prosody
334383faf77b
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 1875:334383faf77b
mod_tls: Advertise and handle TLS for s2s connections
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 04 Oct 2009 14:06:45 +0100 |
| parent | 1675:bddd5ef9565e |
| child | 1894:53f34ba6f6d6 |
comparison
equal
deleted
inserted
replaced
| 1874:262ea889016f | 1875:334383faf77b |
|---|---|
| 6 -- COPYING file in the source package for more information. | 6 -- COPYING file in the source package for more information. |
| 7 -- | 7 -- |
| 8 | 8 |
| 9 local st = require "util.stanza"; | 9 local st = require "util.stanza"; |
| 10 | 10 |
| 11 local xmlns_starttls ='urn:ietf:params:xml:ns:xmpp-tls'; | 11 local xmlns_stream = 'http://etherx.jabber.org/streams'; |
| 12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; | |
| 12 | 13 |
| 13 local secure_auth_only = module:get_option("require_encryption"); | 14 local secure_auth_only = module:get_option("require_encryption"); |
| 14 | 15 |
| 15 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, | 16 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, |
| 16 function (session, stanza) | 17 function (session, stanza) |
| 24 -- FIXME: What reply? | 25 -- FIXME: What reply? |
| 25 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); | 26 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); |
| 26 end | 27 end |
| 27 end); | 28 end); |
| 28 | 29 |
| 30 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, | |
| 31 function (session, stanza) | |
| 32 if session.conn.starttls then | |
| 33 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); | |
| 34 session:reset_stream(); | |
| 35 session.conn.starttls(); | |
| 36 session.log("info", "TLS negotiation started for incoming s2s..."); | |
| 37 else | |
| 38 -- FIXME: What reply? | |
| 39 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); | |
| 40 end | |
| 41 end); | |
| 42 | |
| 43 | |
| 29 local starttls_attr = { xmlns = xmlns_starttls }; | 44 local starttls_attr = { xmlns = xmlns_starttls }; |
| 30 module:add_event_hook("stream-features", | 45 module:add_event_hook("stream-features", |
| 31 function (session, features) | 46 function (session, features) |
| 32 if session.conn.starttls then | 47 if session.conn.starttls then |
| 33 features:tag("starttls", starttls_attr); | 48 features:tag("starttls", starttls_attr); |
| 36 else | 51 else |
| 37 features:up(); | 52 features:up(); |
| 38 end | 53 end |
| 39 end | 54 end |
| 40 end); | 55 end); |
| 56 | |
| 57 module:add_event_hook("s2s-stream-features", | |
| 58 function (session, features) | |
| 59 if session.conn.starttls then | |
| 60 --features:tag("starttls", starttls_attr):up(); | |
| 61 end | |
| 62 end); | |
| 63 | |
| 64 -- For s2sout connections, start TLS if we can | |
| 65 module:hook_stanza(xmlns_stream, "features", | |
| 66 function (session, stanza) | |
| 67 module:log("debug", "Received features element"); | |
| 68 if stanza:child_with_ns(xmlns_starttls) then | |
| 69 module:log("%s is offering TLS, taking up the offer...", session.to_host); | |
| 70 session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); | |
| 71 return true; | |
| 72 end | |
| 73 end, 500); | |
| 74 | |
| 75 module:hook_stanza(xmlns_starttls, "proceed", | |
| 76 function (session, stanza) | |
| 77 module:log("debug", "Proceeding with TLS on s2sout..."); | |
| 78 local format, to_host, from_host = string.format, session.to_host, session.from_host; | |
| 79 session:reset_stream(); | |
| 80 session.conn.starttls(true); | |
| 81 return true; | |
| 82 end); |
