prosody
8553d822f417
plugins/s2s/mod_s2s.lua
Software / code / prosody
Comparison
plugins/s2s/mod_s2s.lua @ 4589:8553d822f417
mod_s2s: streamopened(): Tighter validation around stream 'to' and 'from' attributes, and only set to_host and from_host if they aren't set already and if the session hasn't already been authenticated
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 05 Mar 2012 11:07:10 +0000 |
| parent | 4587:93a84314c296 |
| child | 4591:75b3d0c301d0 |
| child | 4592:0a9528b178fd |
comparison
equal
deleted
inserted
replaced
| 4588:3e7702891649 | 4589:8553d822f417 |
|---|---|
| 166 session.secure = true; | 166 session.secure = true; |
| 167 end | 167 end |
| 168 | 168 |
| 169 if session.direction == "incoming" then | 169 if session.direction == "incoming" then |
| 170 -- Send a reply stream header | 170 -- Send a reply stream header |
| 171 session.to_host = attr.to and nameprep(attr.to); | 171 |
| 172 session.from_host = attr.from and nameprep(attr.from); | 172 -- Validate to/from |
| 173 | 173 local to, from = nameprep(attr.to), nameprep(attr.from); |
| 174 if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts) | |
| 175 session:close({ condition = "improper-addressing", text = "Invalid 'to' address" }); | |
| 176 return; | |
| 177 end | |
| 178 if not from and attr.from then -- COMPAT: Some servers do not reliably set 'from' (especially on stream restarts) | |
| 179 session:close({ condition = "improper-addressing", text = "Invalid 'from' address" }); | |
| 180 return; | |
| 181 end | |
| 182 | |
| 183 -- Set session.[from/to]_host if they have not been set already and if | |
| 184 -- this session isn't already authenticated | |
| 185 if session.type == "s2sin_unauthed" and from and not session.from_host then | |
| 186 session.from_host = from; | |
| 187 elseif from ~= session.from_host then | |
| 188 session:close({ condition = "improper-addressing", text = "New stream 'from' attribute does not match original" }); | |
| 189 return; | |
| 190 end | |
| 191 if session.type == "s2sin_unauthed" and to and not session.to_host then | |
| 192 session.to_host = to; | |
| 193 elseif to ~= session.to_host then | |
| 194 session:close({ condition = "improper-addressing", text = "New stream 'to' attribute does not match original" }); | |
| 195 return; | |
| 196 end | |
| 197 | |
| 174 session.streamid = uuid_gen(); | 198 session.streamid = uuid_gen(); |
| 175 (session.log or log)("debug", "Incoming s2s received <stream:stream>"); | 199 (session.log or log)("debug", "Incoming s2s received <stream:stream>"); |
| 176 if session.to_host then | 200 if session.to_host then |
| 177 if not hosts[session.to_host] then | 201 if not hosts[session.to_host] then |
| 178 -- Attempting to connect to a host we don't serve | 202 -- Attempting to connect to a host we don't serve |
