diff options
Diffstat (limited to 'core/stanza_router.lua')
-rw-r--r-- | core/stanza_router.lua | 81 |
1 files changed, 70 insertions, 11 deletions
diff --git a/core/stanza_router.lua b/core/stanza_router.lua index 52ab20e8..2dcd612f 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -9,9 +9,14 @@ local log = require "util.logger".init("stanzarouter") local st = require "util.stanza"; local send = require "core.sessionmanager".send_to_session; --- local send_s2s = require "core.s2smanager".send_to_host; +local send_s2s = require "core.s2smanager".send_to_host; local user_exists = require "core.usermanager".user_exists; +local s2s_verify_dialback = require "core.s2smanager".verify_dialback; +local s2s_make_authenticated = require "core.s2smanager".make_authenticated; +local format = string.format; +local tostring = tostring; + local jid_split = require "util.jid".split; local print = print; @@ -21,7 +26,7 @@ function core_process_stanza(origin, stanza) if stanza.name == "iq" and not(#stanza.tags == 1 and stanza.tags[1].attr.xmlns) then if stanza.attr.type == "set" or stanza.attr.type == "get" then error("Invalid IQ"); - elseif #stanza.tags > 1 or not(stanza.attr.type == "error" or stanza.attr.type == "result") then + elseif #stanza.tags > 1 and not(stanza.attr.type == "error" or stanza.attr.type == "result") then error("Invalid IQ"); end end @@ -33,17 +38,18 @@ function core_process_stanza(origin, stanza) end local to = stanza.attr.to; - stanza.attr.from = origin.full_jid; -- quick fix to prevent impersonation (FIXME this would be incorrect when the origin is not c2s) -- TODO also, stazas should be returned to their original state before the function ends + if origin.type == "c2s" then + stanza.attr.from = origin.full_jid; -- quick fix to prevent impersonation (FIXME this would be incorrect when the origin is not c2s) + end - -- TODO presence subscriptions if not to then core_handle_stanza(origin, stanza); elseif hosts[to] and hosts[to].type == "local" then core_handle_stanza(origin, stanza); elseif stanza.name == "iq" and not select(3, jid_split(to)) then core_handle_stanza(origin, stanza); - elseif origin.type == "c2s" then + elseif origin.type == "c2s" or origin.type == "s2sin" then core_route_stanza(origin, stanza); end end @@ -98,6 +104,58 @@ function core_handle_stanza(origin, stanza) log("debug", "Routing stanza to local"); handle_stanza(session, stanza); end + elseif origin.type == "s2sin_unauthed" or origin.type == "s2sin" then + if stanza.attr.xmlns == "jabber:server:dialback" then + if stanza.name == "verify" then + -- We are being asked to verify the key, to ensure it was generated by us + log("debug", "verifying dialback key..."); + local attr = stanza.attr; + print(tostring(attr.to), tostring(attr.from)) + print(tostring(origin.to_host), tostring(origin.from_host)) + -- FIXME: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34 + --if attr.from ~= origin.to_host then error("invalid-from"); end + local type = "invalid"; + if s2s_verify_dialback(attr.id, attr.from, attr.to, stanza[1]) then + type = "valid" + end + origin.send(format("<db:verify from='%s' to='%s' id='%s' type='%s'>%s</db:verify>", attr.to, attr.from, attr.id, type, stanza[1])); + elseif stanza.name == "result" and origin.type == "s2sin_unauthed" then + -- he wants to be identified through dialback + -- We need to check the key with the Authoritative server + local attr = stanza.attr; + origin.from_host = attr.from; + origin.to_host = attr.to; + origin.dialback_key = stanza[1]; + log("debug", "asking %s if key %s belongs to them", attr.from, stanza[1]); + send_s2s(attr.to, attr.from, format("<db:verify from='%s' to='%s' id='%s'>%s</db:verify>", attr.to, attr.from, origin.streamid, stanza[1])); + hosts[attr.from].dialback_verifying = origin; + end + end + elseif origin.type == "s2sout_unauthed" or origin.type == "s2sout" then + if stanza.attr.xmlns == "jabber:server:dialback" then + if stanza.name == "result" then + if stanza.attr.type == "valid" then + s2s_make_authenticated(origin); + else + -- FIXME + error("dialback failed!"); + end + elseif stanza.name == "verify" and origin.dialback_verifying then + local valid; + local attr = stanza.attr; + if attr.type == "valid" then + s2s_make_authenticated(origin.dialback_verifying); + valid = "valid"; + else + -- Warn the original connection that is was not verified successfully + log("warn", "dialback for "..(origin.dialback_verifying.from_host or "(unknown)").." failed"); + valid = "invalid"; + end + origin.dialback_verifying.send(format("<db:result from='%s' to='%s' id='%s' type='%s'>%s</db:result>", attr.from, attr.to, attr.id, valid, origin.dialback_verifying.dialback_key)); + end + end + else + log("warn", "Unhandled origin: %s", origin.type); end end @@ -202,13 +260,14 @@ function core_route_stanza(origin, stanza) end end end - else + elseif origin.type == "c2s" then -- Remote host - if host_session then - -- Send to session - else - -- Need to establish the connection - end + --stanza.attr.xmlns = "jabber:server"; + stanza.attr.xmlns = nil; + log("debug", "sending s2s stanza: %s", tostring(stanza)); + send_s2s(origin.host, host, stanza); + else + log("warn", "received stanza from unhandled connection type: %s", origin.type); end stanza.attr.to = to; -- reset end |