1 /* 2 * jabberd - Jabber Open Source Server 3 * Copyright (c) 2002 Jeremie Miller, Thomas Muldowney, 4 * Ryan Eatmon, Robert Norris 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA02111-1307USA 19 */ 20 21 #ifdef HAVE_CONFIG_H 22 # include <config.h> 23 #endif 24 25 #include <expat.h> 26 27 #include "mio/mio.h" 28 #include "sx/sx.h" 29 #include "util/util.h" 30 31 #ifdef HAVE_SIGNAL_H 32 # include <signal.h> 33 #endif 34 #ifdef HAVE_SYS_STAT_H 35 # include <sys/stat.h> 36 #endif 37 38 #ifdef _WIN32 39 #ifdef _USRDLL 40 #define DLLEXPORT __declspec(dllexport) 41 #define C2S_API __declspec(dllimport) 42 #else 43 #define DLLEXPORT __declspec(dllimport) 44 #define C2S_API __declspec(dllexport) 45 #endif 46 #else 47 #define DLLEXPORT 48 #define C2S_API 49 #endif 50 51 /* forward declarations */ 52 typedef struct host_st *host_t; 53 typedef struct c2s_st *c2s_t; 54 typedef struct bres_st *bres_t; 55 typedef struct sess_st *sess_t; 56 typedef struct authreg_st *authreg_t; 57 58 /** list of resources bound to session */ 59 struct bres_st { 60 /** full bound jid */ 61 jid_t jid; 62 /** session id for this jid for us and them */ 63 char c2s_id[44], sm_id[41]; 64 /** this holds the id of the current pending SM request */ 65 char sm_request[41]; 66 67 bres_t next; 68 }; 69 70 /** 71 * There is one instance of this struct per user who is logged in to 72 * this c2s instance. 73 */ 74 struct sess_st { 75 c2s_t c2s; 76 77 mio_fd_t fd; 78 79 char skey[44]; 80 81 const char *smcomp; /* sm component servicing this session */ 82 83 const char *ip; 84 int port; 85 86 sx_t s; 87 88 /** host this session belongs to */ 89 host_t host; 90 91 rate_t rate; 92 int rate_log; 93 94 rate_t stanza_rate; 95 int stanza_rate_log; 96 97 time_t last_activity; 98 unsigned int packet_count; 99 100 /* count of bound resources */ 101 int bound; 102 /* list of bound jids */ 103 bres_t resources; 104 105 int active; 106 107 /* session related packet waiting for sm response */ 108 nad_t result; 109 110 int sasl_authd; /* 1 = they did a sasl auth */ 111 112 /** Apple: session challenge for challenge-response authentication */ 113 char auth_challenge[65]; 114 115 /* Per user session authreg private data */ 116 void *authreg_private; 117 }; 118 119 /* allowed mechanisms */ 120 #define AR_MECH_TRAD_PLAIN (1<<0) 121 #define AR_MECH_TRAD_DIGEST (1<<1) 122 #define AR_MECH_TRAD_CRAMMD5 (1<<2) 123 124 struct host_st { 125 /** our realm (SASL) */ 126 const char *realm; 127 128 /** starttls pemfile */ 129 const char *host_pemfile; 130 131 /** certificate chain */ 132 const char *host_cachain; 133 134 /** private key password */ 135 char *host_private_key_password; 136 137 /** verify-mode */ 138 int host_verify_mode; 139 140 /** require starttls */ 141 int host_require_starttls; 142 143 /** list of TLS ciphers */ 144 const char *host_ciphers; 145 146 /* authreg module if different than default */ 147 const char *ar_module_name; 148 authreg_t ar; 149 150 /** registration */ 151 int ar_register_enable; 152 const char *ar_register_instructions; 153 const char *ar_register_oob; 154 int ar_register_password; 155 }; 156 157 struct c2s_st { 158 /** our id (hostname) with the router */ 159 const char *id; 160 161 /** how to connect to the router */ 162 const char *router_ip; 163 int router_port; 164 const char *router_user; 165 const char *router_pass; 166 const char *router_pemfile; 167 const char *router_cachain; 168 const char *router_private_key_password; 169 const char *router_ciphers; 170 171 /** mio context */ 172 mio_t mio; 173 