21 local xmlns_stream = "http://etherx.jabber.org/streams"; |
21 local xmlns_stream = "http://etherx.jabber.org/streams"; |
22 local xmlns_dialback = "jabber:server:dialback"; |
22 local xmlns_dialback = "jabber:server:dialback"; |
23 |
23 |
24 local dialback_requests = setmetatable({}, { __mode = 'v' }); |
24 local dialback_requests = setmetatable({}, { __mode = 'v' }); |
25 |
25 |
26 module:add_handler({"s2sin_unauthed", "s2sin"}, "verify", xmlns_dialback, |
26 module:hook("stanza/jabber:server:dialback:verify", function(event) |
27 function (origin, stanza) |
27 local origin, stanza = event.origin, event.stanza; |
|
28 |
|
29 if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then |
28 -- We are being asked to verify the key, to ensure it was generated by us |
30 -- We are being asked to verify the key, to ensure it was generated by us |
29 origin.log("debug", "verifying that dialback key is ours..."); |
31 origin.log("debug", "verifying that dialback key is ours..."); |
30 local attr = stanza.attr; |
32 local attr = stanza.attr; |
31 -- COMPAT: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34 |
33 -- COMPAT: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34 |
32 --if attr.from ~= origin.to_host then error("invalid-from"); end |
34 --if attr.from ~= origin.to_host then error("invalid-from"); end |
37 type = "invalid" |
39 type = "invalid" |
38 origin.log("warn", "Asked to verify a dialback key that was incorrect. An imposter is claiming to be %s?", attr.to); |
40 origin.log("warn", "Asked to verify a dialback key that was incorrect. An imposter is claiming to be %s?", attr.to); |
39 end |
41 end |
40 origin.log("debug", "verified dialback key... it is %s", type); |
42 origin.log("debug", "verified dialback key... it is %s", type); |
41 origin.sends2s(st.stanza("db:verify", { from = attr.to, to = attr.from, id = attr.id, type = type }):text(stanza[1])); |
43 origin.sends2s(st.stanza("db:verify", { from = attr.to, to = attr.from, id = attr.id, type = type }):text(stanza[1])); |
42 end); |
44 return true; |
|
45 end |
|
46 end); |
43 |
47 |
44 module:add_handler({ "s2sin_unauthed", "s2sin" }, "result", xmlns_dialback, |
48 module:hook("stanza/jabber:server:dialback:result", function(event) |
45 function (origin, stanza) |
49 local origin, stanza = event.origin, event.stanza; |
|
50 |
|
51 if origin.type == "s2sin_unauthed" or origin.type == "s2sin" then |
46 -- he wants to be identified through dialback |
52 -- he wants to be identified through dialback |
47 -- We need to check the key with the Authoritative server |
53 -- We need to check the key with the Authoritative server |
48 local attr = stanza.attr; |
54 local attr = stanza.attr; |
49 origin.hosts[attr.from] = { dialback_key = stanza[1] }; |
55 origin.hosts[attr.from] = { dialback_key = stanza[1] }; |
50 |
56 |
51 if not hosts[attr.to] then |
57 if not hosts[attr.to] then |
52 -- Not a host that we serve |
58 -- Not a host that we serve |
53 origin.log("info", "%s tried to connect to %s, which we don't serve", attr.from, attr.to); |
59 origin.log("info", "%s tried to connect to %s, which we don't serve", attr.from, attr.to); |
54 origin:close("host-unknown"); |
60 origin:close("host-unknown"); |
55 return; |
61 return true; |
56 end |
62 end |
57 |
63 |
58 dialback_requests[attr.from] = origin; |
64 dialback_requests[attr.from] = origin; |
59 |
65 |
60 if not origin.from_host then |
66 if not origin.from_host then |
67 end |
73 end |
68 |
74 |
69 origin.log("debug", "asking %s if key %s belongs to them", attr.from, stanza[1]); |
75 origin.log("debug", "asking %s if key %s belongs to them", attr.from, stanza[1]); |
70 send_s2s(attr.to, attr.from, |
76 send_s2s(attr.to, attr.from, |
71 st.stanza("db:verify", { from = attr.to, to = attr.from, id = origin.streamid }):text(stanza[1])); |
77 st.stanza("db:verify", { from = attr.to, to = attr.from, id = origin.streamid }):text(stanza[1])); |
72 end); |
78 return true; |
|
79 end |
|
80 end); |
73 |
81 |
74 module:add_handler({ "s2sout_unauthed", "s2sout" }, "verify", xmlns_dialback, |
82 module:hook("stanza/jabber:server:dialback:verify", function(event) |
75 function (origin, stanza) |
83 local origin, stanza = event.origin, event.stanza; |
|
84 |
|
85 if origin.type == "s2sout_unauthed" or origin.type == "s2sout" then |
76 local attr = stanza.attr; |
86 local attr = stanza.attr; |
77 local dialback_verifying = dialback_requests[attr.from]; |
87 local dialback_verifying = dialback_requests[attr.from]; |
78 if dialback_verifying then |
88 if dialback_verifying then |
79 local valid; |
89 local valid; |
80 if attr.type == "valid" then |
90 if attr.type == "valid" then |
92 st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = valid }) |
102 st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = valid }) |
93 :text(dialback_verifying.hosts[attr.from].dialback_key)); |
103 :text(dialback_verifying.hosts[attr.from].dialback_key)); |
94 end |
104 end |
95 dialback_requests[attr.from] = nil; |
105 dialback_requests[attr.from] = nil; |
96 end |
106 end |
97 end); |
107 return true; |
|
108 end |
|
109 end); |
98 |
110 |
99 module:add_handler({ "s2sout_unauthed", "s2sout" }, "result", xmlns_dialback, |
111 module:hook("stanza/jabber:server:dialback:result", function(event) |
100 function (origin, stanza) |
112 local origin, stanza = event.origin, event.stanza; |
|
113 |
|
114 if origin.type == "s2sout_unauthed" or origin.type == "s2sout" then |
101 -- Remote server is telling us whether we passed dialback |
115 -- Remote server is telling us whether we passed dialback |
102 |
116 |
103 local attr = stanza.attr; |
117 local attr = stanza.attr; |
104 if not hosts[attr.to] then |
118 if not hosts[attr.to] then |
105 origin:close("host-unknown"); |
119 origin:close("host-unknown"); |
106 return; |
120 return true; |
107 elseif hosts[attr.to].s2sout[attr.from] ~= origin then |
121 elseif hosts[attr.to].s2sout[attr.from] ~= origin then |
108 -- This isn't right |
122 -- This isn't right |
109 origin:close("invalid-id"); |
123 origin:close("invalid-id"); |
110 return; |
124 return true; |
111 end |
125 end |
112 if stanza.attr.type == "valid" then |
126 if stanza.attr.type == "valid" then |
113 s2s_make_authenticated(origin, attr.from); |
127 s2s_make_authenticated(origin, attr.from); |
114 else |
128 else |
115 s2s_destroy_session(origin) |
129 s2s_destroy_session(origin) |
116 end |
130 end |
117 end); |
131 return true; |
|
132 end |
|
133 end); |
118 |
134 |
119 module:hook_stanza(xmlns_stream, "features", function (origin, stanza) |
135 module:hook_stanza(xmlns_stream, "features", function (origin, stanza) |
120 s2s_initiate_dialback(origin); |
136 s2s_initiate_dialback(origin); |
121 return true; |
137 return true; |
122 end, 100); |
138 end, 100); |