56 module:hook("presence/host", handle_stanza, -0.5); |
56 module:hook("presence/host", handle_stanza, -0.5); |
57 |
57 |
58 --- Handle authentication attempts by components |
58 --- Handle authentication attempts by components |
59 function handle_component_auth(event) |
59 function handle_component_auth(event) |
60 local session, stanza = event.origin, event.stanza; |
60 local session, stanza = event.origin, event.stanza; |
61 |
61 |
62 if session.type ~= "component_unauthed" then return; end |
62 if session.type ~= "component_unauthed" then return; end |
63 if sessions[session] then return; end |
63 if sessions[session] then return; end |
64 |
64 |
65 if (not session.host) or #stanza.tags > 0 then |
65 if (not session.host) or #stanza.tags > 0 then |
66 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); |
66 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); |
67 session:close("not-authorized"); |
67 session:close("not-authorized"); |
68 return true; |
68 return true; |
69 end |
69 end |
70 |
70 |
71 local secret = module:get_option("component_secret"); |
71 local secret = module:get_option("component_secret"); |
72 if not secret then |
72 if not secret then |
73 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host); |
73 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host); |
74 session:close("not-authorized"); |
74 session:close("not-authorized"); |
75 return true; |
75 return true; |
76 end |
76 end |
77 |
77 |
78 local supplied_token = t_concat(stanza); |
78 local supplied_token = t_concat(stanza); |
79 local calculated_token = sha1(session.streamid..secret, true); |
79 local calculated_token = sha1(session.streamid..secret, true); |
80 if supplied_token:lower() ~= calculated_token:lower() then |
80 if supplied_token:lower() ~= calculated_token:lower() then |
81 log("info", "Component authentication failed for %s", session.host); |
81 log("info", "Component authentication failed for %s", session.host); |
82 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; |
82 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; |
83 return true; |
83 return true; |
84 end |
84 end |
85 |
85 |
86 -- Add session to sessions table |
86 -- Add session to sessions table |
87 sessions[session] = true; |
87 sessions[session] = true; |
88 session.on_destroy = on_destroy; |
88 session.on_destroy = on_destroy; |
89 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true); |
89 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true); |
90 session.type = "component"; |
90 session.type = "component"; |
91 log("info", "Component successfully authenticated: %s", session.host); |
91 log("info", "Component successfully authenticated: %s", session.host); |
92 session.send(st.stanza("handshake")); |
92 session.send(st.stanza("handshake")); |
93 |
93 |
94 return true; |
94 return true; |
95 end |
95 end |
96 |
96 |
97 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, 10); |
97 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, 10); |