191
|
1 |
|
|
2 |
local format = string.format; |
|
3 |
local send_s2s = require "core.s2smanager".send_to_host; |
|
4 |
local s2s_make_authenticated = require "core.s2smanager".make_authenticated; |
|
5 |
local s2s_verify_dialback = require "core.s2smanager".verify_dialback; |
|
6 |
|
|
7 |
local log = require "util.logger".init("mod_dialback"); |
|
8 |
|
|
9 |
local xmlns_dialback = "jabber:server:dialback"; |
|
10 |
|
|
11 |
add_handler({"s2sin_unauthed", "s2sin"}, "verify", xmlns_dialback, |
219
|
12 |
function (origin, stanza) |
|
13 |
-- We are being asked to verify the key, to ensure it was generated by us |
|
14 |
log("debug", "verifying dialback key..."); |
|
15 |
local attr = stanza.attr; |
|
16 |
-- FIXME: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34 |
|
17 |
--if attr.from ~= origin.to_host then error("invalid-from"); end |
|
18 |
local type; |
|
19 |
if s2s_verify_dialback(attr.id, attr.from, attr.to, stanza[1]) then |
|
20 |
type = "valid" |
|
21 |
else |
|
22 |
type = "invalid" |
|
23 |
log("warn", "Asked to verify a dialback key that was incorrect. An imposter is claiming to be %s?", attr.to); |
|
24 |
end |
|
25 |
origin.sends2s(format("<db:verify from='%s' to='%s' id='%s' type='%s'>%s</db:verify>", attr.to, attr.from, attr.id, type, stanza[1])); |
|
26 |
end); |
191
|
27 |
|
|
28 |
add_handler("s2sin_unauthed", "result", xmlns_dialback, |
219
|
29 |
function (origin, stanza) |
|
30 |
-- he wants to be identified through dialback |
|
31 |
-- We need to check the key with the Authoritative server |
|
32 |
local attr = stanza.attr; |
|
33 |
local attr = stanza.attr; |
|
34 |
origin.from_host = attr.from; |
|
35 |
origin.to_host = attr.to; |
|
36 |
origin.dialback_key = stanza[1]; |
|
37 |
log("debug", "asking %s if key %s belongs to them", origin.from_host, origin.dialback_key); |
|
38 |
send_s2s(origin.to_host, origin.from_host, |
|
39 |
format("<db:verify from='%s' to='%s' id='%s'>%s</db:verify>", origin.to_host, origin.from_host, |
|
40 |
origin.streamid, origin.dialback_key)); |
|
41 |
hosts[origin.from_host].dialback_verifying = origin; |
|
42 |
end); |
191
|
43 |
|
|
44 |
add_handler({ "s2sout_unauthed", "s2sout" }, "verify", xmlns_dialback, |
219
|
45 |
function (origin, stanza) |
|
46 |
if origin.dialback_verifying then |
|
47 |
local valid; |
|
48 |
local attr = stanza.attr; |
|
49 |
if attr.type == "valid" then |
|
50 |
s2s_make_authenticated(origin.dialback_verifying); |
|
51 |
valid = "valid"; |
|
52 |
else |
|
53 |
-- Warn the original connection that is was not verified successfully |
|
54 |
log("warn", "dialback for "..(origin.dialback_verifying.from_host or "(unknown)").." failed"); |
|
55 |
valid = "invalid"; |
191
|
56 |
end |
219
|
57 |
origin.dialback_verifying.sends2s(format("<db:result from='%s' to='%s' id='%s' type='%s'>%s</db:result>", |
|
58 |
attr.from, attr.to, attr.id, valid, origin.dialback_verifying.dialback_key)); |
|
59 |
end |
|
60 |
end); |
191
|
61 |
|
|
62 |
add_handler({ "s2sout_unauthed", "s2sout" }, "result", xmlns_dialback, |
219
|
63 |
function (origin, stanza) |
|
64 |
if stanza.attr.type == "valid" then |
|
65 |
s2s_make_authenticated(origin); |
|
66 |
else |
|
67 |
-- FIXME |
|
68 |
error("dialback failed!"); |
|
69 |
end |
|
70 |
end); |