diff options
author | Kim Alvefur <zash@zash.se> | 2014-07-04 21:48:25 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2014-07-04 21:48:25 +0200 |
commit | 5abddcbf78e80ac97a20493640ca7b2808cb0788 (patch) | |
tree | 874e0fc462eefbf29dcbed417e8fe785178e8d9d | |
parent | f5517dad054cf489f74a8aaecb00dfa4054d1f24 (diff) | |
download | prosody-5abddcbf78e80ac97a20493640ca7b2808cb0788.tar.gz prosody-5abddcbf78e80ac97a20493640ca7b2808cb0788.zip |
mod_dialback: Short-circuit dialback auth if certificate is considered valid
-rw-r--r-- | plugins/mod_dialback.lua | 10 | ||||
-rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index 2959358b..fa6b6dbc 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -13,6 +13,7 @@ local log = module._log; local st = require "util.stanza"; local sha256_hash = require "util.hashes".sha256; local nameprep = require "util.encodings".stringprep.nameprep; +local check_cert_status = module:depends"s2s".check_cert_status; local uuid_gen = require"util.uuid".generate; local xmlns_stream = "http://etherx.jabber.org/streams"; @@ -20,6 +21,7 @@ local xmlns_stream = "http://etherx.jabber.org/streams"; local dialback_requests = setmetatable({}, { __mode = 'v' }); local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); +local dwd = module:get_option_boolean("dialback_without_dialback", false); function module.save() return { dialback_secret = dialback_secret }; @@ -80,6 +82,14 @@ module:hook("stanza/jabber:server:dialback:result", function(event) local attr = stanza.attr; local to, from = nameprep(attr.to), nameprep(attr.from); + if check_cert_status(origin, from) == false then + return + elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then + origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); + module:fire_event("s2s-authenticated", { session = origin, host = from }); + return true; + end + if not hosts[to] then -- Not a host that we serve origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to); diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 3de59d35..e704c25a 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -235,7 +235,7 @@ function make_authenticated(event) end --- Helper to check that a session peer's certificate is valid -local function check_cert_status(session) +function check_cert_status(session) local host = session.direction == "outgoing" and session.to_host or session.from_host local conn = session.conn:socket() local cert |