44 env.connected = false; |
44 env.connected = false; |
45 env.session = false; |
45 env.session = false; |
46 send = nil; |
46 send = nil; |
47 session.on_destroy = nil; |
47 session.on_destroy = nil; |
48 end |
48 end |
49 |
49 |
50 -- Handle authentication attempts by component |
50 -- Handle authentication attempts by component |
51 local function handle_component_auth(event) |
51 local function handle_component_auth(event) |
52 local session, stanza = event.origin, event.stanza; |
52 local session, stanza = event.origin, event.stanza; |
53 |
53 |
54 if session.type ~= "component_unauthed" then return; end |
54 if session.type ~= "component_unauthed" then return; end |
55 |
55 |
56 if (not session.host) or #stanza.tags > 0 then |
56 if (not session.host) or #stanza.tags > 0 then |
57 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); |
57 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); |
58 session:close("not-authorized"); |
58 session:close("not-authorized"); |
59 return true; |
59 return true; |
60 end |
60 end |
61 |
61 |
62 local secret = module:get_option("component_secret"); |
62 local secret = module:get_option("component_secret"); |
63 if not secret then |
63 if not secret then |
64 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host); |
64 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host); |
65 session:close("not-authorized"); |
65 session:close("not-authorized"); |
66 return true; |
66 return true; |
67 end |
67 end |
68 |
68 |
69 local supplied_token = t_concat(stanza); |
69 local supplied_token = t_concat(stanza); |
70 local calculated_token = sha1(session.streamid..secret, true); |
70 local calculated_token = sha1(session.streamid..secret, true); |
71 if supplied_token:lower() ~= calculated_token:lower() then |
71 if supplied_token:lower() ~= calculated_token:lower() then |
72 module:log("info", "Component authentication failed for %s", session.host); |
72 module:log("info", "Component authentication failed for %s", session.host); |
73 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; |
73 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; |
74 return true; |
74 return true; |
75 end |
75 end |
76 |
76 |
77 if env.connected then |
77 if env.connected then |
78 local policy = module:get_option_string("component_conflict_resolve", "kick_new"); |
78 local policy = module:get_option_string("component_conflict_resolve", "kick_new"); |
79 if policy == "kick_old" then |
79 if policy == "kick_old" then |
80 env.session:close{ condition = "conflict", text = "Replaced by a new connection" }; |
80 env.session:close{ condition = "conflict", text = "Replaced by a new connection" }; |
81 else -- kick_new |
81 else -- kick_new |
82 module:log("error", "Second component attempted to connect, denying connection"); |
82 module:log("error", "Second component attempted to connect, denying connection"); |
83 session:close{ condition = "conflict", text = "Component already connected" }; |
83 session:close{ condition = "conflict", text = "Component already connected" }; |
84 return true; |
84 return true; |
85 end |
85 end |
86 end |
86 end |
87 |
87 |
88 env.connected = true; |
88 env.connected = true; |
89 env.session = session; |
89 env.session = session; |
90 send = session.send; |
90 send = session.send; |
91 session.on_destroy = on_destroy; |
91 session.on_destroy = on_destroy; |
92 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true); |
92 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true); |
93 session.type = "component"; |
93 session.type = "component"; |
94 module:log("info", "External component successfully authenticated"); |
94 module:log("info", "External component successfully authenticated"); |
95 session.send(st.stanza("handshake")); |
95 session.send(st.stanza("handshake")); |
96 module:fire_event("component-authenticated", { session = session }); |
96 module:fire_event("component-authenticated", { session = session }); |
97 |
97 |
98 return true; |
98 return true; |
99 end |
99 end |
100 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, -1); |
100 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth, -1); |
101 |
101 |
102 -- Handle stanzas addressed to this component |
102 -- Handle stanzas addressed to this component |
123 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable")); |
123 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable")); |
124 end |
124 end |
125 end |
125 end |
126 return true; |
126 return true; |
127 end |
127 end |
128 |
128 |
129 module:hook("iq/bare", handle_stanza, -1); |
129 module:hook("iq/bare", handle_stanza, -1); |
130 module:hook("message/bare", handle_stanza, -1); |
130 module:hook("message/bare", handle_stanza, -1); |
131 module:hook("presence/bare", handle_stanza, -1); |
131 module:hook("presence/bare", handle_stanza, -1); |
132 module:hook("iq/full", handle_stanza, -1); |
132 module:hook("iq/full", handle_stanza, -1); |
133 module:hook("message/full", handle_stanza, -1); |
133 module:hook("message/full", handle_stanza, -1); |
280 session.close = session_close; |
280 session.close = session_close; |
281 |
281 |
282 if opt_keepalives then |
282 if opt_keepalives then |
283 conn:setoption("keepalive", opt_keepalives); |
283 conn:setoption("keepalive", opt_keepalives); |
284 end |
284 end |
285 |
285 |
286 session.log("info", "Incoming Jabber component connection"); |
286 session.log("info", "Incoming Jabber component connection"); |
287 |
287 |
288 local stream = new_xmpp_stream(session, stream_callbacks); |
288 local stream = new_xmpp_stream(session, stream_callbacks); |
289 session.stream = stream; |
289 session.stream = stream; |
290 |
290 |
291 session.notopen = true; |
291 session.notopen = true; |
292 |
292 |
293 function session.reset_stream() |
293 function session.reset_stream() |
294 session.notopen = true; |
294 session.notopen = true; |
295 session.stream:reset(); |
295 session.stream:reset(); |
296 end |
296 end |
297 |
297 |
299 local ok, err = stream:feed(data); |
299 local ok, err = stream:feed(data); |
300 if ok then return; end |
300 if ok then return; end |
301 module:log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); |
301 module:log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); |
302 session:close("not-well-formed"); |
302 session:close("not-well-formed"); |
303 end |
303 end |
304 |
304 |
305 session.dispatch_stanza = stream_callbacks.handlestanza; |
305 session.dispatch_stanza = stream_callbacks.handlestanza; |
306 |
306 |
307 sessions[conn] = session; |
307 sessions[conn] = session; |
308 end |
308 end |
309 function listener.onincoming(conn, data) |
309 function listener.onincoming(conn, data) |