Diff

mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1963:98d757dc0771

mod_s2s_auth_dane: Add a telnet console command that exposes DANE information
author Kim Alvefur <zash@zash.se>
date Thu, 10 Dec 2015 23:24:55 +0100
parent 1962:2f32196586bb
child 1970:5ea6f4e6fa8c
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Thu Dec 10 23:24:11 2015 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Thu Dec 10 23:24:55 2015 +0100
@@ -355,3 +355,32 @@
 	end
 end);
 
+-- Telnet command
+if module:get_option_set("modules_enabled", {}):contains("admin_telnet") then
+	module:depends("admin_telnet"); -- Make sure the env is there
+	local def_env = module:shared("admin_telnet/env");
+
+	local sessions = module:shared("s2s/sessions");
+
+	local function annotate(session, line)
+		line = line or {};
+		table.insert(line, "--");
+		if session.dane == nil then
+			table.insert(line, "No DANE attempted, probably insecure SRV response");
+		elseif session.dane == false then
+			table.insert(line, "DANE failed or response was insecure");
+		elseif type(session.dane) ~= "table" then
+			table.insert(line, "Waiting for DANE records...");
+		elseif session.dane.matching then
+			table.insert(line, "Matching DANE record:\n|       " .. tostring(session.dane.matching));
+		else
+			table.insert(line, "DANE records:\n|       " .. tostring(session.dane));
+		end
+		return table.concat(line, " ");
+	end
+
+	function def_env.s2s:show_dane(...)
+		return self:show(..., annotate);
+	end
+end
+