annotate mod_ipcheck/mod_ipcheck.lua @ 1951:7974a24d29b6

mod_s2s_auth_dane: Consider TLSA records with PKIX uses as supported (if enabled) even if the chain is invalid (if no match is found the session is considered insecure)
author Kim Alvefur <zash@zash.se>
date Mon, 16 Nov 2015 18:03:41 +0100
parents e5039f14e2a7
children b0628bc93acf
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
130
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 -- mod_ipcheck.lua
136
0525c66e7d13 mod_ipcheck: Updated XEP number and URL in comments to the newly published XEP.
Waqas Hussain <waqas20@gmail.com>
parents: 135
diff changeset
3 -- Implementation of XEP-0279: Server IP Check <http://xmpp.org/extensions/xep-0279.html>
130
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5 local st = require "util.stanza";
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 module:add_feature("urn:xmpp:sic:0");
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9 module:hook("iq/bare/urn:xmpp:sic:0:ip", function(event)
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 local origin, stanza = event.origin, event.stanza;
134
744deabdee81 mod_ipcheck: Fixed: 'service-unavailable' was sent instead of 'forbidden' on unauthorized access.
Waqas Hussain <waqas20@gmail.com>
parents: 131
diff changeset
11 if stanza.attr.type == "get" then
130
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12 if stanza.attr.to then
131
46741fc09091 mod_ipcheck: Change error from 'not-authorized' to 'forbidden', as specified in the XEP.
Waqas Hussain <waqas20@gmail.com>
parents: 130
diff changeset
13 origin.send(st.error_reply(stanza, "auth", "forbidden", "You can only ask about your own IP address"));
130
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14 elseif origin.ip then
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 origin.send(st.reply(stanza):tag("ip", {xmlns='urn:xmpp:sic:0'}):text(origin.ip));
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16 else
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17 -- IP addresses should normally be available, but in case they are not
135
d3c28c5fdbae mod_ipcheck: Change error from 'item-not-found' to 'service-unavailable' for missing IP.
Waqas Hussain <waqas20@gmail.com>
parents: 134
diff changeset
18 origin.send(st.error_reply(stanza, "cancel", "service-unavailable", "IP address for this session is not available"));
130
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19 end
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 return true;
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 end
51cd803e86be mod_ipcheck: Initial commit. An implementation of the Server IP Check proto-XEP.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 end);
1244
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
23
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
24 module:add_feature("urn:xmpp:sic:1");
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
25
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
26 module:hook("iq/bare/urn:xmpp:sic:1:address", function(event)
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
27 local origin, stanza = event.origin, event.stanza;
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
28 if stanza.attr.type == "get" then
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
29 if stanza.attr.to then
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
30 origin.send(st.error_reply(stanza, "auth", "forbidden", "You can only ask about your own IP address"));
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
31 elseif origin.ip then
1945
e5039f14e2a7 mod_ipcheck: Fixed bad namespace
Goffi <goffi@goffi.org>
parents: 1245
diff changeset
32 local reply = st.reply(stanza):tag("address", {xmlns='urn:xmpp:sic:1'})
1244
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
33 :tag("ip"):text(origin.ip):up()
1245
a1287d1f8a1f mod_ipcheck: Workaround for differences between server_select and server_event
Kim Alvefur <zash@zash.se>
parents: 1244
diff changeset
34 if origin.conn and origin.conn.port then -- server_event
1244
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
35 reply:tag("port"):text(tostring(origin.conn:port()))
1245
a1287d1f8a1f mod_ipcheck: Workaround for differences between server_select and server_event
Kim Alvefur <zash@zash.se>
parents: 1244
diff changeset
36 elseif origin.conn and origin.conn.clientport then -- server_select
a1287d1f8a1f mod_ipcheck: Workaround for differences between server_select and server_event
Kim Alvefur <zash@zash.se>
parents: 1244
diff changeset
37 reply:tag("port"):text(tostring(origin.conn:clientport()))
1244
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
38 end
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
39 origin.send(reply);
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
40 else
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
41 -- IP addresses should normally be available, but in case they are not
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
42 origin.send(st.error_reply(stanza, "cancel", "service-unavailable", "IP address for this session is not available"));
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
43 end
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
44 return true;
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
45 end
d1bc9a796daf mod_ipcheck: Add support for XEP version 0.2 (includes port)
Kim Alvefur <zash@zash.se>
parents: 136
diff changeset
46 end);