From d53df86e91cf56e780afc8a3975419ebec29be6f Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 10 Mar 2013 17:49:07 +0000 Subject: mod_s2s: Fire s2s-check-certificate event after validating a certificate, to allow plugins to override standard procedure --- plugins/mod_s2s/mod_s2s.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 1b0ae982..cabe8ea2 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -168,6 +168,7 @@ local function check_cert_status(session) end end end + module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert }); end --- XMPP stream event handlers -- cgit v1.2.3 From 5f13122f42087d5f052e0a9be03610c8a1fbd191 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 11 Mar 2013 21:39:15 +0100 Subject: mod_s2s: Make sure host variable is reachable --- plugins/mod_s2s/mod_s2s.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index cabe8ea2..74014457 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -136,6 +136,7 @@ end --- Helper to check that a session peer's certificate is valid local function check_cert_status(session) + local host = session.direction == "incoming" and session.from_host or session.to_host local conn = session.conn:socket() local cert if conn.getpeercertificate then @@ -155,8 +156,6 @@ local function check_cert_status(session) (session.log or log)("debug", "certificate chain validation result: valid"); session.cert_chain_status = "valid"; - local host = session.direction == "incoming" and session.from_host or session.to_host - -- We'll go ahead and verify the asserted identity if the -- connecting server specified one. if host then -- cgit v1.2.3 From b1e980e67b54a71dda661ec91e351cd5b60ce78b Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 12 Mar 2013 12:30:08 +0000 Subject: mod_s2s: Do not include xmlns:db declaration in stream header if mod_dialback is not loaded --- plugins/mod_s2s/mod_s2s.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 74014457..6d4900fa 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -249,7 +249,8 @@ function stream_callbacks.streamopened(session, attr) if session.secure and not session.cert_chain_status then check_cert_status(session); end send(""); - send(st.stanza("stream:stream", { xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback', + send(st.stanza("stream:stream", { xmlns='jabber:server', + ["xmlns:db"]= hosts[to].modules.dialback and 'jabber:server:dialback' or nil, ["xmlns:stream"]='http://etherx.jabber.org/streams', id=session.streamid, from=to, to=from, version=(session.version > 0 and "1.0" or nil) }):top_tag()); if session.version >= 1.0 then local features = st.stanza("stream:features"); -- cgit v1.2.3