prosody: plugins/mod_tls.lua@ade70495fe7f (annotated)

1523 841d61be198f Remove version number from copyright headers Matthew Wild <mwild1@gmail.com> parents: 1219 diff changeset	1	-- Prosody IM
760 90ce865eebd8 Update copyright notices for 2009 Matthew Wild <mwild1@gmail.com> parents: 759 diff changeset	2	-- Copyright (C) 2008-2009 Matthew Wild
90ce865eebd8 Update copyright notices for 2009 Matthew Wild <mwild1@gmail.com> parents: 759 diff changeset	3	-- Copyright (C) 2008-2009 Waqas Hussain
519 cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 438 diff changeset	4	--
758 b1885732e979 GPL->MIT! Matthew Wild <mwild1@gmail.com> parents: 705 diff changeset	5	-- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT! Matthew Wild <mwild1@gmail.com> parents: 705 diff changeset	6	-- COPYING file in the source package for more information.
519 cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 438 diff changeset	7	--
cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 438 diff changeset	8
69 5b664c8fef86 forgot to commit mod_tls, oops :) Matthew Wild <mwild1@gmail.com> parents: diff changeset	9	local st = require "util.stanza";
99 ba08b8a4eeef Abstract connections with "connection listeners" Matthew Wild <mwild1@gmail.com> parents: 69 diff changeset	10
1912 126401a7159f require_encryption deprecated, use c2s_require_encryption instead Matthew Wild <mwild1@gmail.com> parents: 1911 diff changeset	11	local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
1913 da49a59dff7c mod_tls: require_s2s_encryption -> s2s_require_encryption Matthew Wild <mwild1@gmail.com> parents: 1912 diff changeset	12	local secure_s2s_only = module:get_option("s2s_require_encryption");
1219 f14e08a0ae7f mod_tls: Add <required/> to stream feature when TLS is required Matthew Wild <mwild1@gmail.com> parents: 1213 diff changeset	13
2605 ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	14	local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	15	local starttls_attr = { xmlns = xmlns_starttls };
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	16	local starttls_proceed = st.stanza("proceed", starttls_attr);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	17	local starttls_failure = st.stanza("failure", starttls_attr);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	18	local c2s_feature = st.stanza("starttls", starttls_attr);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	19	local s2s_feature = st.stanza("starttls", starttls_attr);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	20	if secure_auth_only then c2s_feature:tag("required"):up(); end
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	21	if secure_s2s_only then s2s_feature:tag("required"):up(); end
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	22
2542 0a78847b38e2 mod_tls: Update for new server SSL syntax Matthew Wild <mwild1@gmail.com> parents: 2108 diff changeset	23	local global_ssl_ctx = prosody.global_ssl_ctx;
0a78847b38e2 mod_tls: Update for new server SSL syntax Matthew Wild <mwild1@gmail.com> parents: 2108 diff changeset	24
2605 ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	25	-- Hook <starttls/>
2600 1e6f3002e04f mod_tls: Inlined some code. Waqas Hussain <waqas20@gmail.com> parents: 2596 diff changeset	26	module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
1e6f3002e04f mod_tls: Inlined some code. Waqas Hussain <waqas20@gmail.com> parents: 2596 diff changeset	27	local origin = event.origin;
2602 dff84fdebac0 mod_tls: Remove origin type check when TLS is requested (thanks MattJ). Waqas Hussain <waqas20@gmail.com> parents: 2601 diff changeset	28	if origin.conn.starttls then
2605 ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	29	(origin.sends2s or origin.send)(starttls_proceed);
2600 1e6f3002e04f mod_tls: Inlined some code. Waqas Hussain <waqas20@gmail.com> parents: 2596 diff changeset	30	origin:reset_stream();
1e6f3002e04f mod_tls: Inlined some code. Waqas Hussain <waqas20@gmail.com> parents: 2596 diff changeset	31	local host = origin.to_host or origin.host;
2596 187cd90860cb mod_tls: Merged duplicate code. Waqas Hussain <waqas20@gmail.com> parents: 2595 diff changeset	32	local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx;
2600 1e6f3002e04f mod_tls: Inlined some code. Waqas Hussain <waqas20@gmail.com> parents: 2596 diff changeset	33	origin.conn:starttls(ssl_ctx);
1e6f3002e04f mod_tls: Inlined some code. Waqas Hussain <waqas20@gmail.com> parents: 2596 diff changeset	34	origin.log("info", "TLS negotiation started for %s...", origin.type);
1e6f3002e04f mod_tls: Inlined some code. Waqas Hussain <waqas20@gmail.com> parents: 2596 diff changeset	35	origin.secure = false;
2595 015934e20f03 mod_tls: Switched to new events API. Waqas Hussain <waqas20@gmail.com> parents: 2594 diff changeset	36	else
015934e20f03 mod_tls: Switched to new events API. Waqas Hussain <waqas20@gmail.com> parents: 2594 diff changeset	37	origin.log("warn", "Attempt to start TLS, but TLS is not available on this %s connection", origin.type);
2605 ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	38	(origin.sends2s or origin.send)(starttls_failure);
2601 e64c6a4aa50b mod_tls: Respond with proper error when TLS cannot be negotiated. Waqas Hussain <waqas20@gmail.com> parents: 2600 diff changeset	39	origin:close();
2595 015934e20f03 mod_tls: Switched to new events API. Waqas Hussain <waqas20@gmail.com> parents: 2594 diff changeset	40	end
015934e20f03 mod_tls: Switched to new events API. Waqas Hussain <waqas20@gmail.com> parents: 2594 diff changeset	41	return true;
015934e20f03 mod_tls: Switched to new events API. Waqas Hussain <waqas20@gmail.com> parents: 2594 diff changeset	42	end);
1875 334383faf77b mod_tls: Advertise and handle TLS for s2s connections Matthew Wild <mwild1@gmail.com> parents: 1675 diff changeset	43
2605 ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	44	-- Advertize stream feature
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	45	module:add_event_hook("stream-features", function(session, features)
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	46	if not session.username and session.conn.starttls then
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	47	features:add_child(c2s_feature);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	48	end
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	49	end);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	50	module:hook("s2s-stream-features", function(event)
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	51	local session, features = event.session, event.features;
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	52	if session.to_host and session.type ~= "s2sin" and session.conn.starttls then
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	53	features:add_child(s2s_feature);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	54	end
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	55	end);
1875 334383faf77b mod_tls: Advertise and handle TLS for s2s connections Matthew Wild <mwild1@gmail.com> parents: 1675 diff changeset	56
334383faf77b mod_tls: Advertise and handle TLS for s2s connections Matthew Wild <mwild1@gmail.com> parents: 1675 diff changeset	57	-- For s2sout connections, start TLS if we can
2605 ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	58	module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	59	module:log("debug", "Received features element");
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	60	if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	61	module:log("%s is offering TLS, taking up the offer...", session.to_host);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	62	session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	63	return true;
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	64	end
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	65	end, 500);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	66	module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza)
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	67	module:log("debug", "Proceeding with TLS on s2sout...");
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	68	session:reset_stream();
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	69	local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx;
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	70	session.conn:starttls(ssl_ctx, true);
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	71	session.secure = false;
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	72	return true;
ade70495fe7f mod_tls: Cleanup. Waqas Hussain <waqas20@gmail.com> parents: 2604 diff changeset	73	end);

author	Waqas Hussain <waqas20@gmail.com>
	Fri, 12 Feb 2010 03:46:48 +0500
changeset 2605	ade70495fe7f
parent 2604	ed32f7bad620
child 2607	35a5d1c5ea28
permissions	-rw-r--r--