Mercurial > prosody-modules
view mod_dwd/mod_dwd.lua @ 4939:7d6ae8bb95dc
mod_delegation: use clean_xmlns to remove jabber:client namespace from node:
for the same reason as in mod_privilege, `jabber:client` namespace is removed with the
clean_xmlns method coming from there.
Furthermore, the forwarded <iq> stanza use the `jabber:client` xmlns while the stanza may
come from a component with e.g. `jabber:component:accept` xmlns, this can lead to
inconsistencies between the <iq> stanza and children (like <error> element).
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sat, 28 May 2022 16:42:13 +0200 |
| parents | 4e235e565693 |
| children |
line wrap: on
line source
local hosts = _G.hosts; local st = require "util.stanza"; local nameprep = require "util.encodings".stringprep.nameprep; local cert_verify_identity = require "util.x509".verify_identity; module:hook("stanza/jabber:server:dialback:result", function(event) local origin, stanza = event.origin, event.stanza; if origin.cert_chain_status == "valid" and origin.type == "s2sin_unauthed" or origin.type == "s2sin" then local attr = stanza.attr; local to, from = nameprep(attr.to), nameprep(attr.from); local conn = origin.conn:socket() local cert; if conn.getpeercertificate then cert = conn:getpeercertificate() end if cert and hosts[to] and cert_verify_identity(from, "xmpp-server", cert) then -- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from' -- on streams. We fill in the session's to/from here instead. if not origin.from_host then origin.from_host = from; end if not origin.to_host then origin.to_host = to; end module:log("info", "Accepting Dialback without Dialback for %s", from); module:fire_event("s2s-authenticated", { session = origin, host = from }); origin.sends2s( st.stanza("db:result", { from = attr.to, to = attr.from, id = attr.id, type = "valid" })); return true; end end end, 100);