Mercurial > prosody-modules
comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1338:eca8c480891e
mod_s2s_auth_dane: Only do TLSA lookup if it hasn't been attempted already
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 09 Mar 2014 23:08:41 +0100 |
| parents | c38f163f18b9 |
| children | 50555c2ccbcd |
comparison
equal
deleted
inserted
replaced
| 1337:c38f163f18b9 | 1338:eca8c480891e |
|---|---|
| 33 -- the original function does A/AAAA resolution before continuing | 33 -- the original function does A/AAAA resolution before continuing |
| 34 local _try_connect = s2sout.try_connect; | 34 local _try_connect = s2sout.try_connect; |
| 35 function s2sout.try_connect(host_session, connect_host, connect_port, err) | 35 function s2sout.try_connect(host_session, connect_host, connect_port, err) |
| 36 local srv_hosts = host_session.srv_hosts; | 36 local srv_hosts = host_session.srv_hosts; |
| 37 local srv_choice = host_session.srv_choice; | 37 local srv_choice = host_session.srv_choice; |
| 38 if srv_hosts and srv_hosts.answer.secure and not srv_hosts[srv_choice].dane then | 38 if srv_hosts and srv_hosts.answer.secure and srv_hosts[srv_choice].dane == nil then |
| 39 srv_hosts[srv_choice].dane = dns_lookup(function(answer) | 39 srv_hosts[srv_choice].dane = dns_lookup(function(answer) |
| 40 if answer and ( #answer > 0 or answer.bogus ) then | 40 if answer and ( #answer > 0 or answer.bogus ) then |
| 41 srv_hosts[srv_choice].dane = answer; | 41 srv_hosts[srv_choice].dane = answer; |
| 42 else | 42 else |
| 43 srv_hosts[srv_choice].dane = false; | 43 srv_hosts[srv_choice].dane = false; |
| 126 end | 126 end |
| 127 end); | 127 end); |
| 128 | 128 |
| 129 -- DANE for s2sin | 129 -- DANE for s2sin |
| 130 -- Looks for TLSA at the same QNAME as the SRV record | 130 -- Looks for TLSA at the same QNAME as the SRV record |
| 131 -- FIXME This has a race condition | |
| 131 module:hook("s2s-stream-features", function(event) | 132 module:hook("s2s-stream-features", function(event) |
| 132 local origin = event.origin; | 133 local origin = event.origin; |
| 133 if not origin.from_host or origin.dane ~= nil then return end | 134 if not origin.from_host or origin.dane ~= nil then return end |
| 134 | 135 |
| 135 origin.dane = dns_lookup(function(answer) | 136 origin.dane = dns_lookup(function(answer) |
| 136 if answer and ( #answer > 0 or answer.bogus ) then | 137 if answer and ( #answer > 0 or answer.bogus ) then |
| 137 origin.dane = answer; | 138 origin.dane = answer; |
| 138 else | 139 else |
| 139 origin.dane = false; | 140 origin.dane = false; |
| 140 end | 141 end |
| 141 -- "blocking" until TLSA reply, but no race condition | 142 end, ("_xmpp-server._tcp.%s."):format(origin.from_host), "TLSA"); |
| 142 end, ("_xmpp-server._tcp.%s"):format(origin.from_host), "TLSA"); | |
| 143 end, 1); | 143 end, 1); |
| 144 end | 144 end |
| 145 | 145 |
| 146 function module.unload() | 146 function module.unload() |
| 147 -- Restore the original try_connect function | 147 -- Restore the original try_connect function |