author | Matthew Wild <mwild1@gmail.com> |
Thu, 27 Nov 2008 03:12:12 +0000 | |
changeset 438 | 193f9dd64f17 |
parent 352 | a73a5afd7da3 |
child 519 | cccd610a0ef9 |
permissions | -rw-r--r-- |
191 | 1 |
|
2 |
local format = string.format; |
|
3 |
local send_s2s = require "core.s2smanager".send_to_host; |
|
4 |
local s2s_make_authenticated = require "core.s2smanager".make_authenticated; |
|
5 |
local s2s_verify_dialback = require "core.s2smanager".verify_dialback; |
|
6 |
||
7 |
local log = require "util.logger".init("mod_dialback"); |
|
8 |
||
9 |
local xmlns_dialback = "jabber:server:dialback"; |
|
10 |
||
438
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
352
diff
changeset
|
11 |
module:add_handler({"s2sin_unauthed", "s2sin"}, "verify", xmlns_dialback, |
219 | 12 |
function (origin, stanza) |
13 |
-- We are being asked to verify the key, to ensure it was generated by us |
|
14 |
log("debug", "verifying dialback key..."); |
|
15 |
local attr = stanza.attr; |
|
16 |
-- FIXME: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34 |
|
17 |
--if attr.from ~= origin.to_host then error("invalid-from"); end |
|
18 |
local type; |
|
19 |
if s2s_verify_dialback(attr.id, attr.from, attr.to, stanza[1]) then |
|
20 |
type = "valid" |
|
21 |
else |
|
22 |
type = "invalid" |
|
23 |
log("warn", "Asked to verify a dialback key that was incorrect. An imposter is claiming to be %s?", attr.to); |
|
24 |
end |
|
259 | 25 |
log("debug", "verifyied dialback key... it is %s", type); |
219 | 26 |
origin.sends2s(format("<db:verify from='%s' to='%s' id='%s' type='%s'>%s</db:verify>", attr.to, attr.from, attr.id, type, stanza[1])); |
27 |
end); |
|
191 | 28 |
|
438
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
352
diff
changeset
|
29 |
module:add_handler("s2sin_unauthed", "result", xmlns_dialback, |
219 | 30 |
function (origin, stanza) |
31 |
-- he wants to be identified through dialback |
|
32 |
-- We need to check the key with the Authoritative server |
|
33 |
local attr = stanza.attr; |
|
34 |
local attr = stanza.attr; |
|
35 |
origin.from_host = attr.from; |
|
36 |
origin.to_host = attr.to; |
|
37 |
origin.dialback_key = stanza[1]; |
|
38 |
log("debug", "asking %s if key %s belongs to them", origin.from_host, origin.dialback_key); |
|
39 |
send_s2s(origin.to_host, origin.from_host, |
|
40 |
format("<db:verify from='%s' to='%s' id='%s'>%s</db:verify>", origin.to_host, origin.from_host, |
|
41 |
origin.streamid, origin.dialback_key)); |
|
260
182f0c895676
Now outgoing s2s sessions are associated with their from_host, fixes #15
Matthew Wild <mwild1@gmail.com>
parents:
259
diff
changeset
|
42 |
hosts[origin.to_host].s2sout[origin.from_host].dialback_verifying = origin; |
219 | 43 |
end); |
191 | 44 |
|
438
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
352
diff
changeset
|
45 |
module:add_handler({ "s2sout_unauthed", "s2sout" }, "verify", xmlns_dialback, |
219 | 46 |
function (origin, stanza) |
47 |
if origin.dialback_verifying then |
|
48 |
local valid; |
|
49 |
local attr = stanza.attr; |
|
50 |
if attr.type == "valid" then |
|
51 |
s2s_make_authenticated(origin.dialback_verifying); |
|
52 |
valid = "valid"; |
|
53 |
else |
|
54 |
-- Warn the original connection that is was not verified successfully |
|
55 |
log("warn", "dialback for "..(origin.dialback_verifying.from_host or "(unknown)").." failed"); |
|
56 |
valid = "invalid"; |
|
191 | 57 |
end |
347
fba39fda0879
Don't error if the original s2s connection has closed before we get the dialback result
Matthew Wild <mwild1@gmail.com>
parents:
260
diff
changeset
|
58 |
if not origin.dialback_verifying.sends2s then |
348
aab28eacd84e
Show which session got disconnected in log message
Matthew Wild <mwild1@gmail.com>
parents:
347
diff
changeset
|
59 |
log("warn", "Incoming s2s session %s was closed in the meantime, so we can't notify it of the db result", tostring(origin.dialback_verifying):match("%w+$")); |
347
fba39fda0879
Don't error if the original s2s connection has closed before we get the dialback result
Matthew Wild <mwild1@gmail.com>
parents:
260
diff
changeset
|
60 |
else |
fba39fda0879
Don't error if the original s2s connection has closed before we get the dialback result
Matthew Wild <mwild1@gmail.com>
parents:
260
diff
changeset
|
61 |
origin.dialback_verifying.sends2s(format("<db:result from='%s' to='%s' id='%s' type='%s'>%s</db:result>", |
352
a73a5afd7da3
Fix the reversed to/from on the final db:result. Fixes M-Link and Gmail. Thanks dwd!!
Matthew Wild <mwild1@gmail.com>
parents:
348
diff
changeset
|
62 |
attr.to, attr.from, attr.id, valid, origin.dialback_verifying.dialback_key)); |
347
fba39fda0879
Don't error if the original s2s connection has closed before we get the dialback result
Matthew Wild <mwild1@gmail.com>
parents:
260
diff
changeset
|
63 |
end |
219 | 64 |
end |
65 |
end); |
|
191 | 66 |
|
438
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
352
diff
changeset
|
67 |
module:add_handler({ "s2sout_unauthed", "s2sout" }, "result", xmlns_dialback, |
219 | 68 |
function (origin, stanza) |
69 |
if stanza.attr.type == "valid" then |
|
70 |
s2s_make_authenticated(origin); |
|
71 |
else |
|
72 |
-- FIXME |
|
73 |
error("dialback failed!"); |
|
74 |
end |
|
75 |
end); |