prosody-modules
c0cb43817b7c
mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua
- Annotate
- comparison
- diff
Software / code / prosody-modules
Annotate
mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 6113:c0cb43817b7c
mod_compliance_latest: using module:log_status
diff --git a/mod_compliance_latest/mod_compliance_latest.lua b/mod_compliance_latest/mod_compliance_latest.lua
--- a/mod_compliance_latest/mod_compliance_latest.lua
+++ b/mod_compliance_latest/mod_compliance_latest.lua
@@ -1,6 +1,6 @@
local success, err = pcall(function() module:depends("compliance_2023") end)
if not success then
- module:log("error", "Error, can't load module: mod_compliance_2023. Is this module downloaded in a folder readable by prosody?")
- return 1, "Error: Couldn't load dependency mod_compliance_2023."
+module:log_status( "error", "Error, can't load module: mod_compliance_2023. Is this module downloaded into a folder readable by prosody?" )
+return false
end
| author | Menel <menel@snikket.de> |
|---|---|
| date | Mon, 23 Dec 2024 14:09:56 +0100 |
| parent | 4675:c9397cd5cfe6 |
| rev | line source |
|---|---|
|
2204
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 module:set_global() |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local hosts = prosody.hosts; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 module:hook("s2s-check-certificate", function(event) |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local session, cert = event.session, event.cert; |
|
4675
c9397cd5cfe6
mod_s2s_auth_samecert: Handle lack of provided client certificate
Kim Alvefur <zash@zash.se>
parents:
2234
diff
changeset
|
7 if not cert or session.direction ~= "incoming" then return end |
|
c9397cd5cfe6
mod_s2s_auth_samecert: Handle lack of provided client certificate
Kim Alvefur <zash@zash.se>
parents:
2234
diff
changeset
|
8 |
|
2204
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 local outgoing = hosts[session.to_host].s2sout[session.from_host]; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then |
|
2234
3024116d6093
mod_s2s_auth_samecert: Log which s2sout has a matching cert
Kim Alvefur <zash@zash.se>
parents:
2204
diff
changeset
|
11 session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$")); |
|
2204
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 session.cert_identity_status = outgoing.cert_identity_status; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 session.cert_chain_status = outgoing.cert_chain_status; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 return true; |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 end |
|
affccf479f89
mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 end, 1000); |
