391 if session_privileges and session_privileges.message=="outgoing" then |
391 if session_privileges and session_privileges.message=="outgoing" then |
392 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded" |
392 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded" |
393 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then |
393 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then |
394 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client') |
394 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client') |
395 if message_elt ~= nil then |
395 if message_elt ~= nil then |
396 local _, from_host, from_resource = jid.split(message_elt.attr.from) |
396 local username, from_host, from_resource = jid.split(message_elt.attr.from) |
397 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts |
397 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts |
398 clean_xmlns(message_elt); -- needed do to proper routing |
398 clean_xmlns(message_elt); -- needed do to proper routing |
|
399 local session = { |
|
400 username = username; |
|
401 host = from_host; |
|
402 type = "c2s"; |
|
403 log = module._log; |
|
404 } |
399 -- at this point everything should be alright, we can send the message |
405 -- at this point everything should be alright, we can send the message |
400 prosody.core_route_stanza(nil, message_elt) |
406 prosody.core_post_stanza(session, message_elt, true) |
401 else -- trying to send a message from a forbidden entity |
407 else -- trying to send a message from a forbidden entity |
402 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from)) |
408 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from)) |
403 session.send(st.error_reply(stanza, 'auth', 'forbidden')) |
409 session.send(st.error_reply(stanza, 'auth', 'forbidden')) |
404 end |
410 end |
405 else -- incorrect message child |
411 else -- incorrect message child |
653 ) |
648 ) |
654 return true |
649 return true |
655 end |
650 end |
656 |
651 |
657 -- at this point, wrapped_iq is considered valid, and privileged entity is allowed to send it |
652 -- at this point, wrapped_iq is considered valid, and privileged entity is allowed to send it |
658 |
653 local username, from_host, _ = jid.split(wrapped_iq.attr.from) |
659 module:send_iq(wrapped_iq) |
654 local newsession = { |
|
655 username = username; |
|
656 host = from_host; |
|
657 full_jid = stanza.attr.to; |
|
658 type = "c2s"; |
|
659 log = module._log; |
|
660 } |
|
661 |
|
662 module:send_iq(wrapped_iq,newsession) |
660 :next(function (response) |
663 :next(function (response) |
661 local reply = st.reply(stanza); |
664 local reply = st.reply(stanza); |
662 response.stanza.attr.xmlns = 'jabber:client' |
665 response.stanza.attr.xmlns = 'jabber:client' |
663 reply:tag("privilege", {xmlns = _PRIV_ENT_NS}) |
666 reply:tag("privilege", {xmlns = _PRIV_ENT_NS}) |
664 :tag("forwarded", {xmlns = _FORWARDED_NS}) |
667 :tag("forwarded", {xmlns = _FORWARDED_NS}) |