prosody
a1da78658a82
plugins/mod_dialback.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

plugins/mod_dialback.lua @ 6299:a1da78658a82

hostmanager, mod_dialback: Move generation of dialback secret out of core
author Kim Alvefur <zash@zash.se>
date Thu, 22 May 2014 15:21:22 +0200
parent 5778:8ea6fa8459e3
child 6300:4b0172dc5e3a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 1337
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 1937
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 1937
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 645
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 645
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 438
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 438
diff changeset
8
1042
a3d77353c18a mod_*: Fix a load of global accesses
Matthew Wild <mwild1@gmail.com>
parents: 896
diff changeset
9 local hosts = _G.hosts;
191
e64c8a44060f Fix s2s once and for all
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
1070
3b066968063b mod_dialback: Use module logger instead of creating a new one
Matthew Wild <mwild1@gmail.com>
parents: 1042
diff changeset
11 local log = module._log;
559
fa4a51fe6442 Remove an incorrect line which I didn't add, and fix the proper way. Corrects the sending of stanzas over unauthed s2sout's. Also fixes mod_dialback to send stanzas and not strings.
Matthew Wild <mwild1@gmail.com>
parents: 519
diff changeset
12
1070
3b066968063b mod_dialback: Use module logger instead of creating a new one
Matthew Wild <mwild1@gmail.com>
parents: 1042
diff changeset
13 local st = require "util.stanza";
4567
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
14 local sha256_hash = require "util.hashes".sha256;
4836
bda0593d3f73 mod_dialback: add better safe then sorry nameprepping to the from attribute.
Marco Cirillo <maranda@lightwitch.org>
parents: 4835
diff changeset
15 local nameprep = require "util.encodings".stringprep.nameprep;
6299
a1da78658a82 hostmanager, mod_dialback: Move generation of dialback secret out of core
Kim Alvefur <zash@zash.se>
parents: 5778
diff changeset
16 local uuid_gen = require"util.uuid".generate;
191
e64c8a44060f Fix s2s once and for all
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17
1876
6d33e0521667 mod_dialback: Initiate dialback on incoming stream:features
Matthew Wild <mwild1@gmail.com>
parents: 1523
diff changeset
18 local xmlns_stream = "http://etherx.jabber.org/streams";
191
e64c8a44060f Fix s2s once and for all
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
20 local dialback_requests = setmetatable({}, { __mode = 'v' });
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
21
6299
a1da78658a82 hostmanager, mod_dialback: Move generation of dialback secret out of core
Kim Alvefur <zash@zash.se>
parents: 5778
diff changeset
22 local dialback_secret = module.host .. (module:get_option_string("dialback_secret") or uuid_gen());
a1da78658a82 hostmanager, mod_dialback: Move generation of dialback secret out of core
Kim Alvefur <zash@zash.se>
parents: 5778
diff changeset
23
4567
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
24 function generate_dialback(id, to, from)
6299
a1da78658a82 hostmanager, mod_dialback: Move generation of dialback secret out of core
Kim Alvefur <zash@zash.se>
parents: 5778
diff changeset
25 return sha256_hash(id..to..dialback_secret, true);
4567
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
26 end
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
27
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
28 function initiate_dialback(session)
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
29 -- generate dialback key
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
30 session.dialback_key = generate_dialback(session.streamid, session.to_host, session.from_host);
4851
8e3992ae7bf5 mod_dialback: Remove a remaining usage of string.format, ick.
