Mercurial > prosody-modules
annotate mod_s2s_auth_compat/mod_s2s_auth_compat.lua @ 5288:f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.
author | Jonas Schäfer <jonas@wielicki.name> |
---|---|
date | Wed, 29 Mar 2023 17:21:45 +0200 |
parents | 21e81fcb8896 |
children |
rev | line source |
---|---|
944
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- COMPAT for Openfire sending stream headers without to or from. |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 module:set_global(); |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 module:hook("s2s-check-certificate", function(event) |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local session, host = event.session, event.host; |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 if not event.host then |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 (session.log or module._log)("warn", "Invalid stream header, certificate will not be trusted") |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 session.cert_chain_status = "invalid" |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 return true |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 end |
21e81fcb8896
mod_s2s_auth_compat: Workaround for Openfire doing EXTERNAL without proper stream headers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 end, 100); |