Comparison

plugins/mod_component.lua @ 7874:de3c6fb74759

Merge 0.10->trunk
author Kim Alvefur <zash@zash.se>
date Sat, 28 Jan 2017 21:39:14 +0100
parent 7666:03aa330562ed
parent 7873:8d1ebb9a9b44
child 7887:93fd15b5ec1b
comparison
equal deleted inserted replaced
7870:a858066faac6 7874:de3c6fb74759
31 31
32 function module.add_host(module) 32 function module.add_host(module)
33 if module:get_host_type() ~= "component" then 33 if module:get_host_type() ~= "component" then
34 error("Don't load mod_component manually, it should be for a component, please see https://prosody.im/doc/components", 0); 34 error("Don't load mod_component manually, it should be for a component, please see https://prosody.im/doc/components", 0);
35 end 35 end
36 36
37 local env = module.environment; 37 local env = module.environment;
38 env.connected = false; 38 env.connected = false;
39 env.session = false; 39 env.session = false;
40 40
41 local send; 41 local send;
44 env.connected = false; 44 env.connected = false;
45 env.session = false; 45 env.session = false;
46 send = nil; 46 send = nil;
47 session.on_destroy = nil; 47 session.on_destroy = nil;
48 end 48 end
49 49
50 -- Handle authentication attempts by component 50 -- Handle authentication attempts by component
51 local function handle_component_auth(event) 51 local function handle_component_auth(event)
52 local session, stanza = event.origin, event.stanza; 52 local session, stanza = event.origin, event.stanza;
53 53
54 if session.type ~= "component_unauthed" then return; end 54 if session.type ~= "component_unauthed" then return; end
55 55
56 if (not session.host) or #stanza.tags > 0 then 56 if (not session.host) or #stanza.tags > 0 then
57 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); 57 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host);
58 session:close("not-authorized"); 58 session:close("not-authorized");
59 return true; 59 return true;
60 end 60 end
61 61
62 local secret = module:get_option("component_secret"); 62 local secret = module:get_option("component_secret");
63 if not secret then 63 if not secret then
64 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host); 64 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host);
65 session:close("not-authorized"); 65 session:close("not-authorized");
66 return true; 66 return true;
67 end 67 end
68 68
69 local supplied_token = t_concat(stanza); 69 local supplied_token = t_concat(stanza);
70 local calculated_token = sha1(session.streamid..secret, true); 70 local calculated_token = sha1(session.streamid..secret, true);
71 if supplied_token:lower() ~= calculated_token:lower() then 71 if supplied_token:lower() ~= calculated_token:lower() then
72 module:log("info", "Component authentication failed for %s", session.host); 72 module:log("info", "Component authentication failed for %s", session.host);
73 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; 73 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" };
74 return true; 74 return true;
75 end 75 end
76 76
77 if env.connected then 77 if env.connected then
78 local policy = module:get_option_string("component_conflict_resolve", "kick_new"); 78 local policy = module:get_option_string("component_conflict_resolve", "kick_new");
79 if policy == "kick_old" then 79 if policy == "kick_old" then
80 env.session:close{ condition = "conflict", text = "Replaced by a new connection" }; 80 env.session:close{ condition = "conflict", text = "Replaced by a new connection" };
81 else -- kick_new 81 else -- kick_new
82 module:log("error", "Second component attempted to connect, denying connection"); 82 module:log("error", "Second component attempted to connect, denying connection");
83 session:close{ condition = "conflict", text = "Component already connected" }; 83 session:close{ condition = "conflict", text = "Component already connected" };
84 return true; 84 return true;
85 end 85 end
86 end 86 end
87 87
88 env.connected = true; 88 env.connected = true;
89 env.session = session; 89 env.session = session;
90 send = session.send; 90 send = session.send;
91 session.on_destroy = on_destroy; 91 session.on_destroy = on_destroy;
92 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true); 92 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true);
93 session.type = "component"; 93 session.type = "component";
94 module:log("info", "External component successfully authenticated"); 94 module:log("info", "External component successfully authenticated");
95 session.send(st.stanza("handshake")); 95 session.send(st.stanza("handshake"));
96 module:fire_event("component-authenticated", { session = session }); 96 module:fire_event("component-authenticated", { session = session });
97 97
98 return true; 98 return true;
99 end 99 end
100 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, -1); 100 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, -1);
101 101
102 -- Handle stanzas addressed to this component 102 -- Handle stanzas addressed to this component
123 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable")); 123 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable"));
124 end 124 end
125 end 125 end
126 return true; 126 return true;
127 end 127 end
128 128
129 module:hook("iq/bare", handle_stanza, -1); 129 module:hook("iq/bare", handle_stanza, -1);
130 module:hook("message/bare", handle_stanza, -1); 130 module:hook("message/bare", handle_stanza, -1);
131 module:hook("presence/bare", handle_stanza, -1); 131 module:hook("presence/bare", handle_stanza, -1);
132 module:hook("iq/full", handle_stanza, -1); 132 module:hook("iq/full", handle_stanza, -1);
133 module:hook("message/full", handle_stanza, -1); 133 module:hook("message/full", handle_stanza, -1);
280 session.close = session_close; 280 session.close = session_close;
281 281
282 if opt_keepalives then 282 if opt_keepalives then
283 conn:setoption("keepalive", opt_keepalives); 283 conn:setoption("keepalive", opt_keepalives);
284 end 284 end
285 285
286 session.log("info", "Incoming Jabber component connection"); 286 session.log("info", "Incoming Jabber component connection");
287 287
288 local stream = new_xmpp_stream(session, stream_callbacks); 288 local stream = new_xmpp_stream(session, stream_callbacks);
289 session.stream = stream; 289 session.stream = stream;
290 290
291 session.notopen = true; 291 session.notopen = true;
292 292
293 function session.reset_stream() 293 function session.reset_stream()
294 session.notopen = true; 294 session.notopen = true;
295 session.stream:reset(); 295 session.stream:reset();
296 end 296 end
297 297
299 local ok, err = stream:feed(data); 299 local ok, err = stream:feed(data);
300 if ok then return; end 300 if ok then return; end
301 module:log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); 301 module:log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
302 session:close("not-well-formed"); 302 session:close("not-well-formed");
303 end 303 end
304 304
305 session.dispatch_stanza = stream_callbacks.handlestanza; 305 session.dispatch_stanza = stream_callbacks.handlestanza;
306 306
307 sessions[conn] = session; 307 sessions[conn] = session;
308 end 308 end
309 function listener.onincoming(conn, data) 309 function listener.onincoming(conn, data)