From 3b2bde4646d3039cdb25fd847c0d756136a5c43c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 11:54:50 +0200 Subject: mod_presence: Move presence/initial event to correct place so it actually fires --- plugins/mod_presence.lua | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index 32a25b59..2577573c 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -90,6 +90,7 @@ function handle_normal_presence(origin, stanza) end end if stanza.attr.type == nil and not origin.presence then -- initial presence + module:fire_event("presence/initial", { origin = origin, stanza = stanza } ); origin.presence = stanza; -- FIXME repeated later local probe = st.presence({from = origin.full_jid, type = "probe"}); for jid, item in pairs(roster) do -- probe all contacts we are subscribed to @@ -137,9 +138,6 @@ function handle_normal_presence(origin, stanza) origin.directed = nil; end else - if not origin.presence then - module:fire_event("presence/initial", { origin = origin, stanza = stanza } ); - end origin.presence = stanza; stanza:tag("delay", { xmlns = "urn:xmpp:delay", from = host, stamp = datetime.datetime() }):up(); if origin.priority ~= priority then -- cgit v1.2.3 From 958d9530ea2211b545757a78904fef5276ec5483 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 15:27:49 +0200 Subject: util.sslconfig: Add lib to deal with LuaSec SSL context configs --- util/sslconfig.lua | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 util/sslconfig.lua diff --git a/util/sslconfig.lua b/util/sslconfig.lua new file mode 100644 index 00000000..98e61341 --- /dev/null +++ b/util/sslconfig.lua @@ -0,0 +1,87 @@ + +local handlers = { }; +local finalisers = { }; +local id = function (v) return v end + +function handlers.options(a, k, b) + local o = a[k] or { }; + if type(b) ~= "table" then b = { b } end + for k,v in pairs(b) do + if v == true or v == false then + o[k] = v; + else + o[v] = true; + end + end + a[k] = o; +end + +handlers.verify = handlers.options; +handlers.verifyext = handlers.options; + +function finalisers.options(a) + local o = {}; + for opt, enable in pairs(a) do + if enable then + o[#o+1] = opt; + end + end + return o; +end + +finalisers.verify = finalisers.options; +finalisers.verifyext = finalisers.options; + +function finalisers.ciphers(a) + if type(a) == "table" then + return table.concat(a, ":"); + end + return a; +end + +local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" }; +for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end + +local function protocol(a) + local min_protocol = protocols[a.protocol]; + if min_protocol then + a.protocol = "sslv23"; + for i = 1, min_protocol do + table.insert(a.options, "no_"..protocols[i]); + end + end +end + +local function apply(a, b) + if type(b) == "table" then + for k,v in pairs(b) do + (handlers[k] or rawset)(a, k, v); + end + end +end + +local function final(a) + local f = { }; + for k,v in pairs(a) do + f[k] = (finalisers[k] or id)(v); + end + protocol(f); + return f; +end + +local sslopts_mt = { + __index = { + apply = apply; + final = final; + }; +}; + +local function new() + return setmetatable({options={}}, sslopts_mt); +end + +return { + apply = apply; + final = final; + new = new; +}; -- cgit v1.2.3 From 851f3018e768077c707f987ee295a10e33e8a470 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 15:31:12 +0200 Subject: core.certmanager: Use util.sslconfig --- core/certmanager.lua | 85 +++++++++------------------------------------------- 1 file changed, 14 insertions(+), 71 deletions(-) diff --git a/core/certmanager.lua b/core/certmanager.lua index d6a59b9f..1c1518a6 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -10,13 +10,12 @@ local configmanager = require "core.configmanager"; local log = require "util.logger".init("certmanager"); local ssl = ssl; local ssl_newcontext = ssl and ssl.newcontext; +local new_config = require"util.sslconfig".new; local tostring = tostring; local pairs = pairs; local type = type; local io_open = io.open; -local t_concat = table.concat; -local t_insert = table.insert; local prosody = prosody; local resolve_path = require"util.paths".resolve_relative_path; @@ -55,9 +54,6 @@ local core_defaults = { local path_options = { -- These we pass through resolve_path() key = true, certificate = true, cafile = true, capath = true, dhparam = true } -local set_options = { - options = true, verify = true, verifyext = true -} if ssl and not luasec_has_verifyext and ssl.x509 then -- COMPAT mw/luasec-hg @@ -66,85 +62,32 @@ if ssl and not luasec_has_verifyext and ssl.x509 then end end -local function merge_set(t, o) - if type(t) ~= "table" then t = { t } end - for k,v in pairs(t) do - if v == true or v == false then - o[k] = v; - else - o[v] = true; - end - end - return o; -end - -local protocols = { "sslv2", "sslv3", "tlsv1", "tlsv1_1", "tlsv1_2" }; -for i = 1, #protocols do protocols[protocols[i] .. "+"] = i - 1; end - function create_context(host, mode, user_ssl_config) - user_ssl_config = user_ssl_config or {} - user_ssl_config.mode = mode; - if not ssl then return nil, "LuaSec (required for encryption) was not found"; end - if global_ssl_config then - for option,default_value in pairs(global_ssl_config) do - if user_ssl_config[option] == nil then - user_ssl_config[option] = default_value; - end - end - end + local cfg = new_config(); + cfg:apply(core_defaults); + cfg:apply(global_ssl_config); + cfg:apply({ + mode = mode, + -- We can't read the password interactively when daemonized + password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; + }); + cfg:apply(user_ssl_config); - for option,default_value in pairs(core_defaults) do - if user_ssl_config[option] == nil then - user_ssl_config[option] = default_value; - end - end - - for option in pairs(set_options) do - local merged = {}; - merge_set(core_defaults[option], merged); - if global_ssl_config then - merge_set(global_ssl_config[option], merged); - end - merge_set(user_ssl_config[option], merged); - local final_array = {}; - for opt, enable in pairs(merged) do - if enable then - final_array[#final_array+1] = opt; - end - end - user_ssl_config[option] = final_array; - end + user_ssl_config = cfg:final(); - local min_protocol = protocols[user_ssl_config.protocol]; - if min_protocol then - user_ssl_config.protocol = "sslv23"; - for i = 1, min_protocol do - t_insert(user_ssl_config.options, "no_"..protocols[i]); - end + if mode == "server" then + if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end + if not user_ssl_config.certificate then return nil, "No certificate present in SSL/TLS configuration for "..host; end end - -- We can't read the password interactively when daemonized - user_ssl_config.password = user_ssl_config.password or - function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; - for option in pairs(path_options) do if type(user_ssl_config[option]) == "string" then user_ssl_config[option] = resolve_path(config_path, user_ssl_config[option]); end end - -- Allow the cipher list to be a table - if type(user_ssl_config.ciphers) == "table" then - user_ssl_config.ciphers = t_concat(user_ssl_config.ciphers, ":") - end - - if mode == "server" then - if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end - if not user_ssl_config.certificate then return nil, "No certificate present in SSL/TLS configuration for "..host; end - end - -- LuaSec expects dhparam to be a callback that takes two arguments. -- We ignore those because it is mostly used for having a separate -- set of params for EXPORT ciphers, which we don't have by default. -- cgit v1.2.3 From 4dbcfd32b3e2760ffc56c0aeee4773957851d788 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 15:32:26 +0200 Subject: core.certmanager: Make create_context() support an arbitrary number of option sets, merging all --- core/certmanager.lua | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/core/certmanager.lua b/core/certmanager.lua index 1c1518a6..837fe231 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -16,6 +16,7 @@ local tostring = tostring; local pairs = pairs; local type = type; local io_open = io.open; +local select = select; local prosody = prosody; local resolve_path = require"util.paths".resolve_relative_path; @@ -62,7 +63,7 @@ if ssl and not luasec_has_verifyext and ssl.x509 then end end -function create_context(host, mode, user_ssl_config) +function create_context(host, mode, ...) if not ssl then return nil, "LuaSec (required for encryption) was not found"; end local cfg = new_config(); @@ -73,9 +74,11 @@ function create_context(host, mode, user_ssl_config) -- We can't read the password interactively when daemonized password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; }); - cfg:apply(user_ssl_config); - user_ssl_config = cfg:final(); + for i = select('#', ...), 1, -1 do + cfg:apply(select(i, ...)); + end + local user_ssl_config = cfg:final(); if mode == "server" then if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end -- cgit v1.2.3 From f8c626d10f9de9b157e581649967e4c99838afc3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 15:33:11 +0200 Subject: core.portmanager: Simplify and take advantage of new ssl config merging in certmanager --- core/portmanager.lua | 37 +++++++++---------------------------- 1 file changed, 9 insertions(+), 28 deletions(-) diff --git a/core/portmanager.lua b/core/portmanager.lua index 4cbf3eb3..bc2d4264 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -72,16 +72,6 @@ prosody.events.add_handler("item-removed/net-provider", function (event) unregister_service(item.name, item); end); -local function duplicate_ssl_config(ssl_config) - local ssl_config = type(ssl_config) == "table" and ssl_config or {}; - - local _config = {}; - for k, v in pairs(ssl_config) do - _config[k] = v; - end - return _config; -end - --- Public API function activate(service_name) @@ -127,24 +117,15 @@ function activate(service_name) local err; -- Create SSL context for this service/port if service_info.encryption == "ssl" then - local ssl_config = duplicate_ssl_config((config.get("*", config_prefix.."ssl") and config.get("*", config_prefix.."ssl")[interface]) - or (config.get("*", config_prefix.."ssl") and config.get("*", config_prefix.."ssl")[port]) - or config.get("*", config_prefix.."ssl") - or (config.get("*", "ssl") and config.get("*", "ssl")[interface]) - or (config.get("*", "ssl") and config.get("*", "ssl")[port]) - or config.get("*", "ssl")); - -- add default entries for, or override ssl configuration - if ssl_config and service_info.ssl_config then - for key, value in pairs(service_info.ssl_config) do - if not service_info.ssl_config_override and not ssl_config[key] then - ssl_config[key] = value; - elseif service_info.ssl_config_override then - ssl_config[key] = value; - end - end - end - - ssl, err = certmanager.create_context(service_info.name.." port "..port, "server", ssl_config); + local global_ssl_config = config.get("*", "ssl") or {}; + local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config; + ssl, err = certmanager.create_context(service_info.name.." port "..port, "server", + service_info.ssl_config or {}, + prefix_ssl_config[interface], + prefix_ssl_config[port], + prefix_ssl_config, + global_ssl_config[interface], + global_ssl_config[port]); if not ssl then log("error", "Error binding encrypted port for %s: %s", service_info.name, error_to_friendly_message(service_name, port_number, err) or "unknown error"); end -- cgit v1.2.3 From 93e9f09839263ce2c43c28f7d2b1c218f9935abb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 15:35:45 +0200 Subject: mod_tls: Simplify and use new ssl config merging in certmanager --- plugins/mod_tls.lua | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 7c3d79be..5ae083d4 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -6,7 +6,6 @@ -- COPYING file in the source package for more information. -- -local config = require "core.configmanager"; local create_context = require "core.certmanager".create_context; local st = require "util.stanza"; @@ -34,23 +33,26 @@ local host = hosts[module.host]; local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; do - local function get_ssl_cfg(typ) - local cfg_key = (typ and typ.."_" or "").."ssl"; - local ssl_config = config.rawget(module.host, cfg_key); - if not ssl_config then - local base_host = module.host:match("%.(.*)"); - ssl_config = config.get(base_host, cfg_key); - end - return ssl_config or typ and get_ssl_cfg(); - end + local NULL, err = {}; + local global = module:context("*"); + local parent = module:context(module.host:match("%.(.*)$")); + + local parent_ssl = parent:get_option("ssl"); + local host_ssl = module:get_option("ssl", parent_ssl); + + local global_c2s = global:get_option("c2s_ssl", NULL); + local parent_c2s = parent:get_option("c2s_ssl", NULL); + local host_c2s = module:get_option("c2s_ssl", parent_c2s); + + local global_s2s = global:get_option("s2s_ssl", NULL); + local parent_s2s = parent:get_option("s2s_ssl", NULL); + local host_s2s = module:get_option("s2s_ssl", parent_s2s); - local ssl_config, err = get_ssl_cfg("c2s"); - ssl_ctx_c2s, err = create_context(host.host, "server", ssl_config); -- for incoming client connections + ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections if err then module:log("error", "Error creating context for c2s: %s", err); end - ssl_config = get_ssl_cfg("s2s"); - ssl_ctx_s2sin, err = create_context(host.host, "server", ssl_config); -- for incoming server connections - ssl_ctx_s2sout = create_context(host.host, "client", ssl_config); -- for outgoing server connections + ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections + ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue end -- cgit v1.2.3 From 9398ba77f3a9abf825b3e7b4e57c4a0d1252a106 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 17:53:24 +0200 Subject: mod_register: get_child_text! (thanks Lloyd) --- plugins/mod_register.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 141a4997..3d7a068c 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -115,8 +115,8 @@ local function handle_registration_stanza(event) module:log("info", "User removed their account: %s@%s", username, host); module:fire_event("user-deregistered", { username = username, host = host, source = "mod_register", session = session }); else - local username = nodeprep(query:get_child("username"):get_text()); - local password = query:get_child("password"):get_text(); + local username = nodeprep(query:get_child_text("username")); + local password = query:get_child_text("password"); if username and password then if username == session.username then if usermanager_set_password(username, password, session.host) then -- cgit v1.2.3 From 1b9e46bd01b196fe7b1a2ed99d367da24b9f6bf5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 22 May 2014 15:21:22 +0200 Subject: hostmanager, mod_dialback: Move generation of dialback secret out of core --- core/hostmanager.lua | 1 - plugins/mod_dialback.lua | 5 ++++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/core/hostmanager.lua b/core/hostmanager.lua index 91b052d1..d10ecd30 100644 --- a/core/hostmanager.lua +++ b/core/hostmanager.lua @@ -74,7 +74,6 @@ function activate(host, host_config) host = host; s2sout = {}; events = events_new(); - dialback_secret = configmanager.get(host, "dialback_secret") or uuid_gen(); send = host_send; modules = {}; }; diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index 8d2bbd8f..b32160c4 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -13,13 +13,16 @@ local log = module._log; local st = require "util.stanza"; local sha256_hash = require "util.hashes".sha256; local nameprep = require "util.encodings".stringprep.nameprep; +local uuid_gen = require"util.uuid".generate; local xmlns_stream = "http://etherx.jabber.org/streams"; local dialback_requests = setmetatable({}, { __mode = 'v' }); +local dialback_secret = module.host .. (module:get_option_string("dialback_secret") or uuid_gen()); + function generate_dialback(id, to, from) - return sha256_hash(id..to..from..hosts[from].dialback_secret, true); + return sha256_hash(id..to..dialback_secret, true); end function initiate_dialback(session) -- cgit v1.2.3 From f5517dad054cf489f74a8aaecb00dfa4054d1f24 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 15:38:53 +0200 Subject: mod_dialback: Keep the same dialback secret across module reloads --- plugins/mod_dialback.lua | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index b32160c4..2959358b 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -19,7 +19,15 @@ local xmlns_stream = "http://etherx.jabber.org/streams"; local dialback_requests = setmetatable({}, { __mode = 'v' }); -local dialback_secret = module.host .. (module:get_option_string("dialback_secret") or uuid_gen()); +local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); + +function module.save() + return { dialback_secret = dialback_secret }; +end + +function module.restore(state) + dialback_secret = state.dialback_secret; +end function generate_dialback(id, to, from) return sha256_hash(id..to..dialback_secret, true); -- cgit v1.2.3 From 5abddcbf78e80ac97a20493640ca7b2808cb0788 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jul 2014 21:48:25 +0200 Subject: mod_dialback: Short-circuit dialback auth if certificate is considered valid --- plugins/mod_dialback.lua | 10 ++++++++++ plugins/mod_s2s/mod_s2s.lua | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index 2959358b..fa6b6dbc 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -13,6 +13,7 @@ local log = module._log; local st = require "util.stanza"; local sha256_hash = require "util.hashes".sha256; local nameprep = require "util.encodings".stringprep.nameprep; +local check_cert_status = module:depends"s2s".check_cert_status; local uuid_gen = require"util.uuid".generate; local xmlns_stream = "http://etherx.jabber.org/streams"; @@ -20,6 +21,7 @@ local xmlns_stream = "http://etherx.jabber.org/streams"; local dialback_requests = setmetatable({}, { __mode = 'v' }); local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen()); +local dwd = module:get_option_boolean("dialback_without_dialback", false); function module.save() return { dialback_secret = dialback_secret }; @@ -80,6 +82,14 @@ module:hook("stanza/jabber:server:dialback:result", function(event) local attr = stanza.attr; local to, from = nameprep(attr.to), nameprep(attr.from); + if check_cert_status(origin, from) == false then + return + elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then + origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); + module:fire_event("s2s-authenticated", { session = origin, host = from }); + return true; + end + if not hosts[to] then -- Not a host that we serve origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to); diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 3de59d35..e704c25a 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -235,7 +235,7 @@ function make_authenticated(event) end --- Helper to check that a session peer's certificate is valid -local function check_cert_status(session) +function check_cert_status(session) local host = session.direction == "outgoing" and session.to_host or session.from_host local conn = session.conn:socket() local cert -- cgit v1.2.3 From f56c435f182f95f0c1149083634a62b6e52a09c1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jul 2014 22:52:34 +0200 Subject: mod_lastactivity, mod_legacyauth, mod_presence, mod_saslauth, mod_tls: Use the newer stanza:get_child APIs and optimize away some table lookups --- plugins/adhoc/adhoc.lib.lua | 7 ++++--- plugins/mod_lastactivity.lua | 3 +-- plugins/mod_legacyauth.lua | 7 ++++--- plugins/mod_presence.lua | 4 ++-- plugins/mod_saslauth.lua | 2 +- plugins/mod_tls.lua | 2 +- 6 files changed, 13 insertions(+), 12 deletions(-) diff --git a/plugins/adhoc/adhoc.lib.lua b/plugins/adhoc/adhoc.lib.lua index b544ddc8..5c90c91b 100644 --- a/plugins/adhoc/adhoc.lib.lua +++ b/plugins/adhoc/adhoc.lib.lua @@ -25,12 +25,13 @@ function _M.new(name, node, handler, permission) end function _M.handle_cmd(command, origin, stanza) - local sessionid = stanza.tags[1].attr.sessionid or uuid.generate(); + local cmdtag = stanza.tags[1] + local sessionid = cmdtag.attr.sessionid or uuid.generate(); local dataIn = {}; dataIn.to = stanza.attr.to; dataIn.from = stanza.attr.from; - dataIn.action = stanza.tags[1].attr.action or "execute"; - dataIn.form = stanza.tags[1]:child_with_ns("jabber:x:data"); + dataIn.action = cmdtag.attr.action or "execute"; + dataIn.form = cmdtag:get_child("x", "jabber:x:data"); local data, state = command:handler(dataIn, states[sessionid]); states[sessionid] = state; diff --git a/plugins/mod_lastactivity.lua b/plugins/mod_lastactivity.lua index fabf07b4..2dd61699 100644 --- a/plugins/mod_lastactivity.lua +++ b/plugins/mod_lastactivity.lua @@ -19,8 +19,7 @@ module:hook("pre-presence/bare", function(event) local stanza = event.stanza; if not(stanza.attr.to) and stanza.attr.type == "unavailable" then local t = os.time(); - local s = stanza:child_with_name("status"); - s = s and #s.tags == 0 and s[1] or ""; + local s = stanza:get_child_text("status"); map[event.origin.username] = {s = s, t = t}; end end, 10); diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index cb5ce0d3..54cbec24 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -44,9 +44,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event) return true; end - local username = stanza.tags[1]:child_with_name("username"); - local password = stanza.tags[1]:child_with_name("password"); - local resource = stanza.tags[1]:child_with_name("resource"); + local query = stanza.tags[1]; + local username = query:get_child("username"); + local password = query:get_child("password"); + local resource = query:get_child("resource"); if not (username and password and resource) then local reply = st.reply(stanza); session.send(reply:query("jabber:iq:auth") diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index 2577573c..9e8f37db 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -55,14 +55,14 @@ local ignore_presence_priority = module:get_option("ignore_presence_priority"); function handle_normal_presence(origin, stanza) if ignore_presence_priority then - local priority = stanza:child_with_name("priority"); + local priority = stanza:get_child("priority"); if priority and priority[1] ~= "0" then for i=#priority.tags,1,-1 do priority.tags[i] = nil; end for i=#priority,1,-1 do priority[i] = nil; end priority[1] = "0"; end end - local priority = stanza:child_with_name("priority"); + local priority = stanza:get_child("priority"); if priority and #priority > 0 then priority = t_concat(priority); if s_find(priority, "^[+-]?[0-9]+$") then diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index df60aefa..a07c5fd2 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -284,7 +284,7 @@ module:hook("iq/self/urn:ietf:params:xml:ns:xmpp-bind:bind", function(event) local resource; if stanza.attr.type == "set" then local bind = stanza.tags[1]; - resource = bind:child_with_name("resource"); + resource = bind:get_child("resource"); resource = resource and #resource.tags == 0 and resource[1] or nil; end local success, err_type, err, err_msg = sm_bind_resource(origin, resource); diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 5ae083d4..351aaffc 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -108,7 +108,7 @@ end); -- For s2sout connections, start TLS if we can module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) module:log("debug", "Received features element"); - if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then + if can_do_tls(session) and stanza:get_child("starttls", xmlns_starttls) then module:log("debug", "%s is offering TLS, taking up the offer...", session.to_host); session.sends2s(""); return true; -- cgit v1.2.3 From 260fc78e4095f1e4ed74d4e76dc1eb23713bacf1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jul 2014 23:04:56 +0200 Subject: mod_dialback.lua: Only check certificates on secure connections --- plugins/mod_dialback.lua | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index fa6b6dbc..15e24281 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -82,12 +82,14 @@ module:hook("stanza/jabber:server:dialback:result", function(event) local attr = stanza.attr; local to, from = nameprep(attr.to), nameprep(attr.from); - if check_cert_status(origin, from) == false then - return - elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then - origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); - module:fire_event("s2s-authenticated", { session = origin, host = from }); - return true; + if origin.secure then + if check_cert_status(origin, from) == false then + return + elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then + origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" })); + module:fire_event("s2s-authenticated", { session = origin, host = from }); + return true; + end end if not hosts[to] then -- cgit v1.2.3