Software /
code /
prosody-modules
Diff
mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 2184:7155ed1fb540
Backed out changeset f00cbfb812cd, it only half-worked and broke things
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 28 May 2016 13:34:43 +0200 |
parent | 2182:5df3b646c9ad |
child | 2185:2cbd7876ba14 |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Fri May 27 18:25:17 2016 +0200 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sat May 28 13:34:43 2016 +0200 @@ -198,7 +198,33 @@ end end +local function resume(host_session) + host_session.log("debug", "DANE lookup completed, resuming connection"); + host_session.conn:resume() +end + function module.add_host(module) + local function on_new_s2s(event) + local host_session = event.origin; + if host_session.type == "s2sout" or host_session.type == "s2sin" then + return; -- Already authenticated + end + if host_session.dane ~= nil then + return; -- Already done DANE lookup + end + if dane_lookup(host_session, resume) then + host_session.log("debug", "Pausing connection until DANE lookup is completed"); + host_session.conn:pause() + end + end + + -- New outgoing connections + module:hook("stanza/http://etherx.jabber.org/streams:features", on_new_s2s, 501); + module:hook("s2sout-authenticate-legacy", on_new_s2s, 200); + + -- New incoming connections + module:hook("s2s-stream-features", on_new_s2s, 10); + module:hook("s2s-authenticated", function(event) local session = event.session; if session.dane and type(session.dane) == "table" and next(session.dane) ~= nil and not session.secure then @@ -246,26 +272,11 @@ return certdata == tlsa.data; end --- Re-run streamopend() to continue -local function resume(session) - local attr = { - version = session.version, - to = session.to_host, - from = session.from_host, - id = session.streamid, - }; - session.cert_chain_status = nil; - session.open_stream.stream_callbacks.streamopened(session, attr); -end - module:hook("s2s-check-certificate", function(event) local session, cert, host = event.session, event.cert, event.host; if not cert then return end local log = session.log or module._log; local dane = session.dane; - if dane == nil and dane_lookup(session, resume) then - return false; - end if type(dane) == "table" then local match_found, supported_found; for i = 1, #dane do