Comparison

plugins/mod_dialback.lua @ 6301:2fdd71b08126

mod_dialback: Short-circuit dialback auth if certificate is considered valid
author Kim Alvefur <zash@zash.se>
date Fri, 04 Jul 2014 21:48:25 +0200
parent 6300:4b0172dc5e3a
child 6303:d289582d3518
comparison
equal deleted inserted replaced
6300:4b0172dc5e3a 6301:2fdd71b08126
11 local log = module._log; 11 local log = module._log;
12 12
13 local st = require "util.stanza"; 13 local st = require "util.stanza";
14 local sha256_hash = require "util.hashes".sha256; 14 local sha256_hash = require "util.hashes".sha256;
15 local nameprep = require "util.encodings".stringprep.nameprep; 15 local nameprep = require "util.encodings".stringprep.nameprep;
16 local check_cert_status = module:depends"s2s".check_cert_status;
16 local uuid_gen = require"util.uuid".generate; 17 local uuid_gen = require"util.uuid".generate;
17 18
18 local xmlns_stream = "http://etherx.jabber.org/streams"; 19 local xmlns_stream = "http://etherx.jabber.org/streams";
19 20
20 local dialback_requests = setmetatable({}, { __mode = 'v' }); 21 local dialback_requests = setmetatable({}, { __mode = 'v' });
21 22
22 local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); 23 local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen());
24 local dwd = module:get_option_boolean("dialback_without_dialback", false);
23 25
24 function module.save() 26 function module.save()
25 return { dialback_secret = dialback_secret }; 27 return { dialback_secret = dialback_secret };
26 end 28 end
27 29
77 if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then 79 if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then
78 -- he wants to be identified through dialback 80 -- he wants to be identified through dialback
79 -- We need to check the key with the Authoritative server 81 -- We need to check the key with the Authoritative server
80 local attr = stanza.attr; 82 local attr = stanza.attr;
81 local to, from = nameprep(attr.to), nameprep(attr.from); 83 local to, from = nameprep(attr.to), nameprep(attr.from);
84
85 if check_cert_status(origin, from) == false then
86 return
87 elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then
88 origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" }));
89 module:fire_event("s2s-authenticated", { session = origin, host = from });
90 return true;
91 end
82 92
83 if not hosts[to] then 93 if not hosts[to] then
84 -- Not a host that we serve 94 -- Not a host that we serve
85 origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to); 95 origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
86 origin:close("host-unknown"); 96 origin:close("host-unknown");