Mercurial > prosody-modules
comparison mod_watchuntrusted/mod_watchuntrusted.lua @ 1675:116488cced16
mod_watchuntrusted: Only notify once per host per day
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 22 Apr 2015 13:20:47 +0200 |
| parents | 5eaecb7f680d |
| children | 2328cbc41045 |
comparison
equal
deleted
inserted
replaced
| 1674:7f4c64cfed09 | 1675:116488cced16 |
|---|---|
| 6 | 6 |
| 7 local untrusted_fail_watchers = module:get_option_set("untrusted_fail_watchers", module:get_option("admins", {})) / jid_prep; | 7 local untrusted_fail_watchers = module:get_option_set("untrusted_fail_watchers", module:get_option("admins", {})) / jid_prep; |
| 8 local untrusted_fail_notification = module:get_option("untrusted_fail_notification", "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"); | 8 local untrusted_fail_notification = module:get_option("untrusted_fail_notification", "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"); |
| 9 | 9 |
| 10 local st = require "util.stanza"; | 10 local st = require "util.stanza"; |
| 11 | |
| 12 local notified_about_already = { }; | |
| 11 | 13 |
| 12 module:hook_global("s2s-check-certificate", function (event) | 14 module:hook_global("s2s-check-certificate", function (event) |
| 13 local session, host = event.session, event.host; | 15 local session, host = event.session, event.host; |
| 14 local conn = session.conn:socket(); | 16 local conn = session.conn:socket(); |
| 15 local local_host = session.direction == "outgoing" and session.from_host or session.to_host; | 17 local local_host = session.direction == "outgoing" and session.from_host or session.to_host; |
| 23 must_secure = true; | 25 must_secure = true; |
| 24 elseif must_secure and insecure_domains[host] then | 26 elseif must_secure and insecure_domains[host] then |
| 25 must_secure = false; | 27 must_secure = false; |
| 26 end | 28 end |
| 27 | 29 |
| 28 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then | 30 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") and not notified_about_already[host] then |
| 31 notified_about_already[host] = os.time(); | |
| 29 local _, errors = conn:getpeerverification(); | 32 local _, errors = conn:getpeerverification(); |
| 30 local error_message = ""; | 33 local error_message = ""; |
| 31 | 34 |
| 32 for depth, t in pairs(errors or {}) do | 35 for depth, t in pairs(errors or {}) do |
| 33 if #t > 0 then | 36 if #t > 0 then |
| 52 module:send(message); | 55 module:send(message); |
| 53 end | 56 end |
| 54 end | 57 end |
| 55 end, -0.5); | 58 end, -0.5); |
| 56 | 59 |
| 60 module:add_timer(14400, function (now) | |
| 61 for host, time in pairs(notified_about_already) do | |
| 62 if time + 86400 > now then | |
| 63 notified_about_already[host] = nil; | |
| 64 end | |
| 65 end | |
| 66 end) |