prosody
602dd1e2f399
plugins/mod_s2s_bidi.lua
Software / code / prosody
Comparison
plugins/mod_s2s_bidi.lua @ 10458:602dd1e2f399
mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set
Prevents some weirdness in cases where no authentication is done
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 28 Nov 2019 18:57:17 +0100 |
| parent | 10250:1006739de449 |
| child | 12330:38b5b05407be |
comparison
equal
deleted
inserted
replaced
| 10457:0c44090cb168 | 10458:602dd1e2f399 |
|---|---|
| 8 local st = require "util.stanza"; | 8 local st = require "util.stanza"; |
| 9 | 9 |
| 10 local xmlns_bidi_feature = "urn:xmpp:features:bidi" | 10 local xmlns_bidi_feature = "urn:xmpp:features:bidi" |
| 11 local xmlns_bidi = "urn:xmpp:bidi"; | 11 local xmlns_bidi = "urn:xmpp:bidi"; |
| 12 | 12 |
| 13 local require_encryption = module:get_option_boolean("s2s_require_encryption", false); | |
| 14 | |
| 13 module:hook("s2s-stream-features", function(event) | 15 module:hook("s2s-stream-features", function(event) |
| 14 local origin, features = event.origin, event.features; | 16 local origin, features = event.origin, event.features; |
| 15 if origin.type == "s2sin_unauthed" then | 17 if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then |
| 16 features:tag("bidi", { xmlns = xmlns_bidi_feature }):up(); | 18 features:tag("bidi", { xmlns = xmlns_bidi_feature }):up(); |
| 17 end | 19 end |
| 18 end); | 20 end); |
| 19 | 21 |
| 20 module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza) | 22 module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza) |
| 21 if session.type == "s2sout_unauthed" then | 23 if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then |
| 22 local bidi = stanza:get_child("bidi", xmlns_bidi_feature); | 24 local bidi = stanza:get_child("bidi", xmlns_bidi_feature); |
| 23 if bidi then | 25 if bidi then |
| 24 session.incoming = true; | 26 session.incoming = true; |
| 25 session.log("debug", "Requesting bidirectional stream"); | 27 session.log("debug", "Requesting bidirectional stream"); |
| 26 session.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi })); | 28 session.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi })); |
| 27 end | 29 end |
| 28 end | 30 end |
| 29 end, 200); | 31 end, 200); |
| 30 | 32 |
| 31 module:hook_tag("urn:xmpp:bidi", "bidi", function(session) | 33 module:hook_tag("urn:xmpp:bidi", "bidi", function(session) |
| 32 if session.type == "s2sin_unauthed" then | 34 if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then |
| 33 session.log("debug", "Requested bidirectional stream"); | 35 session.log("debug", "Requested bidirectional stream"); |
| 34 session.outgoing = true; | 36 session.outgoing = true; |
| 35 return true; | 37 return true; |
| 36 end | 38 end |
| 37 end); | 39 end); |
