Mercurial > prosody-modules
annotate mod_s2s_log_certs/mod_s2s_log_certs.lua @ 3656:3e0f4d727825
mod_vcard_muc: Add an alternative method of signaling avatar change
When the avatar has been changed, a signal is sent that the room
configuration has changed. Clients then do a disco#info query to find
the SHA-1 of the new avatar. They can then fetch it as before, or not if
they have it cached already.
This is meant to be less disruptive than signaling via presence, which
caused problems for some clients.
If clients transition to the new method, the old one can eventually be removed.
The namespace is made up while waiting for standardization.
Otherwise it is very close to what's described in
https://xmpp.org/extensions/inbox/muc-avatars.html
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 25 Aug 2019 20:46:43 +0200 |
parents | 663e5d923ef0 |
children |
rev | line source |
---|---|
1009
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 module:set_global(); |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local dm_load = require "util.datamanager".load; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local dm_store = require "util.datamanager".store; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local datetime = require "util.datetime".datetime; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local do_store = module:get_option_boolean(module:get_name().."_persist", false); |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local function note_cert_digest(event) |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local session, remote_host, cert = event.session, event.host, event.cert; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 if not (remote_host and cert and cert.digest) then return end; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local digest = cert:digest(digest_algo); |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 local local_host = session.direction == "outgoing" and session.from_host or session.to_host; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local chain_status = session.cert_chain_status; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local identity_status = session.cert_identity_status; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
1091
79ef0427765f
mod_s2s_log_certs: Minor grammar change
Kim Alvefur <zash@zash.se>
parents:
1009
diff
changeset
|
20 module:log("info", "%s has a %s %s certificate with %s: %s", |
79ef0427765f
mod_s2s_log_certs: Minor grammar change
Kim Alvefur <zash@zash.se>
parents:
1009
diff
changeset
|
21 remote_host, |
1009
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 chain_status == "valid" and "trusted" or "untrusted", |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 identity_status or "invalid", |
1091
79ef0427765f
mod_s2s_log_certs: Minor grammar change
Kim Alvefur <zash@zash.se>
parents:
1009
diff
changeset
|
24 digest_algo:upper(), |
1009
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 digest:upper():gsub("..",":%0"):sub(2)); |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 if do_store then |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 local seen_certs = dm_load(remote_host, local_host, "s2s_certs") or {}; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 digest = digest_algo..":"..digest; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 local this_cert = seen_certs[digest] or { first = datetime(); times = 0; } |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 this_cert.last = datetime(); |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 this_cert.times = this_cert.times + 1; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 seen_certs[digest] = this_cert; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 chain_status = chain_status; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 identity_status = identity_status; |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 dm_store(remote_host, local_host, "s2s_certs", seen_certs); |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 end |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 end |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
1787
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
41 if module.wrap_event then |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
42 -- 0.10 |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
43 module:wrap_event("s2s-check-certificate", function (handlers, event_name, event_data) |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
44 local ret = handlers(event_name, event_data); |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
45 note_cert_digest(event_data); |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
46 return ret; |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
47 end); |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
48 else |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
49 -- 0.9 |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
50 module:hook("s2s-check-certificate", note_cert_digest, 1000); |
663e5d923ef0
mod_s2s_log_certs: Use new 0.10 API for wrapping event handlers in order to always print log message after all s2s cert checks
Kim Alvefur <zash@zash.se>
parents:
1091
diff
changeset
|
51 end |
1009
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 --[[ |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 function module.add_host(module) |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 module:hook("s2s-check-certificate", note_cert_digest, 1000); |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 end |
fcba646eb20a
mod_s2s_log_certs: Log certificate status and fingerprints
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 ]] |