prosody-modules
608dc38b6580
mod_proxy65/mod_proxy65.lua
Software / code / prosody-modules
Comparison
mod_proxy65/mod_proxy65.lua @ 82:608dc38b6580
mod_proxy65: never use global varnames as local varnames, it can break your brain!
| author | Thilo Cestonaro <thilo@cestona.ro> |
|---|---|
| date | Sun, 01 Nov 2009 18:51:09 +0100 |
| parent | 80:bed9a6b40fae |
| child | 83:9d92db30235f |
comparison
equal
deleted
inserted
replaced
| 81:9ceeab822e40 | 82:608dc38b6580 |
|---|---|
| 125 reply.attr.id = stanza.attr.id; | 125 reply.attr.id = stanza.attr.id; |
| 126 reply.attr.to = stanza.attr.from; | 126 reply.attr.to = stanza.attr.from; |
| 127 return reply; | 127 return reply; |
| 128 end | 128 end |
| 129 | 129 |
| 130 local function _jid_join(node, host, resource) | |
| 131 local ret = host; | |
| 132 if ret then | |
| 133 if node then | |
| 134 ret = node .. "@" .. ret; | |
| 135 end | |
| 136 if resource then | |
| 137 ret = ret .. "/" .. resource; | |
| 138 end | |
| 139 end | |
| 140 return ret; | |
| 141 end | |
| 142 | |
| 130 local function get_stream_host(origin, stanza) | 143 local function get_stream_host(origin, stanza) |
| 131 local reply = replies_cache.stream_host; | 144 local reply = replies_cache.stream_host; |
| 132 local err_reply = replies_cache.stream_host_err; | 145 local err_reply = replies_cache.stream_host_err; |
| 133 local sid = stanza.tags[1].attr.sid; | 146 local sid = stanza.tags[1].attr.sid; |
| 134 local allow = false; | 147 local allow = false; |
| 135 | 148 local jid_node, jid_host, jid_resource = jid_split(stanza.attr.from); |
| 136 if proxy_acl then | 149 |
| 137 for _, acl in ipairs(proxy_acl) do | 150 if stanza.attr.from == nil then |
| 138 local acl_node, acl_host, acl_resource = jid_split(acl); | 151 jid_node = origin.username; |
| 139 if ((acl_node ~= nil and acl_node == origin.username) or acl_node == nil) and | 152 jid_host = origin.host; |
| 140 ((acl_host ~= nil and acl_host == origin.host) or acl_host == nil) and | 153 jid_resource = origin.resource; |
| 141 ((acl_resource ~= nil and acl_resource == origin.resource) or acl_resource == nil) then | 154 end |
| 142 allow = true; | 155 |
| 156 if proxy_acl and #proxy_acl > 0 then | |
| 157 if host ~= nil then -- at least a domain is needed. | |
| 158 for _, acl in ipairs(proxy_acl) do | |
| 159 local acl_node, acl_host, acl_resource = jid_split(acl); | |
| 160 if ((acl_node ~= nil and acl_node == jid_node) or acl_node == nil) and | |
| 161 ((acl_host ~= nil and acl_host == jid_host) or acl_host == nil) and | |
| 162 ((acl_resource ~= nil and acl_resource == jid_resource) or acl_resource == nil) then | |
| 163 allow = true; | |
| 164 end | |
| 143 end | 165 end |
| 144 end | 166 end |
| 145 else | 167 else |
| 146 allow = true; | 168 allow = true; |
| 147 end | 169 end |
| 151 :query("http://jabber.org/protocol/bytestreams") | 173 :query("http://jabber.org/protocol/bytestreams") |
| 152 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); | 174 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); |
| 153 replies_cache.stream_host = reply; | 175 replies_cache.stream_host = reply; |
| 154 end | 176 end |
| 155 else | 177 else |
| 156 module:log("debug", "Denying use of proxy for %s@%s/%s", tostring(origin.username), tostring(origin.host), tostring(origin.resource)); | 178 module:log("debug", "Denying use of proxy for %s", tostring(_jid_join(jid_node, jid_host, jid_resource))); |
| 157 if err_reply == nil then | 179 if err_reply == nil then |
| 158 err_reply = st.iq({type="error", from=host}) | 180 err_reply = st.iq({type="error", from=host}) |
| 159 :query("http://jabber.org/protocol/bytestreams") | 181 :query("http://jabber.org/protocol/bytestreams") |
| 160 :tag("error", {code='403', type='auth'}) | 182 :tag("error", {code='403', type='auth'}) |
| 161 :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); | 183 :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); |
