prosody-modules: mod_secure_interfaces/mod_secure_interfaces.lua annotate

annotate mod_secure_interfaces/mod_secure_interfaces.lua @ 4783:6ca1117b81a5

mod_mam: Obsolete this module, it is included in Prosody since 0.10

author	Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
date	Fri, 09 Jul 2021 18:25:07 +0200
parents	6c806a99f802
children

rev	line source
2730 cd828b1cb5b9 mod_secure_interfaces: Add ::1 to the default secure_interfaces. Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> parents: 2726 diff changeset	1 local secure_interfaces = module:get_option_set("secure_interfaces", { "127.0.0.1", "::1" });
1177 a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	2
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 module:hook("stream-features", function (event)
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	4 local session = event.origin;
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 if session.type ~= "c2s_unauthed" then return; end
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 local socket = session.conn:socket();
2726 55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also Matthew Wild <mwild1@gmail.com> parents: 1177 diff changeset	7 if not socket.getsockname then
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also Matthew Wild <mwild1@gmail.com> parents: 1177 diff changeset	8 module:log("debug", "Unable to determine local address of incoming connection");
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also Matthew Wild <mwild1@gmail.com> parents: 1177 diff changeset	9 return;
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also Matthew Wild <mwild1@gmail.com> parents: 1177 diff changeset	10 end
1177 a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 local localip = socket:getsockname();
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	12 if secure_interfaces:contains(localip) then
2726 55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also Matthew Wild <mwild1@gmail.com> parents: 1177 diff changeset	13 module:log("debug", "Marking session from %s to %s as secure", session.ip or "[?]", localip);
1177 a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	14 session.secure = true;
3415 6c806a99f802 mod_secure_interfaces: Prevent starttls on connections marked secure (fixes #1274) Kim Alvefur <zash@zash.se> parents: 2730 diff changeset	15 session.conn.starttls = false;
2726 55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also Matthew Wild <mwild1@gmail.com> parents: 1177 diff changeset	16 else
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also Matthew Wild <mwild1@gmail.com> parents: 1177 diff changeset	17 module:log("debug", "Not marking session from %s to %s as secure", session.ip or "[?]", localip);
1177 a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	18 end
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 end, 2500);