Mercurial > prosody-modules
annotate mod_s2soutinjection/mod_s2soutinjection.lua @ 3503:882180b459a0
mod_pubsub_post: Restructure authentication and authorization (BC)
This deprecates the default "superuser" actor model and makes the
default equivalent to the previous "request.id".
A single actor and secret per node is supported because HTTP and
WebHooks don't normally include any authorization identity.
Allowing authentication bypass when no secret is given should be
relatively safe when the actor is unprivileged, as will be unless
explicitly configured otherwise.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 30 Mar 2019 21:16:13 +0100 |
| parents | 4057f176be7b |
| children | 864fefec1c07 |
| rev | line source |
|---|---|
|
1089
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local st = require"util.stanza"; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local new_ip = require"util.ip".new_ip; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local new_outgoing = require"core.s2smanager".new_outgoing; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local bounce_sendq = module:depends"s2s".route_to_new_session.bounce_sendq; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 local s2sout = module:depends"s2s".route_to_new_session.s2sout; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local injected = module:get_option("s2s_connect_overrides"); |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 local function isip(addr) |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 return not not (addr and addr:match("^%d+%.%d+%.%d+%.%d+$") or addr:match("^[%x:]*:[%x:]-:[%x:]*$")); |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 end |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 module:hook("route/remote", function(event) |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local inject = injected and injected[to_host]; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 if not inject then return end |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 log("debug", "opening a new outgoing connection for this stanza"); |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local host_session = new_outgoing(from_host, to_host); |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 -- Store in buffer |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 host_session.bounce_sendq = bounce_sendq; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 log("debug", "stanza [%s] queued until connection complete", tostring(stanza.name)); |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 local ip_hosts, srv_hosts = {}, {}; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 host_session.srv_hosts = srv_hosts; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 host_session.srv_choice = 0; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 if type(inject) == "string" then inject = { inject } end |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 for _, item in ipairs(inject) do |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 local host, port = item[1] or item, tonumber(item[2]) or 5269; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 if isip(host) then |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 ip_hosts[#ip_hosts+1] = { ip = new_ip(host), port = port } |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 else |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 srv_hosts[#srv_hosts+1] = { target = host, port = port } |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 end |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 if #ip_hosts > 0 then |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 host_session.ip_hosts = ip_hosts; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 host_session.ip_choice = 0; -- Incremented by try_next_ip |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 s2sout.try_next_ip(host_session); |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 return true; |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 end |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 return s2sout.try_connect(host_session, host_session.srv_hosts[1].target, host_session.srv_hosts[1].port); |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 end, -2); |
|
4057f176be7b
mod_s2soutinjection: Initial commit, variant of mod_srvinjection using 0.9+ APIs
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |