Mercurial > prosody-modules

comparison mod_bidi/mod_bidi.lua @ 1123:0e16e5e2f410

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_bidi: Only allow or offer bidi on secure connections, with an option to revert to previous behaviour
author Kim Alvefur <zash@zash.se>
date Fri, 02 Aug 2013 18:22:55 +0200
parents 6094d57c5387
children 689e69df1cc4
comparison
equal deleted inserted replaced
1122:6094d57c5387 1123:0e16e5e2f410
10 local core_process_stanza = prosody.core_process_stanza; 10 local core_process_stanza = prosody.core_process_stanza;
11 local traceback = debug.traceback; 11 local traceback = debug.traceback;
12 local hosts = hosts; 12 local hosts = hosts;
13 local xmlns_bidi_feature = "urn:xmpp:features:bidi" 13 local xmlns_bidi_feature = "urn:xmpp:features:bidi"
14 local xmlns_bidi = "urn:xmpp:bidi"; 14 local xmlns_bidi = "urn:xmpp:bidi";
15 local secure_only = module:get_option_boolean("secure_bidi_only", true);
15 local bidi_sessions = module:shared"sessions"; 16 local bidi_sessions = module:shared"sessions";
16 17
17 local function handleerr(err) log("error", "Traceback[s2s]: %s: %s", tostring(err), traceback()); end 18 local function handleerr(err) log("error", "Traceback[s2s]: %s: %s", tostring(err), traceback()); end
18 local function handlestanza(session, stanza) 19 local function handlestanza(session, stanza)
19 if stanza.attr.xmlns == "jabber:client" then --COMPAT: Prosody pre-0.6.2 may send jabber:client 20 if stanza.attr.xmlns == "jabber:client" then --COMPAT: Prosody pre-0.6.2 may send jabber:client
63 end, -2); 64 end, -2);
64 65
65 -- Incoming s2s 66 -- Incoming s2s
66 module:hook("s2s-stream-features", function(event) 67 module:hook("s2s-stream-features", function(event)
67 local origin, features = event.origin, event.features; 68 local origin, features = event.origin, event.features;
68 if not origin.is_bidi and not hosts[module.host].s2sout[origin.from_host] then 69 if not origin.is_bidi and not hosts[module.host].s2sout[origin.from_host]
70 and (not secure_only or origin.cert_chain_status == "valid"
71 and origin.cert_identity_status == "valid") then
69 module:log("debug", "Announcing support for bidirectional streams"); 72 module:log("debug", "Announcing support for bidirectional streams");
70 features:tag("bidi", { xmlns = xmlns_bidi_feature }):up(); 73 features:tag("bidi", { xmlns = xmlns_bidi_feature }):up();
71 end 74 end
72 end); 75 end);
73 76
74 module:hook("stanza/urn:xmpp:bidi:bidi", function(event) 77 module:hook("stanza/urn:xmpp:bidi:bidi", function(event)
75 local origin = event.session or event.origin; 78 local origin = event.session or event.origin;
76 if not origin.is_bidi and not origin.bidi_session then 79 if not origin.is_bidi and not origin.bidi_session
80 and (not secure_only or origin.cert_chain_status == "valid"
81 and origin.cert_identity_status == "valid") then
77 module:log("debug", "%s requested bidirectional stream", origin.from_host); 82 module:log("debug", "%s requested bidirectional stream", origin.from_host);
78 origin.do_bidi = true; 83 origin.do_bidi = true;
79 return true; 84 return true;
80 end 85 end
81 end); 86 end);
82 87
83 -- Outgoing s2s 88 -- Outgoing s2s
84 module:hook("stanza/http://etherx.jabber.org/streams:features", function(event) 89 module:hook("stanza/http://etherx.jabber.org/streams:features", function(event)
85 local origin = event.session or event.origin; 90 local origin = event.session or event.origin;
86 if not ( origin.bidi_session or origin.is_bidi or origin.do_bidi) 91 if not ( origin.bidi_session or origin.is_bidi or origin.do_bidi)
87 and event.stanza:get_child("bidi", xmlns_bidi_feature) then 92 and event.stanza:get_child("bidi", xmlns_bidi_feature)
93 and (not secure_only or origin.cert_chain_status == "valid"
94 and origin.cert_identity_status == "valid") then
88 module:log("debug", "%s supports bidirectional streams", origin.to_host); 95 module:log("debug", "%s supports bidirectional streams", origin.to_host);
89 origin.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi })); 96 origin.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi }));
90 origin.do_bidi = true; 97 origin.do_bidi = true;
91 end 98 end
92 end, 160); 99 end, 160);