Matthew Wild <mwild1@gmail.com>
parents: 4848
diff changeset
31 session.sends2s(st.stanza("db:result", { from = session.from_host, to = session.to_host }):text(session.dialback_key));
5778
8ea6fa8459e3 mod_dialback: Change level of some log statements to be more appropriate
Kim Alvefur <zash@zash.se>
parents: 5776
diff changeset
32 session.log("debug", "sent dialback key on outgoing s2s stream");
4567
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
33 end
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
34
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
35 function verify_dialback(id, to, from, key)
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
36 return key == generate_dialback(id, to, from);
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
37 end
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
38
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
39 module:hook("stanza/jabber:server:dialback:verify", function(event)
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
40 local origin, stanza = event.origin, event.stanza;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
41
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
42 if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
43 -- We are being asked to verify the key, to ensure it was generated by us
1077
d6a885cacd8c mod_dialback: Miscellaneous logging improvements, changing levels, improving messages and using session loggers where possible
Matthew Wild <mwild1@gmail.com>
parents: 1070
diff changeset
44 origin.log("debug", "verifying that dialback key is ours...");
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
45 local attr = stanza.attr;
5019
017e864b459d mod_dialback: Ignore <db:verify/> with a 'type' attribute on incoming connections, instead of interpreting them as a request to verify a key
Matthew Wild <mwild1@gmail.com>
parents: 4993
diff changeset
46 if attr.type then
017e864b459d mod_dialback: Ignore <db:verify/> with a 'type' attribute on incoming connections, instead of interpreting them as a request to verify a key
Matthew Wild <mwild1@gmail.com>
parents: 4993
diff changeset
47 module:log("warn", "Ignoring incoming session from %s claiming a dialback key for %s is %s",
017e864b459d mod_dialback: Ignore <db:verify/> with a 'type' attribute on incoming connections, instead of interpreting them as a request to verify a key
Matthew Wild <mwild1@gmail.com>
parents: 4993
diff changeset
48 origin.from_host or "(unknown)", attr.from or "(unknown)", attr.type);
017e864b459d mod_dialback: Ignore <db:verify/> with a 'type' attribute on incoming connections, instead of interpreting them as a request to verify a key
Matthew Wild <mwild1@gmail.com>
parents: 4993
diff changeset
49 return true;
017e864b459d mod_dialback: Ignore <db:verify/> with a 'type' attribute on incoming connections, instead of interpreting them as a request to verify a key
Matthew Wild <mwild1@gmail.com>
parents: 4993
diff changeset
50 end
1337
16c5aa4696ca mod_dialback: Change FIXME comment to COMPAT
Matthew Wild <mwild1@gmail.com>
parents: 1077
diff changeset
51 -- COMPAT: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
52 --if attr.from ~= origin.to_host then error("invalid-from"); end
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
53 local type;
4567
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
54 if verify_dialback(attr.id, attr.from, attr.to, stanza[1]) then
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
55 type = "valid"
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
56 else
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
57 type = "invalid"
1077
d6a885cacd8c mod_dialback: Miscellaneous logging improvements, changing levels, improving messages and using session loggers where possible
Matthew Wild <mwild1@gmail.com>
parents: 1070
diff changeset
58 origin.log("warn", "Asked to verify a dialback key that was incorrect. An imposter is claiming to be %s?", attr.to);
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
59 end
1077
d6a885cacd8c mod_dialback: Miscellaneous logging improvements, changing levels, improving messages and using session loggers where possible
Matthew Wild <mwild1@gmail.com>
parents: 1070
diff changeset
60 origin.log("debug", "verified dialback key... it is %s", type);
560
6c07f15a34f4 Fix the last couple of places where we send strings from mod_dialback
Matthew Wild <mwild1@gmail.com>
parents: 559
diff changeset
61 origin.sends2s(st.stanza("db:verify", { from = attr.to, to = attr.from, id = attr.id, type = type }):text(stanza[1]));
