annotate mod_component_roundrobin/mod_component_roundrobin.lua @ 1177:a464261deba8

mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
author Matthew Wild <mwild1@gmail.com>
date Thu, 29 Aug 2013 12:20:20 +0100
parents a6d215c73c47
children 08e50d742392
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
406
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 -- Prosody IM
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 --
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 -- COPYING file in the source package for more information.
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 --
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9 if module:get_host_type() ~= "component" then
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 error("Don't load mod_component manually, it should be for a component, please see http://prosody.im/doc/components", 0);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13 local hosts = _G.hosts;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 local t_concat = table.concat;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17 local sha1 = require "util.hashes".sha1;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18 local st = require "util.stanza";
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 local log = module._log;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 local sessions = {};
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 local function on_destroy(session, err)
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 if sessions[session] then
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 sessions[session] = nil;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27 session.on_destroy = nil;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31 local last_session;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32 local function handle_stanza(event)
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
33 local stanza = event.stanza;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
34 if next(sessions) then
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
35 stanza.attr.xmlns = nil;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
36 last_session = next(sessions, last_session) or next(sessions);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
37 last_session.send(stanza);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
38 else
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
39 log("warn", "Component not connected, bouncing error for: %s", stanza:top_tag());
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
40 if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
41 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable"));
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
42 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 return true;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
47 module:hook("iq/bare", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
48 module:hook("message/bare", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 module:hook("presence/bare", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50 module:hook("iq/full", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
51 module:hook("message/full", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
52 module:hook("presence/full", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
53 module:hook("iq/host", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
54 module:hook("message/host", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
55 module:hook("presence/host", handle_stanza, -1);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
56
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
57 --- Handle authentication attempts by components
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
58 function handle_component_auth(event)
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
59 local session, stanza = event.origin, event.stanza;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
60
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
61 if session.type ~= "component" then return; end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
62 if sessions[session] then return; end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
63
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
64 if (not session.host) or #stanza.tags > 0 then
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
65 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
66 session:close("not-authorized");
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
67 return true;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
68 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
69
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
70 local secret = module:get_option("component_secret");
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
71 if not secret then
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
72 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
73 session:close("not-authorized");
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
74 return true;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
75 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
76
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
77 local supplied_token = t_concat(stanza);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
78 local calculated_token = sha1(session.streamid..secret, true);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
79 if supplied_token:lower() ~= calculated_token:lower() then
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
80 log("info", "Component authentication failed for %s", session.host);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
81 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" };
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
82 return true;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
83 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
84
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
85 -- Add session to sessions table
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
86 sessions[session] = true;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
87 session.on_destroy = on_destroy;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
88 session.component_validate_from = module:get_option_boolean("validate_from_addresses", true);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
89 log("info", "Component successfully authenticated: %s", session.host);
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
90 session.send(st.stanza("handshake"));
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
91
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
92 return true;
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
93 end
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
94
a6d215c73c47 mod_component_roundrobin: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
95 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth);