Mercurial > prosody-modules

comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1356:a74ba847195a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s_auth_dane: Drop support for domains without SRV for now
author Kim Alvefur <zash@zash.se>
date Tue, 18 Mar 2014 16:09:51 +0100
parents 7f68d950bdd6
children 497e1df4b7ee
comparison
equal deleted inserted replaced
1355:7f68d950bdd6 1356:a74ba847195a
45 local function dane_lookup(host_session, cb, a,b,c,e) 45 local function dane_lookup(host_session, cb, a,b,c,e)
46 if host_session.dane ~= nil then return end 46 if host_session.dane ~= nil then return end
47 if host_session.direction == "incoming" then 47 if host_session.direction == "incoming" then
48 local name = idna_to_ascii(host_session.from_host); 48 local name = idna_to_ascii(host_session.from_host);
49 if not name then return end 49 if not name then return end
50 local handle = dns_lookup(function (answer) 50 host_session.dane = dns_lookup(function (answer)
51 if not answer.secure then 51 if not answer.secure then
52 if cb then return cb(a,b,c,e); end 52 if cb then return cb(a,b,c,e); end
53 return; 53 return;
54 end 54 end
55 if #answer == 1 and answer[1].srv.target == '.' then return end 55 local n = #answer
56 if n == 0 then if cb then return cb(a,b,c,e); end return end
57 if n == 1 and answer[1].srv.target == '.' then return end
56 local srv_hosts = { answer = answer }; 58 local srv_hosts = { answer = answer };
57 local dane = {}; 59 local dane = {};
58 host_session.dane = dane; 60 host_session.dane = dane;
59 host_session.srv_hosts = srv_hosts; 61 host_session.srv_hosts = srv_hosts;
60 local n = #answer
61 for _, record in ipairs(answer) do 62 for _, record in ipairs(answer) do
62 t_insert(srv_hosts, record.srv); 63 t_insert(srv_hosts, record.srv);
63 dns_lookup(function(dane_answer) 64 dns_lookup(function(dane_answer)
64 n = n - 1; 65 n = n - 1;
65 if dane_answer.bogus then 66 if dane_answer.bogus then
73 end, ("_%d._tcp.%s."):format(record.srv.port, record.srv.target), "TLSA"); 74 end, ("_%d._tcp.%s."):format(record.srv.port, record.srv.target), "TLSA");
74 end 75 end
75 end, "_xmpp-server._tcp."..name..".", "SRV"); 76 end, "_xmpp-server._tcp."..name..".", "SRV");
76 return true; 77 return true;
77 elseif host_session.direction == "outgoing" then 78 elseif host_session.direction == "outgoing" then
78 local srv_hosts = host_session.srv_hosts; 79 if not host_session.srv_hosts then return end
79 if not (srv_choice and srv_choice.answer and srv_choice.answer.secure) then
80 local srv_choice = host_session.srv_hosts[host_session.srv_choice]; 80 local srv_choice = host_session.srv_hosts[host_session.srv_choice];
81 host_session.dane = dns_lookup(function(answer) 81 host_session.dane = dns_lookup(function(answer)
82 if answer and (answer.secure and #answer > 0) or answer.bogus then 82 if answer and (answer.secure and #answer > 0) or answer.bogus then
83 srv_choice.dane = answer; 83 srv_choice.dane = answer;
84 else 84 else
91 end 91 end
92 end 92 end
93 93
94 local _try_connect = s2sout.try_connect; 94 local _try_connect = s2sout.try_connect;
95 function s2sout.try_connect(host_session, connect_host, connect_port, err) 95 function s2sout.try_connect(host_session, connect_host, connect_port, err)
96 if not host_session.srv_hosts then
97 host_session.srv_hosts = { answer = { secure = true }, { target = connect_host, port = connect_port } };
98 host_session.srv_choice = 1;
99 end
100 if not err and dane_lookup(host_session, _try_connect, host_session, connect_host, connect_port, err) then 96 if not err and dane_lookup(host_session, _try_connect, host_session, connect_host, connect_port, err) then
101 return true; 97 return true;
102 end 98 end
103 return _try_connect(host_session, connect_host, connect_port, err); 99 return _try_connect(host_session, connect_host, connect_port, err);
104 end 100 end