Software / code / prosody-modules
Annotate
mod_s2s_log_certs/mod_s2s_log_certs.lua @ 4941:e7b9bc629ecc
mod_rest: Add special handling to catch MAM results from remote hosts
Makes MAM queries to remote hosts works.
As the comment says, MAM results from users' local archives or local
MUCs are returned via origin.send() which is provided in the event and
thus already worked. Results from remote hosts go via normal stanza
routing and events, which need this extra handling to catch.
This pattern of iq-set, message+, iq-result is generally limited to MAM.
Closest similar thing might be MUC join, but to really handle that you
would need the webhook callback mechanism.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 16 May 2022 19:47:09 +0200 |
| parent | 1787:663e5d923ef0 |
| rev | line source |
|---|---|
|
1009
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 module:set_global(); |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local dm_load = require "util.datamanager".load; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local dm_store = require "util.datamanager".store; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local datetime = require "util.datetime".datetime; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local do_store = module:get_option_boolean(module:get_name().."_persist", false); |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local function note_cert_digest(event) |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local session, remote_host, cert = event.session, event.host, event.cert; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 if not (remote_host and cert and cert.digest) then return end; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local digest = cert:digest(digest_algo); |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 local local_host = session.direction == "outgoing" and session.from_host or session.to_host; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local chain_status = session.cert_chain_status; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local identity_status = session.cert_identity_status; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
1091
79ef0427765f
mod_s2s_log_certs: Minor grammar change
Kim Alvefur <zash@zash.se>
parents:
1009
diff
changeset
|
20 module:log("info", "%s has a %s %s certificate with %s: %s", |
|
79ef0427765f
mod_s2s_log_certs: Minor grammar change
Kim Alvefur <zash@zash.se>
parents:
1009
diff
changeset
|
21 remote_host, |
|
1009
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 chain_status == "valid" and "trusted" or "untrusted", |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 identity_status or "invalid", |
|
1091
79ef0427765f
mod_s2s_log_certs: Minor grammar change
Kim Alvefur <zash@zash.se>
parents:
1009
diff
changeset
|
24 digest_algo:upper(), |
|
1009
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 digest:upper():gsub("..",":%0"):sub(2)); |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 if do_store then |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 local seen_certs = dm_load(remote_host, local_host, "s2s_certs") or {}; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 digest = digest_algo..":"..digest; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 local this_cert = seen_certs[digest] or { first = datetime(); times = 0; } |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 this_cert.last = datetime(); |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 this_cert.times = this_cert.times + 1; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 seen_certs[digest] = this_cert; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 chain_status = chain_status; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 identity_status = identity_status; |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 dm_store(remote_host, local_host, "s2s_certs", seen_certs); |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 end |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 end |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
|
1787
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
41 if module.wrap_event then |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
42 -- 0.10 |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
43 module:wrap_event("s2s-check-certificate", function (handlers, event_name, event_data) |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
44 local ret = handlers(event_name, event_data); |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
45 note_cert_digest(event_data); |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
46 return ret; |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
47 end); |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
48 else |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
49 -- 0.9 |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
50 module:hook("s2s-check-certificate", note_cert_digest, 1000); |
|
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
51 end |
|
1009
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 --[[ |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 function module.add_host(module) |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 module:hook("s2s-check-certificate", note_cert_digest, 1000); |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 end |
|
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 ]] |
