aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2013-03-28 12:17:15 +0000
committerMatthew Wild <mwild1@gmail.com>2013-03-28 12:17:15 +0000
commit0f44b53c15ed12d163902afaf93a88442d4c97d2 (patch)
tree3cea0291902a5fcdc82a59e5fe1747c4f8217900 /plugins
parent11a3a158eb42284dd3585e04439f38ee3e6d548c (diff)
parent64440086ea5ee8d2f1726f2101ced46d4f08b929 (diff)
downloadprosody-0f44b53c15ed12d163902afaf93a88442d4c97d2.tar.gz
prosody-0f44b53c15ed12d163902afaf93a88442d4c97d2.zip
Merge 0.9->trunk
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_s2s/mod_s2s.lua16
-rw-r--r--plugins/mod_s2s/s2sout.lib.lua6
2 files changed, 19 insertions, 3 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index ec969cc3..6893d184 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -80,6 +80,10 @@ function route_to_existing_session(event)
log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
return false;
end
+ if hosts[to_host] then
+ log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host);
+ return false;
+ end
local host = hosts[from_host].s2sout[to_host];
if host then
-- We have a connection to this host already
@@ -188,6 +192,9 @@ function make_authenticated(event)
});
end
end
+ if hosts[host] then
+ session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
+ end
if session.type == "s2sout_unauthed" then
session.type = "s2sout";
elseif session.type == "s2sin_unauthed" then
@@ -211,7 +218,7 @@ end
--- Helper to check that a session peer's certificate is valid
local function check_cert_status(session)
- local host = session.direction == "incoming" and session.from_host or session.to_host
+ local host = session.direction == "outgoing" and session.to_host or session.from_host
local conn = session.conn:socket()
local cert
if conn.getpeercertificate then
@@ -321,6 +328,11 @@ function stream_callbacks.streamopened(session, attr)
end
end
+ if hosts[from] then
+ session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" });
+ return;
+ end
+
if session.secure and not session.cert_chain_status then
if check_cert_status(session) == false then
return;
@@ -486,7 +498,7 @@ function session_open_stream(session, from, to)
from = from, to = to,
}
local local_host = session.direction == "outgoing" and from or to;
- if not local_host or hosts[local_host].modules.dialback then
+ if not local_host or (hosts[local_host] and hosts[local_host].modules.dialback) then
attr["xmlns:db"] = 'jabber:server:dialback';
end
diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua
index 5ebbee8e..a22846db 100644
--- a/plugins/mod_s2s/s2sout.lib.lua
+++ b/plugins/mod_s2s/s2sout.lib.lua
@@ -90,7 +90,7 @@ function s2sout.attempt_connection(host_session, err)
host_session.connecting = nil;
if answer and #answer > 0 then
log("debug", "%s has SRV records, handling...", to_host);
- local srv_hosts = {};
+ local srv_hosts = { answer = answer };
host_session.srv_hosts = srv_hosts;
for _, record in ipairs(answer) do
t_insert(srv_hosts, record.srv);
@@ -271,6 +271,10 @@ function s2sout.make_connect(host_session, connect_host, connect_port)
local from_host, to_host = host_session.from_host, host_session.to_host;
+ -- Reset secure flag in case this is another
+ -- connection attempt after a failed STARTTLS
+ host_session.secure = nil;
+
local conn, handler;
if connect_host.proto == "IPv4" then
conn, handler = socket.tcp();