From 1440be730c44897aa5f1aed4cf7d7f87e4489334 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jul 2014 21:48:25 +0200 Subject: mod_dialback: Short-circuit dialback auth if certificate is considered valid --- plugins/mod_dialback.lua | 10 ++++++++++ plugins/mod_s2s/mod_s2s.lua | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index 2959358b..fa6b6dbc 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -13,6 +13,7 @@ local log = module._log; local st = require "util.stanza"; local sha256_hash = require "util.hashes".sha256; local nameprep = require "util.encodings".stringprep.nameprep; +local check_cert_status = module:depends"s2s".check_cert_status; local uuid_gen = require"util.uuid".generate; local xmlns_stream = "http://etherx.jabber.org/streams"; @@ -20,6 +21,7 @@ local xmlns_stream = "http://etherx.jabber.org/streams"; local dialback_requests = setmetatable({}, { __mode = 'v' }); local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); +local dwd = module:get_option_boolean("dialback_without_dialback", false); function module.save() return { dialback_secret = dialback_secret }; @@ -80,6 +82,14 @@ module:hook("stanza/jabber:server:dialback:result", function(event) local attr = stanza.attr; local to, from = nameprep(attr.to), nameprep(attr.from); + if check_cert_status(origin, from) == false then + return + elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then + origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); + module:fire_event("s2s-authenticated", { session = origin, host = from }); + return true; + end + if not hosts[to] then -- Not a host that we serve origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to); diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 3de59d35..e704c25a 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -235,7 +235,7 @@ function make_authenticated(event) end --- Helper to check that a session peer's certificate is valid -local function check_cert_status(session) +function check_cert_status(session) local host = session.direction == "outgoing" and session.to_host or session.from_host local conn = session.conn:socket() local cert -- cgit v1.2.3