aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2014-07-04 21:48:25 +0200
committerKim Alvefur <zash@zash.se>2014-07-04 21:48:25 +0200
commit1440be730c44897aa5f1aed4cf7d7f87e4489334 (patch)
tree874e0fc462eefbf29dcbed417e8fe785178e8d9d
parent59ef50532cbedbf9ddd883f5817c09463eef5d12 (diff)
downloadprosody-1440be730c44897aa5f1aed4cf7d7f87e4489334.tar.gz
prosody-1440be730c44897aa5f1aed4cf7d7f87e4489334.zip
mod_dialback: Short-circuit dialback auth if certificate is considered valid
-rw-r--r--plugins/mod_dialback.lua10
-rw-r--r--plugins/mod_s2s/mod_s2s.lua2
2 files changed, 11 insertions, 1 deletions
diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua
index 2959358b..fa6b6dbc 100644
--- a/plugins/mod_dialback.lua
+++ b/plugins/mod_dialback.lua
@@ -13,6 +13,7 @@ local log = module._log;
local st = require "util.stanza";
local sha256_hash = require "util.hashes".sha256;
local nameprep = require "util.encodings".stringprep.nameprep;
+local check_cert_status = module:depends"s2s".check_cert_status;
local uuid_gen = require"util.uuid".generate;
local xmlns_stream = "http://etherx.jabber.org/streams";
@@ -20,6 +21,7 @@ local xmlns_stream = "http://etherx.jabber.org/streams";
local dialback_requests = setmetatable({}, { __mode = 'v' });
local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen());
+local dwd = module:get_option_boolean("dialback_without_dialback", false);
function module.save()
return { dialback_secret = dialback_secret };
@@ -80,6 +82,14 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
local attr = stanza.attr;
local to, from = nameprep(attr.to), nameprep(attr.from);
+ if check_cert_status(origin, from) == false then
+ return
+ elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then
+ origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" }));
+ module:fire_event("s2s-authenticated", { session = origin, host = from });
+ return true;
+ end
+
if not hosts[to] then
-- Not a host that we serve
origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 3de59d35..e704c25a 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -235,7 +235,7 @@ function make_authenticated(event)
end
--- Helper to check that a session peer's certificate is valid
-local function check_cert_status(session)
+function check_cert_status(session)
local host = session.direction == "outgoing" and session.to_host or session.from_host
local conn = session.conn:socket()
local cert