Comparison

mod_proxy65/mod_proxy65.lua @ 82:608dc38b6580

mod_proxy65: never use global varnames as local varnames, it can break your brain!
author Thilo Cestonaro <thilo@cestona.ro>
date Sun, 01 Nov 2009 18:51:09 +0100
parent 80:bed9a6b40fae
child 83:9d92db30235f
comparison
equal deleted inserted replaced
81:9ceeab822e40 82:608dc38b6580
125 reply.attr.id = stanza.attr.id; 125 reply.attr.id = stanza.attr.id;
126 reply.attr.to = stanza.attr.from; 126 reply.attr.to = stanza.attr.from;
127 return reply; 127 return reply;
128 end 128 end
129 129
130 local function _jid_join(node, host, resource)
131 local ret = host;
132 if ret then
133 if node then
134 ret = node .. "@" .. ret;
135 end
136 if resource then
137 ret = ret .. "/" .. resource;
138 end
139 end
140 return ret;
141 end
142
130 local function get_stream_host(origin, stanza) 143 local function get_stream_host(origin, stanza)
131 local reply = replies_cache.stream_host; 144 local reply = replies_cache.stream_host;
132 local err_reply = replies_cache.stream_host_err; 145 local err_reply = replies_cache.stream_host_err;
133 local sid = stanza.tags[1].attr.sid; 146 local sid = stanza.tags[1].attr.sid;
134 local allow = false; 147 local allow = false;
135 148 local jid_node, jid_host, jid_resource = jid_split(stanza.attr.from);
136 if proxy_acl then 149
137 for _, acl in ipairs(proxy_acl) do 150 if stanza.attr.from == nil then
138 local acl_node, acl_host, acl_resource = jid_split(acl); 151 jid_node = origin.username;
139 if ((acl_node ~= nil and acl_node == origin.username) or acl_node == nil) and 152 jid_host = origin.host;
140 ((acl_host ~= nil and acl_host == origin.host) or acl_host == nil) and 153 jid_resource = origin.resource;
141 ((acl_resource ~= nil and acl_resource == origin.resource) or acl_resource == nil) then 154 end
142 allow = true; 155
156 if proxy_acl and #proxy_acl > 0 then
157 if host ~= nil then -- at least a domain is needed.
158 for _, acl in ipairs(proxy_acl) do
159 local acl_node, acl_host, acl_resource = jid_split(acl);
160 if ((acl_node ~= nil and acl_node == jid_node) or acl_node == nil) and
161 ((acl_host ~= nil and acl_host == jid_host) or acl_host == nil) and
162 ((acl_resource ~= nil and acl_resource == jid_resource) or acl_resource == nil) then
163 allow = true;
164 end
143 end 165 end
144 end 166 end
145 else 167 else
146 allow = true; 168 allow = true;
147 end 169 end
151 :query("http://jabber.org/protocol/bytestreams") 173 :query("http://jabber.org/protocol/bytestreams")
152 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); 174 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port});
153 replies_cache.stream_host = reply; 175 replies_cache.stream_host = reply;
154 end 176 end
155 else 177 else
156 module:log("debug", "Denying use of proxy for %s@%s/%s", tostring(origin.username), tostring(origin.host), tostring(origin.resource)); 178 module:log("debug", "Denying use of proxy for %s", tostring(_jid_join(jid_node, jid_host, jid_resource)));
157 if err_reply == nil then 179 if err_reply == nil then
158 err_reply = st.iq({type="error", from=host}) 180 err_reply = st.iq({type="error", from=host})
159 :query("http://jabber.org/protocol/bytestreams") 181 :query("http://jabber.org/protocol/bytestreams")
160 :tag("error", {code='403', type='auth'}) 182 :tag("error", {code='403', type='auth'})
161 :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); 183 :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'});