prosody-modules
cc665f343690
mod_dwd/mod_dwd.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_dwd/mod_dwd.lua @ 6057:cc665f343690

mod_firewall: SUBSCRIBED: Flip subscription check to match documentation The documentation claims that this condition checks whether the recipient is subscribed to the sender. However, it was using the wrong method, and actually checking whether the sender was subscribed to the recipient. A quick poll of folk suggested that the documentation's approach is the right one, so this should fix the code to match the documentation. This should also fix the bundled anti-spam rules from blocking presence from JIDs that you subscribe do (but don't have a mutual subscription with).
author Matthew Wild <mwild1@gmail.com>
date Fri, 22 Nov 2024 13:50:48 +0000
parent 932:4e235e565693
line wrap: on
line source

local hosts = _G.hosts;
local st = require "util.stanza";
local nameprep = require "util.encodings".stringprep.nameprep;
local cert_verify_identity = require "util.x509".verify_identity;

module:hook("stanza/jabber:server:dialback:result", function(event)
	local origin, stanza = event.origin, event.stanza;

	if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
		local attr = stanza.attr;
		local to, from = nameprep(attr.to), nameprep(attr.from);

		local conn = origin.conn:socket()
		local cert;
		if conn.getpeercertificate then
			cert = conn:getpeercertificate()
		end

		if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then

			-- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from'
			-- on streams. We fill in the session's to/from here instead.
			if not origin.from_host then
				origin.from_host = from;
			end
			if not origin.to_host then
				origin.to_host = to;
			end

			module:log("info", "Accepting Dialback without Dialback for %s", from);
			module:fire_event("s2s-authenticated", { session = origin, host = from });
			origin.sends2s(
				st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" }));

			return true;
		end
	end
end, 100);