Software /
code /
prosody
File
plugins/mod_component.lua @ 5835:a5f4de8c0b40
util.sasl.scram: Validate channel binding data of client final message.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Mon, 17 Jan 2011 16:50:21 +0100 |
parent | 3674:4b7281c577b9 |
child | 4301:1484ac561b28 |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- if module:get_host_type() ~= "component" then error("Don't load mod_component manually, it should be for a component, please see http://prosody.im/doc/components", 0); end local hosts = _G.hosts; local t_concat = table.concat; local sha1 = require "util.hashes".sha1; local st = require "util.stanza"; local log = module._log; local main_session, send; local function on_destroy(session, err) if main_session == session then main_session = nil; send = nil; session.on_destroy = nil; end end local function handle_stanza(event) local stanza = event.stanza; if send then stanza.attr.xmlns = nil; send(stanza); else log("warn", "Stanza being handled by default component; bouncing error for: %s", stanza:top_tag()); if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable")); end end return true; end module:hook("iq/bare", handle_stanza, -1); module:hook("message/bare", handle_stanza, -1); module:hook("presence/bare", handle_stanza, -1); module:hook("iq/full", handle_stanza, -1); module:hook("message/full", handle_stanza, -1); module:hook("presence/full", handle_stanza, -1); module:hook("iq/host", handle_stanza, -1); module:hook("message/host", handle_stanza, -1); module:hook("presence/host", handle_stanza, -1); --- Handle authentication attempts by components function handle_component_auth(event) local session, stanza = event.origin, event.stanza; if session.type ~= "component" then return; end if main_session == session then return; end if (not session.host) or #stanza.tags > 0 then (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); session:close("not-authorized"); return true; end local secret = module:get_option("component_secret"); if not secret then (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host); session:close("not-authorized"); return true; end local supplied_token = t_concat(stanza); local calculated_token = sha1(session.streamid..secret, true); if supplied_token:lower() ~= calculated_token:lower() then log("info", "Component authentication failed for %s", session.host); session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; return true; end -- If component not already created for this host, create one now if not main_session then send = session.send; main_session = session; session.on_destroy = on_destroy; session.component_validate_from = module:get_option_boolean("validate_from_addresses") ~= false; log("info", "Component successfully authenticated: %s", session.host); session.send(st.stanza("handshake")); else -- TODO: Implement stanza distribution log("error", "Multiple components bound to the same address, first one wins: %s", session.host); session:close{ condition = "conflict", text = "Component already connected" }; end return true; end module:hook("stanza/jabber:component:accept:handshake", handle_component_auth);