Software /
code /
prosody
Comparison
plugins/mod_dialback.lua @ 6301:2fdd71b08126
mod_dialback: Short-circuit dialback auth if certificate is considered valid
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 04 Jul 2014 21:48:25 +0200 |
parent | 6300:4b0172dc5e3a |
child | 6303:d289582d3518 |
comparison
equal
deleted
inserted
replaced
6300:4b0172dc5e3a | 6301:2fdd71b08126 |
---|---|
11 local log = module._log; | 11 local log = module._log; |
12 | 12 |
13 local st = require "util.stanza"; | 13 local st = require "util.stanza"; |
14 local sha256_hash = require "util.hashes".sha256; | 14 local sha256_hash = require "util.hashes".sha256; |
15 local nameprep = require "util.encodings".stringprep.nameprep; | 15 local nameprep = require "util.encodings".stringprep.nameprep; |
16 local check_cert_status = module:depends"s2s".check_cert_status; | |
16 local uuid_gen = require"util.uuid".generate; | 17 local uuid_gen = require"util.uuid".generate; |
17 | 18 |
18 local xmlns_stream = "http://etherx.jabber.org/streams"; | 19 local xmlns_stream = "http://etherx.jabber.org/streams"; |
19 | 20 |
20 local dialback_requests = setmetatable({}, { __mode = 'v' }); | 21 local dialback_requests = setmetatable({}, { __mode = 'v' }); |
21 | 22 |
22 local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); | 23 local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); |
24 local dwd = module:get_option_boolean("dialback_without_dialback", false); | |
23 | 25 |
24 function module.save() | 26 function module.save() |
25 return { dialback_secret = dialback_secret }; | 27 return { dialback_secret = dialback_secret }; |
26 end | 28 end |
27 | 29 |
77 if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then | 79 if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then |
78 -- he wants to be identified through dialback | 80 -- he wants to be identified through dialback |
79 -- We need to check the key with the Authoritative server | 81 -- We need to check the key with the Authoritative server |
80 local attr = stanza.attr; | 82 local attr = stanza.attr; |
81 local to, from = nameprep(attr.to), nameprep(attr.from); | 83 local to, from = nameprep(attr.to), nameprep(attr.from); |
84 | |
85 if check_cert_status(origin, from) == false then | |
86 return | |
87 elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then | |
88 origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); | |
89 module:fire_event("s2s-authenticated", { session = origin, host = from }); | |
90 return true; | |
91 end | |
82 | 92 |
83 if not hosts[to] then | 93 if not hosts[to] then |
84 -- Not a host that we serve | 94 -- Not a host that we serve |
85 origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to); | 95 origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to); |
86 origin:close("host-unknown"); | 96 origin:close("host-unknown"); |