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
62 return true;
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
63 end
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
64 end);
191
e64c8a44060f Fix s2s once and for all
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
66 module:hook("stanza/jabber:server:dialback:result", function(event)
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
67 local origin, stanza = event.origin, event.stanza;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
68
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
69 if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
70 -- he wants to be identified through dialback
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
71 -- We need to check the key with the Authoritative server
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
72 local attr = stanza.attr;
4848
f7a4920aed6b mod_dialback: Final sweep to get nameprep + error handling in order (hopefully)
Matthew Wild <mwild1@gmail.com>
parents: 4847
diff changeset
73 local to, from = nameprep(attr.to), nameprep(attr.from);
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
74
4822
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
75 if not hosts[to] then
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
76 -- Not a host that we serve
5778
8ea6fa8459e3 mod_dialback: Change level of some log statements to be more appropriate
Kim Alvefur <zash@zash.se>
parents: 5776
diff changeset
77 origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
78 origin:close("host-unknown");
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
79 return true;
4848
f7a4920aed6b mod_dialback: Final sweep to get nameprep + error handling in order (hopefully)
Matthew Wild <mwild1@gmail.com>
parents: 4847
diff changeset
80 elseif not from then
f7a4920aed6b mod_dialback: Final sweep to get nameprep + error handling in order (hopefully)
Matthew Wild <mwild1@gmail.com>
parents: 4847
diff changeset
81 origin:close("improper-addressing");
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
82 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
83
4848
f7a4920aed6b mod_dialback: Final sweep to get nameprep + error handling in order (hopefully)
Matthew Wild <mwild1@gmail.com>
parents: 4847
diff changeset
84 origin.hosts[from] = { dialback_key = stanza[1] };
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
85
4822
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
86 dialback_requests[from.."/"..origin.streamid] = origin;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
87
4822
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
88 -- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from'
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
89 -- on streams. We fill in the session's to/from here instead.
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
90 if not origin.from_host then
4848
f7a4920aed6b mod_dialback: Final sweep to get nameprep + error handling in order (hopefully)
Matthew Wild <mwild1@gmail.com>
parents: 4847
diff changeset
91 origin.from_host = from;
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
92 end
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
93 if not origin.to_host then
4931
7a4f00168260 mod_dialback: Skip an unnecessary nameprep.
Waqas Hussain <waqas20@gmail.com>
parents: 4851
diff changeset
94 origin.to_host = to;
4837
9f1fb34cd7f8 mod_dialback: make change a bit more wide, encompass to and from and reject with proper addressing when neither are there.
Marco Cirillo <maranda@lightwitch.org>
parents: 4836
diff changeset
95 end
9f1fb34cd7f8 mod_dialback: make change a bit more wide, encompass to and from and reject with proper addressing when neither are there.
Marco Cirillo <maranda@lightwitch.org>
parents: 4836
diff changeset
96
4822
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
97 origin.log("debug", "asking %s if key %s belongs to them", from, stanza[1]);
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
98 module:fire_event("route/remote", {
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
99 from_host = to, to_host = from;
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
100 stanza = st.stanza("db:verify", { from = to, to = from, id = origin.streamid }):text(stanza[1]);
5ef05f32bc42 mod_s2s, s2smanager, mod_dialback: Move addition of session.send() on s2sin to after they are authenticated (thus from mod_s2s to s2smanager). Update mod_dialback to fire route/remote directly, as session.send() is no longer available for s2sin_unauthed. Fixes #291.
