prosody
dd4eb84d92a8
plugins/mod_s2s/mod_s2s.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_s2s/mod_s2s.lua @ 10426:dd4eb84d92a8

mod_s2s: Add error text for error replies on some s2s failures (#770)
author Kim Alvefur <zash@zash.se>
date Sat, 23 Nov 2019 01:32:53 +0100
parent 10425:42cf93ff4618
child 10455:698ff3610e57
comparison
equal deleted inserted replaced
10425:42cf93ff4618 10426:dd4eb84d92a8
192 elseif not session.dialback_verifying then 192 elseif not session.dialback_verifying then
193 session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up"); 193 session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up");
194 session:close({ 194 session:close({
195 condition = "unsupported-feature", 195 condition = "unsupported-feature",
196 text = "No viable authentication method offered", 196 text = "No viable authentication method offered",
197 }); 197 }, nil, "No viable authentication method offered by remote server");
198 return false; 198 return false;
199 end 199 end
200 end, -1); 200 end, -1);
201 end 201 end
202 202
253 if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then 253 if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then
254 session:close({ 254 session:close({
255 condition = "policy-violation", 255 condition = "policy-violation",
256 text = "Encrypted server-to-server communication is required but was not " 256 text = "Encrypted server-to-server communication is required but was not "
257 ..((session.direction == "outgoing" and "offered") or "used") 257 ..((session.direction == "outgoing" and "offered") or "used")
258 }); 258 }, nil, "Could not establish encrypted connection to remote server");
259 end 259 end
260 end 260 end
261 if hosts[host] then 261 if hosts[host] then
262 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); 262 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
263 end 263 end
606 data = filter("bytes/in", data); 606 data = filter("bytes/in", data);
607 if data then 607 if data then
608 local ok, err = stream:feed(data); 608 local ok, err = stream:feed(data);
609 if ok then return; end 609 if ok then return; end
610 log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); 610 log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
611 session:close("not-well-formed"); 611 session:close("not-well-formed", nil, "Received invalid XML from remote server");
612 end 612 end
613 end 613 end
614 614
615 session.close = session_close; 615 session.close = session_close;
616 616
736 end 736 end
737 737
738 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then 738 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
739 module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)"); 739 module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)");
740 if session.direction == "incoming" then 740 if session.direction == "incoming" then
741 session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); 741 session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host },
742 nil, "Remote server's certificate is invalid, expired, or not trusted");
742 else -- Close outgoing connections without warning 743 else -- Close outgoing connections without warning
743 session:close(false); 744 session:close(false, nil, "Remote server's certificate is invalid, expired, or not trusted");
744 end 745 end
745 return false; 746 return false;
746 end 747 end
747 end 748 end
748 749