dialback_miod_hash(), dialback_miod_new(), xmppd::jabberid::get_resource(), db_struct::i, dbic_struct::id, instance_struct::id, db_struct::in_id, db_struct::in_ok_db, j_strcmp(), jid_full(), jid_new(), JID_RESOURCE, jid_set(), JID_USER, log_debug2, log_warn(), LOGT_AUTH, dbic_struct::m, mio_write(), NS_DIALBACK, dbic_struct::results, db_struct::std_ns_prefixes, xhash_get(), xmlnode_free(), xmlnode_get_attrib_ns(), xmlnode_get_list_item(), xmlnode_get_tags(), xmlnode_hide(), xmlnode_new_tag_pool_ns(), xmlnode_pool(), xmlnode_put_attrib_ns(), xmlnode_serialize_string(), dbic_struct::xmpp_version, and ZONE.

Referenced by dialback_out_connection_cleanup(), dialback_out_packet(), dialback_out_read(), dialback_out_read_db(), and dialback_packets().

char* dialback_ip_get	(	db	d,
		jid	host,
		char *	ip
	)

get the cached IP address for an external server

Parameters:

d	db structure which contains the context of the dialback component instance
host	the host for which we need the IP address
ip	the IP if the caller already knows it (conveniance parameter)

Returns:

the IP of the external server

References xmppd::jabberid::get_domain(), xmppd::jabberid_pool::get_pool(), log_debug2, LOGT_IO, db_struct::nscache, pstrdup(), xhash_get(), xmlnode_get_attrib_ns(), and ZONE.

Referenced by dialback_out_packet().

void dialback_ip_set	(	db	d,
		jid	host,
		char *	ip
	)

put an IP address in our DNS cache

Parameters:

d	db structure which contains the context of the dialback component instance
host	the host for which we put the IP address
ip	the IP address

References xmppd::jabberid::get_domain(), log_debug2, LOGT_IO, NS_JABBERD_WRAPPER, db_struct::nscache, xhash_get(), xhash_put(), xmlnode_free(), xmlnode_get_attrib_ns(), xmlnode_new_tag_ns(), xmlnode_put_attrib_ns(), and ZONE.

Referenced by dialback_miod_hash().

char* dialback_merlin	(	pool	p,
		char const *	secret,
		char const *	to,
		char const *	from,
		char const *	challenge
	)

convenience function to generate your dialback key (not thread-safe)

Note:

We generate a HMAC-SHA1 for the string "to from challenge" where the challenge is the stream id generated by the destination host. As the key for the HMAC-SHA1 we use the SHA1 hash of the secret.

Parameters:

p	the memory pool used
secret	our dialback secret
to	the destination of the stream
from	the source host of the stream
challenge	the stream ID that should be verified

Returns:

the dialback key

References hmac_sha1_ascii_r(), log_debug2, LOGT_AUTH, pmalloco(), and ZONE.

Referenced by dialback_in_read_db(), dialback_out_connection(), and dialback_out_read().

void dialback_miod_hash	(	miod	md,
		xht	ht,
		jid	key
	)

registering a connection in the hash of outgoing connections

Parameters:

md	structure representing the outgoing connection
ht	hash table containing all outgoing s2s connections
key	destination with our source domain as the resource

References _dialback_miod_hash_cleanup(), miod_struct::d, dialback_ip_set(), mio_st::fd, xmppd::jabberid::get_domain(), miodc::ht, db_struct::i, jid_full(), jid_new(), miodc::key, log_debug2, LOGT_AUTH, miod_struct::m, miodc::md, mio_ip, db_struct::out_ok_db, mio_st::p, pmalloco(), pool_cleanup(), register_instance(), xhash_put(), and ZONE.

Referenced by dialback_in_read(), dialback_in_verify(), and dialback_out_read().

miod dialback_miod_new	(	db	d,
		mio	m
	)

create a new wrapper around a managed I/O connection to be able to keep track about idle connections and the state of the dialback

Parameters:

d	structure that holds the context of the dialback component instance
m	the managed I/O connection

Returns:

pointer to the allocated miod structure

References miod_struct::d, miod_struct::last, miod_struct::m, mio_st::p, and pmalloco().

Referenced by dialback_in_read(), dialback_in_verify(), and dialback_out_read().

void dialback_miod_read	(	miod	md,
		xmlnode	x
	)

process a packet that has been read from a managed I/O connection and update the idle time values

Parameters:

md	structure holding the elements to keep track of idle time (and other elements)
x	the xmlnode that has been read from the connection

References miod_struct::count, miod_struct::d, deliver(), dpacket_new(), db_struct::i, instance_struct::id, jpacket_new(), miod_struct::last, log_warn(), xmlnode_free(), and xmlnode_serialize_string().

Referenced by dialback_in_read_db().

void dialback_miod_write	(	miod	md,
		xmlnode	x
	)

write to a managed I/O connection and update the idle time values

Parameters:

md	structure holding the mio handle and the elements to keep track of idle time
x	the xmlnode that should be written to the connection

References miod_struct::count, miod_struct::last, miod_struct::m, and mio_write().

Referenced by dialback_out_packet(), and dialback_out_qflush().

result dialback_out_beat_packets

(

void *

arg

)

start walking the connection hash tree, to see if connections dig not get authorizsed in time

Parameters:

arg	the dialback instance

Returns:

allways r_DONE

References _dialback_out_beat_packets(), db_struct::out_connecting, r_DONE, and xhash_walk().

Referenced by dialback().

void dialback_out_packet	(	db	d,
		xmlnode	x,
		char *	ip
	)

handle packets we receive from our router for other hosts

(packets to our instances address are not handled here, but in dialback_in_verify())

We have to:

• revert some magic we are using to talk to the dns resolver for db:verify packets
• check if there is already a connection and establish one else
• send or queue the packet (depending if we already authorized and if it's a db:verify)

Parameters:

d	the dialback instance
x	the packet
ip	where to connect to (if necessary)

References dialback_in_verify(), dialback_ip_get(), dialback_miod_write(), dialback_out_connection(), xmppd::jabberid::get_domain(), db_struct::i, instance_struct::id, j_strcmp(), jid_full(), jid_new(), JID_RESOURCE, jid_set(), jutil_tofrom(), log_debug2, log_warn(), LOGT_IO, dboc::m, mio_write(), dboq_struct::next, not_requested, NS_DIALBACK, db_struct::out_ok_db, pmalloco(), dboc::q, register_instance(), dboq_struct::stamp, dboc::verifies, want_request, dboq_struct::x, xhash_get(), xmlnode_free(), xmlnode_get_attrib_ns(), xmlnode_get_localname(), xmlnode_get_namespace(), xmlnode_hide_attrib_ns(), xmlnode_insert_tag_node(), xmlnode_pool(), xmlnode_put_attrib_ns(), xmlnode_serialize_string(), and ZONE.

Referenced by dialback_packets().

char* dialback_randstr

(

void

)

generate a random string (not thead-safe)

This function generates a random ASCII string.

Returns:

pointer to a string with 40 characters of random data

References shahash_r().

Referenced by dialback().