174 /** sessions */ 175 xht sessions; 176 177 /** sx environment */ 178 sx_env_t sx_env; 179 sx_plugin_t sx_ssl; 180 sx_plugin_t sx_sasl; 181 182 /** router's conn */ 183 sx_t router; 184 mio_fd_t fd; 185 186 /** listening sockets */ 187 mio_fd_t server_fd; 188 #ifdef HAVE_SSL 189 mio_fd_t server_ssl_fd; 190 #endif 191 192 /** config */ 193 config_t config; 194 195 /** logging */ 196 log_t log; 197 198 /** log data */ 199 log_type_t log_type; 200 const char *log_facility; 201 const char *log_ident; 202 203 /** packet counter */ 204 long long int packet_count; 205 const char *packet_stats; 206 207 /** connect retry */ 208 int retry_init; 209 int retry_lost; 210 int retry_sleep; 211 int retry_left; 212 213 /** ip to listen on */ 214 const char *local_ip; 215 216 /** unencrypted port */ 217 int local_port; 218 219 /** encrypted port */ 220 int local_ssl_port; 221 222 /** encrypted port pemfile */ 223 const char *local_pemfile; 224 225 /** encrypted port cachain file */ 226 const char *local_cachain; 227 228 /** private key password */ 229 const char *local_private_key_password; 230 231 /** verify-mode */ 232 int local_verify_mode; 233 234 /** list of TLS ciphers */ 235 const char *local_ciphers; 236 237 /** http forwarding URL */ 238 const char *http_forward; 239 240 /** websocket support */ 241 int websocket; 242 243 /** PBX integration named pipe */ 244 const char *pbx_pipe; 245 int pbx_pipe_fd; 246 mio_fd_t pbx_pipe_mio_fd; 247 248 /** stream redirection (see-other-host) on session connect */ 249 xht stream_redirects; 250 251 /** max file descriptors */ 252 int io_max_fds; 253 254 /** enable Stream Compression */ 255 int compression; 256 257 /** time checks */ 258 int io_check_interval; 259 int io_check_idle; 260 int io_check_keepalive; 261 262 time_t next_check; 263 264 /** default auth/reg module */ 265 const char *ar_module_name; 266 authreg_t ar; 267 268 /** loaded auth/reg modules */ 269 xht ar_modules; 270 271 /** allowed mechanisms */ 272 int ar_mechanisms; 273 int ar_ssl_mechanisms; 274 275 /** connection rates */ 276 int conn_rate_total; 277 int conn_rate_seconds; 278 int conn_rate_wait; 279 280 xht conn_rates; 281 282 /** byte rates (karma) */ 283 int byte_rate_total; 284 int byte_rate_seconds; 285 int byte_rate_wait; 286 287 /** stanza rates */ 288 int stanza_rate_total; 289 int stanza_rate_seconds; 290 int stanza_rate_wait; 291 292 /** maximum stanza size */ 293 int stanza_size_limit; 294 295 /** access controls */ 296 access_t access; 297 298 /** list of sx_t on the way out */ 299 jqueue_t dead; 300 301 /** list of sess on the way out */ 302 jqueue_t dead_sess; 303 304 /** this is true if we've connected to the router at least once */ 305 int started; 306 307 /** true if we're bound in the router */ 308 int online; 309 310 /** hosts mapping */ 311 xht hosts; 312 host_t vhost; 313 314 /** availability of sms that we are servicing */ 315 xht sm_avail; 316 }; 317 318 extern sig_atomic_t c2s_lost_router; 319 320 C2S_API int c2s_router_mio_callback(mio_t m, mio_action_t a, mio_fd_t fd, void *data, void *arg); 321 C2S_API int c2s_router_sx_callback(sx_t s, sx_event_t e, void *data, void *arg); 322 323 C2S_API void sm_start(sess_t sess, bres_t res); 324 C2S_API void sm_end(sess_t sess, bres_t res); 325 C2S_API void sm_create(sess_t sess, bres_t res); 326 C2S_API void sm_delete(sess_t sess, bres_t res); 327 C2S_API void sm_packet(sess_t sess, bres_t res, nad_t nad); 328 329 C2S_API int bind_init(sx_env_t env, sx_plugin_t p, va_list args); 330 331 C2S_API void c2s_pbx_init(c2s_t