928
|
1 |
local hosts = _G.hosts; |
|
2 |
local st = require "util.stanza"; |
|
3 |
local s2s_make_authenticated = require "core.s2smanager".make_authenticated; |
|
4 |
local nameprep = require "util.encodings".stringprep.nameprep; |
|
5 |
local cert_verify_identity = require "util.x509".verify_identity; |
|
6 |
|
|
7 |
module:hook("stanza/jabber:server:dialback:result", function(event) |
|
8 |
local origin, stanza = event.origin, event.stanza; |
|
9 |
|
|
10 |
if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then |
|
11 |
local attr = stanza.attr; |
|
12 |
local to, from = nameprep(attr.to), nameprep(attr.from); |
|
13 |
|
|
14 |
local conn = origin.conn:socket() |
|
15 |
local cert; |
|
16 |
if conn.getpeercertificate then |
|
17 |
cert = conn:getpeercertificate() |
|
18 |
end |
|
19 |
|
|
20 |
if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then |
|
21 |
|
|
22 |
-- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from' |
|
23 |
-- on streams. We fill in the session's to/from here instead. |
|
24 |
if not origin.from_host then |
|
25 |
origin.from_host = from; |
|
26 |
end |
|
27 |
if not origin.to_host then |
|
28 |
origin.to_host = to; |
|
29 |
end |
|
30 |
|
|
31 |
module:log("info", "Accepting Dialback without Dialback for %s", from); |
|
32 |
s2s_make_authenticated(origin, from); |
|
33 |
origin.sends2s( |
|
34 |
st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" })); |
|
35 |
|
|
36 |
return true; |
|
37 |
end |
|
38 |
end |
|
39 |
end, 100); |
|
40 |
|
|
41 |
|