prosody
3d1de30fefec
plugins/mod_s2s/mod_s2s.lua
Software / code / prosody
Comparison
plugins/mod_s2s/mod_s2s.lua @ 5394:3d1de30fefec
Merge 0.9->trunk
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 28 Mar 2013 12:17:15 +0000 |
| parent | 5390:b3c8757ee4f4 |
| child | 5408:767ecb0091a6 |
comparison
equal
deleted
inserted
replaced
| 5382:214c32e10734 | 5394:3d1de30fefec |
|---|---|
| 78 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; | 78 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; |
| 79 if not hosts[from_host] then | 79 if not hosts[from_host] then |
| 80 log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host); | 80 log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host); |
| 81 return false; | 81 return false; |
| 82 end | 82 end |
| 83 if hosts[to_host] then | |
| 84 log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host); | |
| 85 return false; | |
| 86 end | |
| 83 local host = hosts[from_host].s2sout[to_host]; | 87 local host = hosts[from_host].s2sout[to_host]; |
| 84 if host then | 88 if host then |
| 85 -- We have a connection to this host already | 89 -- We have a connection to this host already |
| 86 if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then | 90 if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then |
| 87 (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host); | 91 (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host); |
| 186 text = "Encrypted server-to-server communication is required but was not " | 190 text = "Encrypted server-to-server communication is required but was not " |
| 187 ..((session.direction == "outgoing" and "offered") or "used") | 191 ..((session.direction == "outgoing" and "offered") or "used") |
| 188 }); | 192 }); |
| 189 end | 193 end |
| 190 end | 194 end |
| 195 if hosts[host] then | |
| 196 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); | |
| 197 end | |
| 191 if session.type == "s2sout_unauthed" then | 198 if session.type == "s2sout_unauthed" then |
| 192 session.type = "s2sout"; | 199 session.type = "s2sout"; |
| 193 elseif session.type == "s2sin_unauthed" then | 200 elseif session.type == "s2sin_unauthed" then |
| 194 session.type = "s2sin"; | 201 session.type = "s2sin"; |
| 195 if host then | 202 if host then |
| 209 return true; | 216 return true; |
| 210 end | 217 end |
| 211 | 218 |
| 212 --- Helper to check that a session peer's certificate is valid | 219 --- Helper to check that a session peer's certificate is valid |
| 213 local function check_cert_status(session) | 220 local function check_cert_status(session) |
| 214 local host = session.direction == "incoming" and session.from_host or session.to_host | 221 local host = session.direction == "outgoing" and session.to_host or session.from_host |
| 215 local conn = session.conn:socket() | 222 local conn = session.conn:socket() |
| 216 local cert | 223 local cert |
| 217 if conn.getpeercertificate then | 224 if conn.getpeercertificate then |
| 218 cert = conn:getpeercertificate() | 225 cert = conn:getpeercertificate() |
| 219 end | 226 end |
| 317 condition = "policy-violation"; | 324 condition = "policy-violation"; |
| 318 text = "Server-to-server communication is disabled for this host"; | 325 text = "Server-to-server communication is disabled for this host"; |
| 319 }); | 326 }); |
| 320 return; | 327 return; |
| 321 end | 328 end |
| 329 end | |
| 330 | |
| 331 if hosts[from] then | |
| 332 session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" }); | |
| 333 return; | |
| 322 end | 334 end |
| 323 | 335 |
| 324 if session.secure and not session.cert_chain_status then | 336 if session.secure and not session.cert_chain_status then |
| 325 if check_cert_status(session) == false then | 337 if check_cert_status(session) == false then |
| 326 return; | 338 return; |
| 484 ["xml:lang"] = 'en', | 496 ["xml:lang"] = 'en', |
| 485 id = session.streamid, | 497 id = session.streamid, |
| 486 from = from, to = to, | 498 from = from, to = to, |
| 487 } | 499 } |
| 488 local local_host = session.direction == "outgoing" and from or to; | 500 local local_host = session.direction == "outgoing" and from or to; |
| 489 if not local_host or hosts[local_host].modules.dialback then | 501 if not local_host or (hosts[local_host] and hosts[local_host].modules.dialback) then |
| 490 attr["xmlns:db"] = 'jabber:server:dialback'; | 502 attr["xmlns:db"] = 'jabber:server:dialback'; |
| 491 end | 503 end |
| 492 | 504 |
| 493 session.sends2s("<?xml version='1.0'?>"); | 505 session.sends2s("<?xml version='1.0'?>"); |
| 494 session.sends2s(st.stanza("stream:stream", attr):top_tag()); | 506 session.sends2s(st.stanza("stream:stream", attr):top_tag()); |