c2s); 332 333 /* My IP Address plugin */ 334 JABBERD2_API int address_init(sx_env_t env, sx_plugin_t p, va_list args); 335 336 struct authreg_st 337 { 338 c2s_t c2s; 339 int initialized; 340 341 /**< loaded module handle */ 342 void *handle; 343 344 /** module private data */ 345 void *private; 346 347 /** returns 1 if the user exists, 0 if not */ 348 int (*user_exists)(authreg_t ar, sess_t sess, const char *username,const char *realm); 349 350 /** return this users cleartext password in the array (digest auth, password auth) */ 351 int (*get_password)(authreg_t ar, sess_t sess, const char *username, const char *realm, char password[257]); 352 353 /** check the given password against the stored password, 0 if equal, !0 if not equal (password auth) */ 354 int (*check_password)(authreg_t ar, sess_t sess, const char *username, const char *realm, char password[257]); 355 356 /** store this password (register) */ 357 int (*set_password)(authreg_t ar, sess_t sess, const char *username, const char *realm, char password[257]); 358 359 /** make or break the user (register / register remove) */ 360 int (*create_user)(authreg_t ar, sess_t sess, const char *username, const char *realm); 361 int (*delete_user)(authreg_t ar, sess_t sess, const char *username, const char *realm); 362 363 /** called prior to session being closed, to cleanup session specific private data */ 364 void (*sess_end)(authreg_t ar, sess_t sess); 365 366 /** called prior to authreg shutdown */ 367 void (*free)(authreg_t ar); 368 369 /* Additions at the end - to preserve offsets for existing modules */ 370 371 /** returns 1 if the user is permitted to authorize as the requested_user, 0 if not. requested_user is a JID */ 372 int (*user_authz_allowed)(authreg_t ar, sess_t sess, const char *username, const char *realm, const char *requested_user); 373 374 /** Apple extensions for challenge/response authentication methods */ 375 int (*create_challenge)(authreg_t ar, sess_t sess, const char *username, const char *realm, char *challenge, int maxlen); 376 int (*check_response)(authreg_t ar, sess_t sess, const char *username, const char *realm, const char *challenge, const char *response); 377 }; 378 379 /** get a handle for a single module */ 380 C2S_API authreg_t authreg_init(c2s_t c2s, const char *name); 381 382 /** shut down */ 383 C2S_API void authreg_free(authreg_t ar); 384 385 /** type for the module init function */ 386 typedef int (*ar_module_init_fn)(authreg_t); 387 388 /** the main authreg processor */ 389 C2S_API int authreg_process(c2s_t c2s, sess_t sess, nad_t nad); 390 391 /* 392 int authreg_user_exists(authreg_t ar, const char *username, const char *realm); 393 int authreg_get_password(authreg_t ar, const char *username, const char *realm, char password[257]); 394 int authreg_check_password(authreg_t ar, const char *username, const char *realm, char password[257]); 395 int authreg_set_password(authreg_t ar, const char *username, const char *realm, char password[257]); 396 int authreg_create_user(authreg_t ar, const char *username, const char *realm); 397 int authreg_delete_user(authreg_t ar, const char *username, const char *realm); 398 void authreg_free(authreg_t ar); 399 */ 400 401 /* union for xhash_iter_get to comply with strict-alias rules for gcc3 */ 402 union xhashv 403 { 404 void **val; 405 const char **char_val; 406 sess_t *sess_val; 407 }; 408 409 // Data for stream redirect errors 410 typedef struct stream_redirect_st 411 { 412 const char *to_address; 413 const char *to_port; 414 } *stream_redirect_t; 415