# HG changeset patch # User Kim Alvefur # Date 1404503305 -7200 # Node ID 2fdd71b08126e1a3688b8a326c6da25f55316cb0 # Parent 4b0172dc5e3ac42c528b8c14b8370ed12ad96413 mod_dialback: Short-circuit dialback auth if certificate is considered valid diff -r 4b0172dc5e3a -r 2fdd71b08126 plugins/mod_dialback.lua --- a/plugins/mod_dialback.lua Thu Jul 03 15:38:53 2014 +0200 +++ b/plugins/mod_dialback.lua Fri Jul 04 21:48:25 2014 +0200 @@ -13,6 +13,7 @@ local st = require "util.stanza"; local sha256_hash = require "util.hashes".sha256; local nameprep = require "util.encodings".stringprep.nameprep; +local check_cert_status = module:depends"s2s".check_cert_status; local uuid_gen = require"util.uuid".generate; local xmlns_stream = "http://etherx.jabber.org/streams"; @@ -20,6 +21,7 @@ local dialback_requests = setmetatable({}, { __mode = 'v' }); local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); +local dwd = module:get_option_boolean("dialback_without_dialback", false); function module.save() return { dialback_secret = dialback_secret }; @@ -80,6 +82,14 @@ local attr = stanza.attr; local to, from = nameprep(attr.to), nameprep(attr.from); + if check_cert_status(origin, from) == false then + return + elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then + origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); + module:fire_event("s2s-authenticated", { session = origin, host = from }); + return true; + end + if not hosts[to] then -- Not a host that we serve origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to); diff -r 4b0172dc5e3a -r 2fdd71b08126 plugins/mod_s2s/mod_s2s.lua --- a/plugins/mod_s2s/mod_s2s.lua Thu Jul 03 15:38:53 2014 +0200 +++ b/plugins/mod_s2s/mod_s2s.lua Fri Jul 04 21:48:25 2014 +0200 @@ -235,7 +235,7 @@ end --- Helper to check that a session peer's certificate is valid -local function check_cert_status(session) +function check_cert_status(session) local host = session.direction == "outgoing" and session.to_host or session.from_host local conn = session.conn:socket() local cert