Software /
code /
prosody
File
plugins/mod_component.lua @ 1981:ffbc57a4dea8
mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 17 Oct 2009 16:25:28 +0100 |
parent | 1523:841d61be198f |
child | 2490:6eee75fb3159 |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2009 Matthew Wild -- Copyright (C) 2008-2009 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- if module:get_host_type() ~= "component" then error("Don't load mod_component manually, it should be for a component, please see http://prosody.im/doc/components", 0); end local hosts = _G.hosts; local t_concat = table.concat; local lxp = require "lxp"; local logger = require "util.logger"; local config = require "core.configmanager"; local connlisteners = require "net.connlisteners"; local cm_register_component = require "core.componentmanager".register_component; local cm_deregister_component = require "core.componentmanager".deregister_component; local uuid_gen = require "util.uuid".generate; local sha1 = require "util.hashes".sha1; local st = require "util.stanza"; local init_xmlhandlers = require "core.xmlhandlers"; local sessions = {}; local log = module._log; local component_listener = { default_port = 5347; default_mode = "*a"; default_interface = config.get("*", "core", "component_interface") or "127.0.0.1" }; local xmlns_component = 'jabber:component:accept'; --- Handle authentication attempts by components function handle_component_auth(session, stanza) log("info", "Handling component auth"); if (not session.host) or #stanza.tags > 0 then (session.log or log)("warn", "Component handshake invalid"); session:close("not-authorized"); return; end local secret = config.get(session.user, "core", "component_secret"); if not secret then (session.log or log)("warn", "Component attempted to identify as %s, but component_password is not set", session.user); session:close("not-authorized"); return; end local supplied_token = t_concat(stanza); local calculated_token = sha1(session.streamid..secret, true); if supplied_token:lower() ~= calculated_token:lower() then log("info", "Component for %s authentication failed", session.host); session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; return; end -- Authenticated now log("info", "Component authenticated: %s", session.host); -- If component not already created for this host, create one now if not hosts[session.host].connected then local send = session.send; session.component_session = cm_register_component(session.host, function (_, data) if data.attr and data.attr.xmlns == "jabber:client" then data.attr.xmlns = nil; end return send(data); end); hosts[session.host].connected = true; log("info", "Component successfully registered"); else log("error", "Multiple components bound to the same address, first one wins (TODO: Implement stanza distribution)"); end -- Signal successful authentication session.send(st.stanza("handshake")); end module:add_handler("component", "handshake", xmlns_component, handle_component_auth);