diff options
author | Kim Alvefur <zash@zash.se> | 2014-07-04 23:05:27 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2014-07-04 23:05:27 +0200 |
commit | 4ee00880c225db985b26614eeb0b3d0d39487c99 (patch) | |
tree | 41f4db74c0b05563f71d07478a4d8b3c106359af /plugins | |
parent | 6c75e23434fd4ba3eed580582ade3ad8337fd585 (diff) | |
parent | 260fc78e4095f1e4ed74d4e76dc1eb23713bacf1 (diff) | |
download | prosody-4ee00880c225db985b26614eeb0b3d0d39487c99.tar.gz prosody-4ee00880c225db985b26614eeb0b3d0d39487c99.zip |
Merge 0.10->trunk
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/adhoc/adhoc.lib.lua | 7 | ||||
-rw-r--r-- | plugins/mod_dialback.lua | 25 | ||||
-rw-r--r-- | plugins/mod_lastactivity.lua | 3 | ||||
-rw-r--r-- | plugins/mod_legacyauth.lua | 7 | ||||
-rw-r--r-- | plugins/mod_presence.lua | 8 | ||||
-rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 2 | ||||
-rw-r--r-- | plugins/mod_saslauth.lua | 2 | ||||
-rw-r--r-- | plugins/mod_tls.lua | 34 |
8 files changed, 56 insertions, 32 deletions
diff --git a/plugins/adhoc/adhoc.lib.lua b/plugins/adhoc/adhoc.lib.lua index b544ddc8..5c90c91b 100644 --- a/plugins/adhoc/adhoc.lib.lua +++ b/plugins/adhoc/adhoc.lib.lua @@ -25,12 +25,13 @@ function _M.new(name, node, handler, permission) end function _M.handle_cmd(command, origin, stanza) - local sessionid = stanza.tags[1].attr.sessionid or uuid.generate(); + local cmdtag = stanza.tags[1] + local sessionid = cmdtag.attr.sessionid or uuid.generate(); local dataIn = {}; dataIn.to = stanza.attr.to; dataIn.from = stanza.attr.from; - dataIn.action = stanza.tags[1].attr.action or "execute"; - dataIn.form = stanza.tags[1]:child_with_ns("jabber:x:data"); + dataIn.action = cmdtag.attr.action or "execute"; + dataIn.form = cmdtag:get_child("x", "jabber:x:data"); local data, state = command:handler(dataIn, states[sessionid]); states[sessionid] = state; diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index 8d2bbd8f..15e24281 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -13,13 +13,26 @@ local log = module._log; local st = require "util.stanza"; local sha256_hash = require "util.hashes".sha256; local nameprep = require "util.encodings".stringprep.nameprep; +local check_cert_status = module:depends"s2s".check_cert_status; +local uuid_gen = require"util.uuid".generate; local xmlns_stream = "http://etherx.jabber.org/streams"; local dialback_requests = setmetatable({}, { __mode = 'v' }); +local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); +local dwd = module:get_option_boolean("dialback_without_dialback", false); + +function module.save() + return { dialback_secret = dialback_secret }; +end + +function module.restore(state) + dialback_secret = state.dialback_secret; +end + function generate_dialback(id, to, from) - return sha256_hash(id..to..from..hosts[from].dialback_secret, true); + return sha256_hash(id..to..dialback_secret, true); end function initiate_dialback(session) @@ -69,6 +82,16 @@ module:hook("stanza/jabber:server:dialback:result", function(event) local attr = stanza.attr; local to, from = nameprep(attr.to), nameprep(attr.from); + if origin.secure then + if check_cert_status(origin, from) == false then + return + elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then + origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); + module:fire_event("s2s-authenticated", { session = origin, host = from }); + return true; + end + end + if not hosts[to] then -- Not a host that we serve origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to); diff --git a/plugins/mod_lastactivity.lua b/plugins/mod_lastactivity.lua index fabf07b4..2dd61699 100644 --- a/plugins/mod_lastactivity.lua +++ b/plugins/mod_lastactivity.lua @@ -19,8 +19,7 @@ module:hook("pre-presence/bare", function(event) local stanza = event.stanza; if not(stanza.attr.to) and stanza.attr.type == "unavailable" then local t = os.time(); - local s = stanza:child_with_name("status"); - s = s and #s.tags == 0 and s[1] or ""; + local s = stanza:get_child_text("status"); map[event.origin.username] = {s = s, t = t}; end end, 10); diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index cb5ce0d3..54cbec24 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -44,9 +44,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event) return true; end - local username = stanza.tags[1]:child_with_name("username"); - local password = stanza.tags[1]:child_with_name("password"); - local resource = stanza.tags[1]:child_with_name("resource"); + local query = stanza.tags[1]; + local username = query:get_child("username"); + local password = query:get_child("password"); + local resource = query:get_child("resource"); if not (username and password and resource) then local reply = st.reply(stanza); session.send(reply:query("jabber:iq:auth") diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index 32a25b59..9e8f37db 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -55,14 +55,14 @@ local ignore_presence_priority = module:get_option("ignore_presence_priority"); function handle_normal_presence(origin, stanza) if ignore_presence_priority then - local priority = stanza:child_with_name("priority"); + local priority = stanza:get_child("priority"); if priority and priority[1] ~= "0" then for i=#priority.tags,1,-1 do priority.tags[i] = nil; end for i=#priority,1,-1 do priority[i] = nil; end priority[1] = "0"; end end - local priority = stanza:child_with_name("priority"); + local priority = stanza:get_child("priority"); if priority and #priority > 0 then priority = t_concat(priority); if s_find(priority, "^[+-]?