prosody-modules
cc665f343690
mod_s2s_log_certs/mod_s2s_log_certs.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_s2s_log_certs/mod_s2s_log_certs.lua @ 6057:cc665f343690

mod_firewall: SUBSCRIBED: Flip subscription check to match documentation The documentation claims that this condition checks whether the recipient is subscribed to the sender. However, it was using the wrong method, and actually checking whether the sender was subscribed to the recipient. A quick poll of folk suggested that the documentation's approach is the right one, so this should fix the code to match the documentation. This should also fix the bundled anti-spam rules from blocking presence from JIDs that you subscribe do (but don't have a mutual subscription with).
author Matthew Wild <mwild1@gmail.com>
date Fri, 22 Nov 2024 13:50:48 +0000
parent 1787:663e5d923ef0
line wrap: on
line source

module:set_global();

local dm_load = require "util.datamanager".load;
local dm_store = require "util.datamanager".store;
local datetime = require "util.datetime".datetime;

local do_store = module:get_option_boolean(module:get_name().."_persist", false);
local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1");

local function note_cert_digest(event)
	local session, remote_host, cert = event.session, event.host, event.cert;

	if not (remote_host and cert and cert.digest) then return end;
	local digest = cert:digest(digest_algo);

	local local_host = session.direction == "outgoing" and session.from_host or session.to_host;
	local chain_status = session.cert_chain_status;
	local identity_status = session.cert_identity_status;

	module:log("info", "%s has a %s %s certificate with %s: %s",
		remote_host,
		chain_status == "valid" and "trusted" or "untrusted",
		identity_status or "invalid",
		digest_algo:upper(),
		digest:upper():gsub("..",":%0"):sub(2));

	if do_store then
		local seen_certs = dm_load(remote_host, local_host, "s2s_certs") or {};

		digest = digest_algo..":"..digest;
		local this_cert = seen_certs[digest] or { first = datetime(); times = 0; }
		this_cert.last = datetime();
		this_cert.times = this_cert.times + 1;
		seen_certs[digest] = this_cert;
		chain_status = chain_status;
		identity_status = identity_status;
		dm_store(remote_host, local_host, "s2s_certs", seen_certs);
	end
end

if module.wrap_event then
	-- 0.10
	module:wrap_event("s2s-check-certificate", function (handlers, event_name, event_data)
		local ret = handlers(event_name, event_data);
		note_cert_digest(event_data);
		return ret;
	end);
else
	-- 0.9
	module:hook("s2s-check-certificate", note_cert_digest, 1000);
end
--[[
function module.add_host(module)
	module:hook("s2s-check-certificate", note_cert_digest, 1000);
end
]]