diff options
author | Matthew Wild <mwild1@gmail.com> | 2008-10-24 03:06:55 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2008-10-24 03:06:55 +0100 |
commit | eb8e9997e03f6b0c399af0a6f88ee85684c74d06 (patch) | |
tree | 10e5a34e49bfea82d6b36b751d47d5185505c75e /core | |
parent | 162e3fb849f47089ad6114041374d66d48638db3 (diff) | |
download | prosody-eb8e9997e03f6b0c399af0a6f88ee85684c74d06.tar.gz prosody-eb8e9997e03f6b0c399af0a6f88ee85684c74d06.zip |
dialback keys now verified
Diffstat (limited to 'core')
-rw-r--r-- | core/sessionmanager.lua | 2 | ||||
-rw-r--r-- | core/stanza_router.lua | 25 | ||||
-rw-r--r-- | core/xmlhandlers.lua | 19 |
3 files changed, 37 insertions, 9 deletions
diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index d140ebe0..682f12df 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -11,7 +11,7 @@ local sessions = sessions; local modulemanager = require "core.modulemanager"; local log = require "util.logger".init("sessionmanager"); local error = error; -local uuid_generate = require "util.uuid".uuid_generate; +local uuid_generate = require "util.uuid".generate; local rm_load_roster = require "core.rostermanager".load_roster; local newproxy = newproxy; diff --git a/core/stanza_router.lua b/core/stanza_router.lua index f18e706d..fd62a18e 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -12,6 +12,10 @@ local send = require "core.sessionmanager".send_to_session; local send_s2s = require "core.s2smanager".send_to_host; local user_exists = require "core.usermanager".user_exists; +local s2s_verify_dialback = require "core.s2smanager".verify_dialback; +local format = string.format; +local tostring = tostring; + local jid_split = require "util.jid".split; local print = print; @@ -33,10 +37,11 @@ function core_process_stanza(origin, stanza) end local to = stanza.attr.to; - stanza.attr.from = origin.full_jid; -- quick fix to prevent impersonation (FIXME this would be incorrect when the origin is not c2s) -- TODO also, stazas should be returned to their original state before the function ends + if origin.type == "c2s" then + stanza.attr.from = origin.full_jid; -- quick fix to prevent impersonation (FIXME this would be incorrect when the origin is not c2s) + end - -- TODO presence subscriptions if not to then core_handle_stanza(origin, stanza); elseif hosts[to] and hosts[to].type == "local" then @@ -90,6 +95,22 @@ function core_handle_stanza(origin, stanza) log("debug", "Routing stanza to local"); handle_stanza(session, stanza); end + elseif origin.type == "s2sin_unauthed" then + if stanza.name == "verify" and stanza.attr.xmlns == "jabber:server:dialback" then + log("debug", "verifying dialback key..."); + local attr = stanza.attr; + print(tostring(attr.to), tostring(attr.from)) + print(tostring(origin.to_host), tostring(origin.from_host)) + -- FIXME: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34 + --if attr.from ~= origin.to_host then error("invalid-from"); end + local type = "invalid"; + if s2s_verify_dialback(attr.id, attr.from, attr.to, stanza[1]) then + type = "valid" + end + origin.send(format("<db:verify from='%s' to='%s' id='%s' type='%s'>%s</db:verify>", attr.to, attr.from, attr.id, type, stanza[1])); + end + else + log("warn", "Unhandled origin: %s", origin.type); end end diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua index b1af299f..4187819c 100644 --- a/core/xmlhandlers.lua +++ b/core/xmlhandlers.lua @@ -11,6 +11,8 @@ local t_concat = table.concat; local t_concatall = function (t, sep) local tt = {}; for _, s in ipairs(t) do t_insert(tt, tostring(s)); end return t_concat(tt, sep); end local sm_destroy_session = import("core.sessionmanager", "destroy_session"); +local default_log = require "util.logger".init("xmlhandlers"); + local error = error; module "xmlhandlers" @@ -21,7 +23,7 @@ function init_xmlhandlers(session, streamopened) local curr_tag; local chardata = {}; local xml_handlers = {}; - local log = session.log; + local log = session.log or default_log; local print = function (...) log("info", "xmlhandlers", t_concatall({...}, "\t")); end local send = session.send; @@ -33,8 +35,11 @@ function init_xmlhandlers(session, streamopened) stanza:text(t_concat(chardata)); chardata = {}; end - curr_ns,name = name:match("^(.+):(%w+)$"); - if not stanza then + log("debug", "Start element: %s", tostring(name)); + curr_ns,name = name:match("^(.+):([%w%-]+)$"); + attr.xmlns = curr_ns; + + if not stanza then --if we are not currently inside a stanza if session.notopen then if name == "stream" then streamopened(session, attr); @@ -45,10 +50,10 @@ function init_xmlhandlers(session, streamopened) if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then error("Client sent invalid top-level stanza"); end - attr.xmlns = curr_ns; + stanza = st.stanza(name, attr); --{ to = attr.to, type = attr.type, id = attr.id, xmlns = curr_ns }); curr_tag = stanza; - else + else -- we are inside a stanza, so add a tag attr.xmlns = curr_ns; stanza:tag(name, attr); end @@ -59,12 +64,14 @@ function init_xmlhandlers(session, streamopened) end end function xml_handlers:EndElement(name) - curr_ns,name = name:match("^(.+):(%w+)$"); + curr_ns,name = name:match("^(.+):([%w%-]+)$"); if (not stanza) or #stanza.last_add < 0 or (#stanza.last_add > 0 and name ~= stanza.last_add[#stanza.last_add].name) then if name == "stream" then log("debug", "Stream closed"); sm_destroy_session(session); return; + elseif name == "error" then + error("Stream error: "..tostring(name)..": "..tostring(stanza)); else error("XML parse error in client stream"); end |