diff options
author | Matthew Wild <mwild1@gmail.com> | 2008-12-13 17:43:52 +0000 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2008-12-13 17:43:52 +0000 |
commit | 2e83fd69f77f90552c27526f4899e6c1fed18549 (patch) | |
tree | 1554fd10e2b361d5d36e818b692e7bfd7f7607df /core | |
parent | f0b2f4177166520469599a9ee9a28a0314b1f26b (diff) | |
download | prosody-2e83fd69f77f90552c27526f4899e6c1fed18549.tar.gz prosody-2e83fd69f77f90552c27526f4899e6c1fed18549.zip |
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Diffstat (limited to 'core')
-rw-r--r-- | core/s2smanager.lua | 15 | ||||
-rw-r--r-- | core/stanza_router.lua | 17 |
2 files changed, 22 insertions, 10 deletions
diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 63aca5b5..fa38d5cb 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -47,6 +47,9 @@ local dialback_secret = sha256_hash(tostring{} .. math.random() .. socket.gettim local dns = require "net.dns"; +incoming_s2s = {}; +local incoming_s2s = incoming_s2s; + module "s2smanager" local function compare_srv_priorities(a,b) return a.priority < b.priority or a.weight < b.weight; end @@ -91,7 +94,7 @@ end local open_sessions = 0; function new_incoming(conn) - local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming" }; + local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} }; if true then session.trace = newproxy(true); getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; end; @@ -99,6 +102,7 @@ function new_incoming(conn) open_sessions = open_sessions + 1; local w, log = conn.write, logger_init("s2sin"..tostring(conn):match("[a-f0-9]+$")); session.sends2s = function (t) log("debug", "sending: %s", tostring(t)); w(tostring(t)); end + incoming_s2s[session] = true; return session; end @@ -239,11 +243,16 @@ function verify_dialback(id, to, from, key) return key == generate_dialback(id, to, from); end -function make_authenticated(session) +function make_authenticated(session, host) if session.type == "s2sout_unauthed" then session.type = "s2sout"; elseif session.type == "s2sin_unauthed" then session.type = "s2sin"; + if host then + session.hosts[host].authed = true; + end + elseif session.type == "s2sin" and host then + session.hosts[host].authed = true; else return false; end @@ -284,6 +293,8 @@ function destroy_session(session) if session.direction == "outgoing" then hosts[session.from_host].s2sout[session.to_host] = nil; + elseif session.direction == "incoming" then + incoming_s2s[session] = nil; end for k in pairs(session) do diff --git a/core/stanza_router.lua b/core/stanza_router.lua index 965c77ec..24eadedc 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -72,26 +72,27 @@ function core_process_stanza(origin, stanza) if origin.type == "c2s" then stanza.attr.from = origin.full_jid; end - local to = stanza.attr.to; + local to, xmlns = stanza.attr.to, stanza.attr.xmlns; local node, host, resource = jid_split(to); local to_bare = node and (node.."@"..host) or host; -- bare JID local from = stanza.attr.from; local from_node, from_host, from_resource = jid_split(from); local from_bare = from_node and (from_node.."@"..from_host) or from_host; -- bare JID - if origin.type == "s2sin" then - if origin.from_host ~= from_host then -- remote server trying to impersonate some other server? - log("warn", "Received a stanza claiming to be from %s, over a conn authed for %s!", from, origin.from_host); - return; -- FIXME what should we do here? does this work with subdomains? - end - end --[[if to and not(hosts[to]) and not(hosts[to_bare]) and (hosts[host] and hosts[host].type ~= "local") then -- not for us? log("warn", "stanza recieved for a non-local server"); return; -- FIXME what should we do here? end]] -- FIXME -- FIXME do stanzas not of jabber:client get handled by components? - if origin.type == "s2sin" or origin.type == "c2s" then + if (origin.type == "s2sin" or origin.type == "c2s") and (not xmlns or xmlns == "jabber:server" or xmlns == "jabber:client") then + if origin.type == "s2sin" then + local host_status = origin.hosts[from_host]; + if not host_status or not host_status.authed then -- remote server trying to impersonate some other server? + log("warn", "Received a stanza claiming to be from %s, over a conn authed for %s!", from_host, origin.from_host); + return; -- FIXME what should we do here? does this work with subdomains? + end + end if not to then core_handle_stanza(origin, stanza); elseif hosts[to] and hosts[to].type == "local" then -- directed at a local server |