prosody-modules: mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua annotate

annotate mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 3772:22f02716819f

mod_s2s_keepalive: Isolate source host of pings The incoming_s2s table is not restricted to the current virtualhost so this prevents opening more connections than what's needed. Also prevents useless double sending of one whitespace per local host.

author	Kim Alvefur <zash@zash.se>
date	Mon, 23 Dec 2019 01:18:02 +0100
parents	3024116d6093
children	c9397cd5cfe6

rev	line source
2204 affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	1 module:set_global()
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	2
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	3 local hosts = prosody.hosts;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	4
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	5 module:hook("s2s-check-certificate", function(event)
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	6 local session, cert = event.session, event.cert;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	7 if session.direction ~= "incoming" then return end
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	8
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	9 local outgoing = hosts[session.to_host].s2sout[session.from_host];
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	10 if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then
2234 3024116d6093 mod_s2s_auth_samecert: Log which s2sout has a matching cert Kim Alvefur <zash@zash.se> parents: 2204 diff changeset	11 session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$"));
2204 affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	12 session.cert_identity_status = outgoing.cert_identity_status;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	13 session.cert_chain_status = outgoing.cert_chain_status;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	14 return true;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	15 end
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	16 end, 1000);