Matthew Wild <mwild1@gmail.com>
parents: 4761
diff changeset
101 });
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
102 return true;
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
103 end
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
104 end);
191
e64c8a44060f Fix s2s once and for all
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
106 module:hook("stanza/jabber:server:dialback:verify", function(event)
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
107 local origin, stanza = event.origin, event.stanza;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
108
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
109 if origin.type == "s2sout_unauthed" or origin.type == "s2sout" then
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
110 local attr = stanza.attr;
4314
1e1110840965 mod_dialback: More robust handling of multiple outstanding dialback requests for the same domain, fixes intermittent s2s with some (patched?) ejabberds
Matthew Wild <mwild1@gmail.com>
parents: 4227
diff changeset
111 local dialback_verifying = dialback_requests[attr.from.."/"..(attr.id or "")];
1e1110840965 mod_dialback: More robust handling of multiple outstanding dialback requests for the same domain, fixes intermittent s2s with some (patched?) ejabberds
Matthew Wild <mwild1@gmail.com>
parents: 4227
diff changeset
112 if dialback_verifying and attr.from == origin.to_host then
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
113 local valid;
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
114 if attr.type == "valid" then
5362
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents: 5341
diff changeset
115 module:fire_event("s2s-authenticated", { session = dialback_verifying, host = attr.from });
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
116 valid = "valid";
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
117 else
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
118 -- Warn the original connection that is was not verified successfully
4993
5243b74a4cbb Hopefully inert commit to clean up logging across a number of modules, removing all cases of concatenation when building log messages
Matthew Wild <mwild1@gmail.com>
parents: 4931
diff changeset
119 log("warn", "authoritative server for %s denied the key", attr.from or "(unknown)");
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
120 valid = "invalid";
191
e64c8a44060f Fix s2s once and for all
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 end
5113
3393cab2dd6b mod_dialback: Correctly check if a connection was destroyed (thanks iron)
Kim Alvefur <zash@zash.se>
parents: 5019
diff changeset
122 if dialback_verifying.destroyed then
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
123 log("warn", "Incoming s2s session %s was closed in the meantime, so we can't notify it of the db result", tostring(dialback_verifying):match("%w+$"));
347
fba39fda0879 Don't error if the original s2s connection has closed before we get the dialback result
Matthew Wild <mwild1@gmail.com>
parents: 260
diff changeset
124 else
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
125 dialback_verifying.sends2s(
560
6c07f15a34f4 Fix the last couple of places where we send strings from mod_dialback
Matthew Wild <mwild1@gmail.com>
parents: 559
diff changeset
126 st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = valid })
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
127 :text(dialback_verifying.hosts[attr.from].dialback_key));
347
fba39fda0879 Don't error if the original s2s connection has closed before we get the dialback result
Matthew Wild <mwild1@gmail.com>
parents: 260
diff changeset
128 end
4314
1e1110840965 mod_dialback: More robust handling of multiple outstanding dialback requests for the same domain, fixes intermittent s2s with some (patched?) ejabberds
Matthew Wild <mwild1@gmail.com>
parents: 4227
diff changeset
129 dialback_requests[attr.from.."/"..(attr.id or "")] = nil;
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
130 end
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
131 return true;
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
132 end
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
133 end);
191
e64c8a44060f Fix s2s once and for all
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
134
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
135 module:hook("stanza/jabber:server:dialback:result", function(event)
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
136 local origin, stanza = event.origin, event.stanza;
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
137
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
138 if origin.type == "s2sout_unauthed" or origin.type == "s2sout" then
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
139 -- Remote server is telling us whether we passed dialback
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5362
diff changeset
140
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
141 local attr = stanza.attr;
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
142 if not hosts[attr.to] then
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
143 origin:close("host-unknown");
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
144 return true;
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
145 elseif hosts[attr.to].s2sout[attr.from] ~= origin then
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
146 -- This isn't right
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
147 origin:close("invalid-id");
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
148 return true;
621
cd2cab5400fc Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
149 end
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
150 if stanza.attr.type == "valid" then
5362
612467e263af s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
Matthew Wild <mwild1@gmail.com>
parents: 5341
diff changeset
151 module:fire_event("s2s-authenticated", { session = origin, host = attr.from });
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
152 else
4227
6b83ef6ec845 mod_dialback: Use session:close() on dialback failure instead of s2smanager.destroy_session() (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents: 3534
diff changeset
153 origin:close("not-authorized", "dialback authentication failed");
219
f06e97f525bc Fixed some whitespace.
