Mercurial > prosody-modules
diff mod_client_certs/mod_client_certs.lua @ 697:c3337f62a538
mod_client_certs: Disconnect every session that was using that cert when revoking a client certificate.
author | Thijs Alkemade <thijsalkemade@gmail.com> |
---|---|
date | Tue, 05 Jun 2012 19:31:03 +0200 |
parents | f6be46f15b74 |
children | 3a3293f37139 |
line wrap: on
line diff
--- a/mod_client_certs/mod_client_certs.lua Tue Jun 05 19:17:28 2012 +0200 +++ b/mod_client_certs/mod_client_certs.lua Tue Jun 05 19:31:03 2012 +0200 @@ -167,10 +167,6 @@ local disable = stanza.tags[1]; module:log("debug", "%s disabled a certificate", origin.full_jid); - if disable.name == "revoke" then - module:log("debug", "%s revoked a certificate! Should disconnect all clients that used it", origin.full_jid); - -- TODO hosts.sessions[user].sessions.each{close if uses this cert} - end local item = disable:get_child("item"); local name = item and item.attr.id; @@ -179,8 +175,21 @@ return true end - disable_cert(origin.username, name); + local disabled_cert = disable_cert(origin.username, name):pem(); + + if disable.name == "revoke" then + module:log("debug", "%s revoked a certificate! Disconnecting all clients that used it", origin.full_jid); + local sessions = hosts[module.host].sessions[origin.username].sessions; + for _, session in pairs(sessions) do + local cert = session.external_auth_cert; + + if cert and cert == disabled_cert then + module:log("debug", "Found a session that should be closed: %s", tostring(session)); + session:close{ condition = "not-authorized", text = "This client side certificate has been revoked."}; + end + end + end origin.send(st.reply(stanza)); return true