aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_s2s_bidi.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-11-28 18:57:17 +0100
committerKim Alvefur <zash@zash.se>2019-11-28 18:57:17 +0100
commit53cde4a8a80379f244e09332114ea51964e172e1 (patch)
tree5cf7f744d06872dea175ff15752da594584dcff1 /plugins/mod_s2s_bidi.lua
parent61228e919ce13247321c04b6b32020d2652d58ba (diff)
downloadprosody-53cde4a8a80379f244e09332114ea51964e172e1.tar.gz
prosody-53cde4a8a80379f244e09332114ea51964e172e1.zip
mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set
Prevents some weirdness in cases where no authentication is done
Diffstat (limited to 'plugins/mod_s2s_bidi.lua')
-rw-r--r--plugins/mod_s2s_bidi.lua8
1 files changed, 5 insertions, 3 deletions
diff --git a/plugins/mod_s2s_bidi.lua b/plugins/mod_s2s_bidi.lua
index 67a48d8d..28e047de 100644
--- a/plugins/mod_s2s_bidi.lua
+++ b/plugins/mod_s2s_bidi.lua
@@ -10,15 +10,17 @@ local st = require "util.stanza";
local xmlns_bidi_feature = "urn:xmpp:features:bidi"
local xmlns_bidi = "urn:xmpp:bidi";
+local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
+
module:hook("s2s-stream-features", function(event)
local origin, features = event.origin, event.features;
- if origin.type == "s2sin_unauthed" then
+ if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then
features:tag("bidi", { xmlns = xmlns_bidi_feature }):up();
end
end);
module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza)
- if session.type == "s2sout_unauthed" then
+ if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then
local bidi = stanza:get_child("bidi", xmlns_bidi_feature);
if bidi then
session.incoming = true;
@@ -29,7 +31,7 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio
end, 200);
module:hook_tag("urn:xmpp:bidi", "bidi", function(session)
- if session.type == "s2sin_unauthed" then
+ if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then
session.log("debug", "Requested bidirectional stream");
session.outgoing = true;
return true;