aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/adhoc/adhoc.lib.lua7
-rw-r--r--plugins/mod_dialback.lua25
-rw-r--r--plugins/mod_lastactivity.lua3
-rw-r--r--plugins/mod_legacyauth.lua7
-rw-r--r--plugins/mod_presence.lua8
-rw-r--r--plugins/mod_s2s/mod_s2s.lua2
-rw-r--r--plugins/mod_saslauth.lua2
-rw-r--r--plugins/mod_tls.lua34
8 files changed, 56 insertions, 32 deletions
diff --git a/plugins/adhoc/adhoc.lib.lua b/plugins/adhoc/adhoc.lib.lua
index b544ddc8..5c90c91b 100644
--- a/plugins/adhoc/adhoc.lib.lua
+++ b/plugins/adhoc/adhoc.lib.lua
@@ -25,12 +25,13 @@ function _M.new(name, node, handler, permission)
end
function _M.handle_cmd(command, origin, stanza)
- local sessionid = stanza.tags[1].attr.sessionid or uuid.generate();
+ local cmdtag = stanza.tags[1]
+ local sessionid = cmdtag.attr.sessionid or uuid.generate();
local dataIn = {};
dataIn.to = stanza.attr.to;
dataIn.from = stanza.attr.from;
- dataIn.action = stanza.tags[1].attr.action or "execute";
- dataIn.form = stanza.tags[1]:child_with_ns("jabber:x:data");
+ dataIn.action = cmdtag.attr.action or "execute";
+ dataIn.form = cmdtag:get_child("x", "jabber:x:data");
local data, state = command:handler(dataIn, states[sessionid]);
states[sessionid] = state;
diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua
index 8d2bbd8f..15e24281 100644
--- a/plugins/mod_dialback.lua
+++ b/plugins/mod_dialback.lua
@@ -13,13 +13,26 @@ local log = module._log;
local st = require "util.stanza";
local sha256_hash = require "util.hashes".sha256;
local nameprep = require "util.encodings".stringprep.nameprep;
+local check_cert_status = module:depends"s2s".check_cert_status;
+local uuid_gen = require"util.uuid".generate;
local xmlns_stream = "http://etherx.jabber.org/streams";
local dialback_requests = setmetatable({}, { __mode = 'v' });
+local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen());
+local dwd = module:get_option_boolean("dialback_without_dialback", false);
+
+function module.save()
+ return { dialback_secret = dialback_secret };
+end
+
+function module.restore(state)
+ dialback_secret = state.dialback_secret;
+end
+
function generate_dialback(id, to, from)
- return sha256_hash(id..to..from..hosts[from].dialback_secret, true);
+ return sha256_hash(id..to..dialback_secret, true);
end
function initiate_dialback(session)
@@ -69,6 +82,16 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
local attr = stanza.attr;
local to, from = nameprep(attr.to), nameprep(attr.from);
+ if origin.secure then
+ if check_cert_status(origin, from) == false then
+ return
+ elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then
+ origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" }));
+ module:fire_event("s2s-authenticated", { session = origin, host = from });
+ return true;
+ end
+ end
+
if not hosts[to] then
-- Not a host that we serve
origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
diff --git a/plugins/mod_lastactivity.lua b/plugins/mod_lastactivity.lua
index fabf07b4..2dd61699 100644
--- a/plugins/mod_lastactivity.lua
+++ b/plugins/mod_lastactivity.lua
@@ -19,8 +19,7 @@ module:hook("pre-presence/bare", function(event)
local stanza = event.stanza;
if not(stanza.attr.to) and stanza.attr.type == "unavailable" then
local t = os.time();
- local s = stanza:child_with_name("status");
- s = s and #s.tags == 0 and s[1] or "";
+ local s = stanza:get_child_text("status");
map[event.origin.username] = {s = s, t = t};
end
end, 10);
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index cb5ce0d3..54cbec24 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -44,9 +44,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event)
return true;
end
- local username = stanza.tags[1]:child_with_name("username");
- local password = stanza.tags[1]:child_with_name("password");
- local resource = stanza.tags[1]:child_with_name("resource");
+ local query = stanza.tags[1];
+ local username = query:get_child("username");
+ local password = query:get_child("password");
+ local resource = query:get_child("resource");
if not (username and password and resource) then
local reply = st.reply(stanza);
session.send(reply:query("jabber:iq:auth")
diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua
index 32a25b59..9e8f37db 100644
--- a/plugins/mod_presence.lua
+++ b/plugins/mod_presence.lua
@@ -55,14 +55,14 @@ local ignore_presence_priority = module:get_option("ignore_presence_priority");
function handle_normal_presence(origin, stanza)
if ignore_presence_priority then
- local priority = stanza:child_with_name("priority");
+ local priority = stanza:get_child("priority");
if priority and priority[1] ~= "0" then
for i=#priority.tags,1,-1 do priority.tags[i] = nil; end
for i=#priority,1,-1 do priority[i] = nil; end
priority[1] = "0";
end
end
- local priority = stanza:child_with_name("priority");
+ local priority = stanza:get_child("priority");
if priority and #priority > 0 then
priority = t_concat(priority);
if s_find(priority, "^[+-]?[0-9]+$") then
@@ -90,6 +90,7 @@ function handle_normal_presence(origin, stanza)
end
end
if stanza.attr.type == nil and not origin.presence then -- initial presence
+ module:fire_event("presence/initial", { origin = origin, stanza = stanza } );
origin.presence = stanza; -- FIXME repeated later
local probe = st.presence({from = origin.full_jid, type = "probe"});
for jid, item in pairs(roster) do -- probe all contacts we are subscribed to
@@ -137,9 +138,6 @@ function handle_normal_presence(origin, stanza)
origin.directed = nil;
end
else
- if not origin.presence then
- module:fire_event("presence/initial", { origin = origin, stanza = stanza } );
- end
origin.presence = stanza;
stanza:tag("delay", { xmlns = "urn:xmpp:delay", from = host, stamp = datetime.datetime() }):up();
if origin.priority ~= priority then
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 3de59d35..e704c25a 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -235,7 +235,7 @@ function make_authenticated(event)
end
--- Helper to check that a session peer's certificate is valid
-local function check_cert_status(session)
+function check_cert_status(session)
local host = session.direction == "outgoing" and session.to_host or session.from_host
local conn = session.conn:socket()
local cert
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index df60aefa..a07c5fd2 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -284,7 +284,7 @@ module:hook("iq/self/urn:ietf:params:xml:ns:xmpp-bind:bind", function(event)
local resource;
if stanza.attr.type == "set" then
local bind = stanza.tags[1];
- resource = bind:child_with_name("resource");
+ resource = bind:get_child("resource");
resource = resource and #resource.tags == 0 and resource[1] or nil;
end
local success, err_type, err, err_msg = sm_bind_resource(origin, resource);
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 7c3d79be..351aaffc 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -6,7 +6,6 @@
-- COPYING file in the source package for more information.
--
-local config = require "core.configmanager";
local create_context = require "core.certmanager".create_context;
local st = require "util.stanza";
@@ -34,23 +33,26 @@ local host = hosts[module.host];
local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
do
- local function get_ssl_cfg(typ)
- local cfg_key = (typ and typ.."_" or "").."ssl";
- local ssl_config = config.rawget(module.host, cfg_key);
- if not ssl_config then
- local base_host = module.host:match("%.(.*)");
- ssl_config = config.get(base_host, cfg_key);
- end
- return ssl_config or typ and get_ssl_cfg();
- end
+ local NULL, err = {};
+ local global = module:context("*");
+ local parent = module:context(module.host:match("%.(.*)$"));
+
+ local parent_ssl = parent:get_option("ssl");
+ local host_ssl = module:get_option("ssl", parent_ssl);
+
+ local global_c2s = global:get_option("c2s_ssl", NULL);
+ local parent_c2s = parent:get_option("c2s_ssl", NULL);
+ local host_c2s = module:get_option("c2s_ssl", parent_c2s);
+
+ local global_s2s = global:get_option("s2s_ssl", NULL);
+ local parent_s2s = parent:get_option("s2s_ssl", NULL);
+ local host_s2s = module:get_option("s2s_ssl", parent_s2s);
- local ssl_config, err = get_ssl_cfg("c2s");
- ssl_ctx_c2s, err = create_context(host.host, "server", ssl_config); -- for incoming client connections
+ ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
if err then module:log("error", "Error creating context for c2s: %s", err); end
- ssl_config = get_ssl_cfg("s2s");
- ssl_ctx_s2sin, err = create_context(host.host, "server", ssl_config); -- for incoming server connections
- ssl_ctx_s2sout = create_context(host.host, "client", ssl_config); -- for outgoing server connections
+ ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
+ ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue
end
@@ -106,7 +108,7 @@ end);
-- For s2sout connections, start TLS if we can
module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
module:log("debug", "Received features element");
- if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then
+ if can_do_tls(session) and stanza:get_child("starttls", xmlns_starttls) then
module:log("debug", "%s is offering TLS, taking up the offer...", session.to_host);
session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
return true;