1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
-- Prosody IM
-- Copyright (C) 2008-2009 Matthew Wild
-- Copyright (C) 2008-2009 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
if module:get_host_type() ~= "component" then
error("Don't load mod_component manually, it should be for a component, please see http://prosody.im/doc/components", 0);
end
local hosts = _G.hosts;
local t_concat = table.concat;
local lxp = require "lxp";
local logger = require "util.logger";
local config = require "core.configmanager";
local connlisteners = require "net.connlisteners";
local cm_register_component = require "core.componentmanager".register_component;
local cm_deregister_component = require "core.componentmanager".deregister_component;
local uuid_gen = require "util.uuid".generate;
local sha1 = require "util.hashes".sha1;
local st = require "util.stanza";
local init_xmlhandlers = require "core.xmlhandlers";
local sessions = {};
local log = module._log;
local component_listener = { default_port = 5347; default_mode = "*a"; default_interface = config.get("*", "core", "component_interface") or "127.0.0.1" };
local xmlns_component = 'jabber:component:accept';
--- Handle authentication attempts by components
function handle_component_auth(session, stanza)
log("info", "Handling component auth");
if (not session.host) or #stanza.tags > 0 then
(session.log or log)("warn", "Component handshake invalid");
session:close("not-authorized");
return;
end
local secret = config.get(session.user, "core", "component_secret");
if not secret then
(session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.user);
session:close("not-authorized");
return;
end
local supplied_token = t_concat(stanza);
local calculated_token = sha1(session.streamid..secret, true);
if supplied_token:lower() ~= calculated_token:lower() then
log("info", "Component for %s authentication failed", session.host);
session:close{ condition = "not-authorized", text = "Given token does not match calculated token" };
return;
end
-- Authenticated now
log("info", "Component authenticated: %s", session.host);
-- If component not already created for this host, create one now
if not hosts[session.host].connected then
local send = session.send;
session.component_session = cm_register_component(session.host, function (_, data)
if data.attr and data.attr.xmlns == "jabber:client" then
data.attr.xmlns = nil;
end
return send(data);
end);
hosts[session.host].connected = true;
log("info", "Component successfully registered");
else
log("error", "Multiple components bound to the same address, first one wins (TODO: Implement stanza distribution)");
end
-- Signal successful authentication
session.send(st.stanza("handshake"));
end
module:add_handler("component", "handshake", xmlns_component, handle_component_auth);
|