Waqas Hussain <waqas20@gmail.com>
parents: 191
diff changeset
154 end
3533
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
155 return true;
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
156 end
0385b9f29049 mod_dialback: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2923
diff changeset
157 end);
1876
6d33e0521667 mod_dialback: Initiate dialback on incoming stream:features
Matthew Wild <mwild1@gmail.com>
parents: 1523
diff changeset
158
3651
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
159 module:hook_stanza("urn:ietf:params:xml:ns:xmpp-sasl", "failure", function (origin, stanza)
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
160 if origin.external_auth == "failed" then
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
161 module:log("debug", "SASL EXTERNAL failed, falling back to dialback");
4567
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
162 initiate_dialback(origin);
3651
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
163 return true;
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
164 end
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
165 end, 100);
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
166
1876
6d33e0521667 mod_dialback: Initiate dialback on incoming stream:features
Matthew Wild <mwild1@gmail.com>
parents: 1523
diff changeset
167 module:hook_stanza(xmlns_stream, "features", function (origin, stanza)
3651
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
168 if not origin.external_auth or origin.external_auth == "failed" then
4587
93a84314c296 mod_dialback, mod_s2s: Log initiation of dialback in mod_dialback
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
169 module:log("debug", "Initiating dialback...");
4567
24617f360200 mod_dialback: import util.hashes and functionality once in s2smanager.
Florian Zeitz <florob@babelmonkeys.de>
parents: 4316
diff changeset
170 initiate_dialback(origin);
3651
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
171 return true;
337391d34b70 s2s: SASL EXTERNAL
Paul Aurich <paul@darkrain42.org>
parents: 3534
diff changeset
172 end
3534
c68590b13a6d mod_dialback: Fixed indentation.
Waqas Hussain <waqas20@gmail.com>
parents: 3533
diff changeset
173 end, 100);
1937
9c700500f408 mod_dialback: Catch s2s-stream-features and add dialback feature
Matthew Wild <mwild1@gmail.com>
parents: 1876
diff changeset
174
5341
760c22c822be mod_s2s, mod_dialback: Rename s2s-authenticate-legacy event to s2sout-authenticate-legacy for clarity. Also, hello!
Matthew Wild <mwild1@gmail.com>
parents: 5113
diff changeset
175 module:hook("s2sout-authenticate-legacy", function (event)
4587
93a84314c296 mod_dialback, mod_s2s: Log initiation of dialback in mod_dialback
Kim Alvefur <zash@zash.se>
parents: 4586
diff changeset
176 module:log("debug", "Initiating dialback...");
4584
9a5de6509aa8 mod_s2s, mod_dialback: Event on pre-XMPP streams, so we can try dialback.
Kim Alvefur <zash@zash.se>
parents: 4579
diff changeset
177 initiate_dialback(event.origin);
9a5de6509aa8 mod_s2s, mod_dialback: Event on pre-XMPP streams, so we can try dialback.
Kim Alvefur <zash@zash.se>
parents: 4579
diff changeset
178 return true;
9a5de6509aa8 mod_s2s, mod_dialback: Event on pre-XMPP streams, so we can try dialback.
Kim Alvefur <zash@zash.se>
parents: 4579
diff changeset
179 end, 100);
9a5de6509aa8 mod_s2s, mod_dialback: Event on pre-XMPP streams, so we can try dialback.
Kim Alvefur <zash@zash.se>
parents: 4579
diff changeset
180
1937
9c700500f408 mod_dialback: Catch s2s-stream-features and add dialback feature
Matthew Wild <mwild1@gmail.com>
parents: 1876
diff changeset
181 -- Offer dialback to incoming hosts
9c700500f408 mod_dialback: Catch s2s-stream-features and add dialback feature
Matthew Wild <mwild1@gmail.com>
parents: 1876
diff changeset
182 module:hook("s2s-stream-features", function (data)
4264
fa36e749749c mod_dialback: Remove <optional/> from stream feature, as per latest specs.
Waqas Hussain <waqas20@gmail.com>
parents: 4238
diff changeset
183 data.features:tag("dialback", { xmlns='urn:xmpp:features:dialback' }):up();
3534
c68590b13a6d mod_dialback: Fixed indentation.
Waqas Hussain <waqas20@gmail.com>
parents: 3533
diff changeset
184 end);