prosody-modules
b10118d7c0df
mod_s2s_auth_dane/mod_s2s_auth_dane.lua
Software / code / prosody-modules
Comparison
mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1972:b10118d7c0df
mod_s2s_auth_dane: More DNS related debug logging
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 12 Dec 2015 17:00:25 +0100 |
| parent | 1971:54405541d0ba |
| child | 2003:8ccf347c7753 |
comparison
equal
deleted
inserted
replaced
| 1971:54405541d0ba | 1972:b10118d7c0df |
|---|---|
| 82 local name = host_session.from_host and idna_to_ascii(host_session.from_host); | 82 local name = host_session.from_host and idna_to_ascii(host_session.from_host); |
| 83 if not name then | 83 if not name then |
| 84 log("warn", "Could not convert '%s' to ASCII for DNS lookup", tostring(host_session.from_host)); | 84 log("warn", "Could not convert '%s' to ASCII for DNS lookup", tostring(host_session.from_host)); |
| 85 return; | 85 return; |
| 86 end | 86 end |
| 87 log("debug", "Querying SRV records from _xmpp-server._tcp.%s.", name); | |
| 87 host_session.dane = dns_lookup(function (answer, err) | 88 host_session.dane = dns_lookup(function (answer, err) |
| 88 host_session.dane = false; -- Mark that we already did the lookup | 89 host_session.dane = false; -- Mark that we already did the lookup |
| 89 | 90 |
| 90 if not answer then | 91 if not answer then |
| 91 log("debug", "Resolver error: %s", tostring(err)); | 92 log("debug", "Resolver error: %s", tostring(err)); |
| 114 local srv_hosts = { answer = answer }; | 115 local srv_hosts = { answer = answer }; |
| 115 host_session.srv_hosts = srv_hosts; | 116 host_session.srv_hosts = srv_hosts; |
| 116 local dane; | 117 local dane; |
| 117 for _, record in ipairs(answer) do | 118 for _, record in ipairs(answer) do |
| 118 t_insert(srv_hosts, record.srv); | 119 t_insert(srv_hosts, record.srv); |
| 120 log("debug", "Querying TLSA record for %s:%d", record.srv.target, record.srv.port); | |
| 119 dns_lookup(function(dane_answer) | 121 dns_lookup(function(dane_answer) |
| 120 log("debug", "Got answer for %s:%d", record.srv.target, record.srv.port); | 122 log("debug", "Got answer for %s:%d", record.srv.target, record.srv.port); |
| 121 n = n - 1; | 123 n = n - 1; |
| 122 -- There are three kinds of answers | 124 -- There are three kinds of answers |
| 123 -- Insecure, Secure and Bogus | 125 -- Insecure, Secure and Bogus |
| 173 return; -- No secure SRV records, fall back to non-DANE mode | 175 return; -- No secure SRV records, fall back to non-DANE mode |
| 174 -- Empty response were not kept by older mod_s2s/s2sout | 176 -- Empty response were not kept by older mod_s2s/s2sout |
| 175 end | 177 end |
| 176 -- Do TLSA lookup for currently selected SRV record | 178 -- Do TLSA lookup for currently selected SRV record |
| 177 local srv_choice = srv_hosts[host_session.srv_choice or 0] or { target = idna_to_ascii(host_session.to_host), port = 5269 }; | 179 local srv_choice = srv_hosts[host_session.srv_choice or 0] or { target = idna_to_ascii(host_session.to_host), port = 5269 }; |
| 180 log("debug", "Querying TLSA record for %s:%d", srv_choice.target, srv_choice.port); | |
| 178 host_session.dane = dns_lookup(function(answer) | 181 host_session.dane = dns_lookup(function(answer) |
| 179 if answer and ((answer.secure and #answer > 0) or answer.bogus) then | 182 if answer and ((answer.secure and #answer > 0) or answer.bogus) then |
| 180 srv_choice.dane = answer; | 183 srv_choice.dane = answer; |
| 181 else | 184 else |
| 182 srv_choice.dane = false; | 185 srv_choice.dane = false; |
