author | Kim Alvefur <zash@zash.se> |
Tue, 16 Sep 2014 19:53:41 +0200 | |
changeset 1506 | a40f9b8661d8 |
parent 932 | 4e235e565693 |
permissions | -rw-r--r-- |
928 | 1 |
local hosts = _G.hosts; |
2 |
local st = require "util.stanza"; |
|
3 |
local nameprep = require "util.encodings".stringprep.nameprep; |
|
4 |
local cert_verify_identity = require "util.x509".verify_identity; |
|
5 |
||
6 |
module:hook("stanza/jabber:server:dialback:result", function(event) |
|
7 |
local origin, stanza = event.origin, event.stanza; |
|
8 |
||
9 |
if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then |
|
10 |
local attr = stanza.attr; |
|
11 |
local to, from = nameprep(attr.to), nameprep(attr.from); |
|
12 |
||
13 |
local conn = origin.conn:socket() |
|
14 |
local cert; |
|
15 |
if conn.getpeercertificate then |
|
16 |
cert = conn:getpeercertificate() |
|
17 |
end |
|
18 |
||
19 |
if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then |
|
20 |
||
21 |
-- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from' |
|
22 |
-- on streams. We fill in the session's to/from here instead. |
|
23 |
if not origin.from_host then |
|
24 |
origin.from_host = from; |
|
25 |
end |
|
26 |
if not origin.to_host then |
|
27 |
origin.to_host = to; |
|
28 |
end |
|
29 |
||
30 |
module:log("info", "Accepting Dialback without Dialback for %s", from); |
|
932
4e235e565693
mod_bidi, mod_dwd, mod_s2s_idle_timeout: Update for recent 0.9 changes (612467e263af)
Matthew Wild <mwild1@gmail.com>
parents:
928
diff
changeset
|
31 |
module:fire_event("s2s-authenticated", { session = origin, host = from }); |
928 | 32 |
origin.sends2s( |
33 |
st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" })); |
|
34 |
||
35 |
return true; |
|
36 |
end |
|
37 |
end |
|
38 |
end, 100); |
|
39 |
||
40 |