Software / code / prosody
Changeset
10458:602dd1e2f399
mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set
Prevents some weirdness in cases where no authentication is done
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 28 Nov 2019 18:57:17 +0100 |
| parents | 10457:0c44090cb168 |
| children | 10459:7456eaa83b15 |
| files | plugins/mod_s2s_bidi.lua |
| diffstat | 1 files changed, 5 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_s2s_bidi.lua Thu Nov 28 18:30:30 2019 +0100 +++ b/plugins/mod_s2s_bidi.lua Thu Nov 28 18:57:17 2019 +0100 @@ -10,15 +10,17 @@ local xmlns_bidi_feature = "urn:xmpp:features:bidi" local xmlns_bidi = "urn:xmpp:bidi"; +local require_encryption = module:get_option_boolean("s2s_require_encryption", false); + module:hook("s2s-stream-features", function(event) local origin, features = event.origin, event.features; - if origin.type == "s2sin_unauthed" then + if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then features:tag("bidi", { xmlns = xmlns_bidi_feature }):up(); end end); module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza) - if session.type == "s2sout_unauthed" then + if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then local bidi = stanza:get_child("bidi", xmlns_bidi_feature); if bidi then session.incoming = true; @@ -29,7 +31,7 @@ end, 200); module:hook_tag("urn:xmpp:bidi", "bidi", function(session) - if session.type == "s2sin_unauthed" then + if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then session.log("debug", "Requested bidirectional stream"); session.outgoing = true; return true;