[0-9]+$") then @@ -90,6 +90,7 @@ function handle_normal_presence(origin, stanza) end end if stanza.attr.type == nil and not origin.presence then -- initial presence + module:fire_event("presence/initial", { origin = origin, stanza = stanza } ); origin.presence = stanza; -- FIXME repeated later local probe = st.presence({from = origin.full_jid, type = "probe"}); for jid, item in pairs(roster) do -- probe all contacts we are subscribed to @@ -137,9 +138,6 @@ function handle_normal_presence(origin, stanza) origin.directed = nil; end else - if not origin.presence then - module:fire_event("presence/initial", { origin = origin, stanza = stanza } ); - end origin.presence = stanza; stanza:tag("delay", { xmlns = "urn:xmpp:delay", from = host, stamp = datetime.datetime() }):up(); if origin.priority ~= priority then diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 3de59d35..e704c25a 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -235,7 +235,7 @@ function make_authenticated(event) end --- Helper to check that a session peer's certificate is valid -local function check_cert_status(session) +function check_cert_status(session) local host = session.direction == "outgoing" and session.to_host or session.from_host local conn = session.conn:socket() local cert diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index df60aefa..a07c5fd2 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -284,7 +284,7 @@ module:hook("iq/self/urn:ietf:params:xml:ns:xmpp-bind:bind", function(event) local resource; if stanza.attr.type == "set" then local bind = stanza.tags[1]; - resource = bind:child_with_name("resource"); + resource = bind:get_child("resource"); resource = resource and #resource.tags == 0 and resource[1] or nil; end local success, err_type, err, err_msg = sm_bind_resource(origin, resource); diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 7c3d79be..351aaffc 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -6,7 +6,6 @@ -- COPYING file in the source package for more information. -- -local config = require "core.configmanager"; local create_context = require "core.certmanager".create_context; local st = require "util.stanza"; @@ -34,23 +33,26 @@ local host = hosts[module.host]; local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; do - local function get_ssl_cfg(typ) - local cfg_key = (typ and typ.."_" or "").."ssl"; - local ssl_config = config.rawget(module.host, cfg_key); - if not ssl_config then - local base_host = module.host:match("%.(.*)"); - ssl_config = config.get(base_host, cfg_key); - end - return ssl_config or typ and get_ssl_cfg(); - end + local NULL, err = {}; + local global = module:context("*"); + local parent = module:context(module.host:match("%.(.*)$")); + + local parent_ssl = parent:get_option("ssl"); + local host_ssl = module:get_option("ssl", parent_ssl); + + local global_c2s = global:get_option("c2s_ssl", NULL); + local parent_c2s = parent:get_option("c2s_ssl", NULL); + local host_c2s = module:get_option("c2s_ssl", parent_c2s); + + local global_s2s = global:get_option("s2s_ssl", NULL); + local parent_s2s = parent:get_option("s2s_ssl", NULL); + local host_s2s = module:get_option("s2s_ssl", parent_s2s); - local ssl_config, err = get_ssl_cfg("c2s"); - ssl_ctx_c2s, err = create_context(host.host, "server", ssl_config); -- for incoming client connections + ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections if err then module:log("error", "Error creating context for c2s: %s", err); end - ssl_config = get_ssl_cfg("s2s"); - ssl_ctx_s2sin, err = create_context(host.host, "server", ssl_config); -- for incoming server connections - ssl_ctx_s2sout = create_context(host.host, "client", ssl_config); -- for outgoing server connections + ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections + ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue end @@ -106,7 +108,7 @@ end); -- For s2sout connections, start TLS if we can module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) module:log("debug", "Received features element"); - if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then + if can_do_tls(session) and stanza:get_child("starttls", xmlns_starttls) then module:log("debug", "%s is offering TLS, taking up the offer...", session.to_host); session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); return true; |