# HG changeset patch # User Kim Alvefur # Date 1543683137 -3600 # Node ID 4fe7eee926ce9e194320a8d5ef6628aad070e46b # Parent 8d1141025b43809dfe26b2453941f930c3980e86# Parent 7454274ead2f207e4ab44f168e1e568cf00cb83c Merge with goffi diff -r 7454274ead2f -r 4fe7eee926ce mod_auth_external/README.markdown --- a/mod_auth_external/README.markdown Sat Dec 01 17:50:36 2018 +0100 +++ b/mod_auth_external/README.markdown Sat Dec 01 17:52:17 2018 +0100 @@ -52,14 +52,20 @@ Blocking vs non-blocking ------------------------ -Non-blocking mode is automatically activated when: +Non-blocking mode is experimental and is disabled by default. + +Enable at your own risk if you fulfil these conditions: - Running Prosody trunk ([nightly](http://prosody.im/nightly/) build - 414+). + 414+) or Prosody 0.11.x. - [libevent](http://prosody.im/doc/libevent) is enabled in the config, and LuaEvent is available. - lpty (see installation above) is version 1.0.1 or later. +```lua +external_auth_blocking = false; +``` + Protocol ======== diff -r 7454274ead2f -r 4fe7eee926ce mod_auth_external/mod_auth_external.lua --- a/mod_auth_external/mod_auth_external.lua Sat Dec 01 17:50:36 2018 +0100 +++ b/mod_auth_external/mod_auth_external.lua Sat Dec 01 17:52:17 2018 +0100 @@ -21,7 +21,7 @@ local script_type = module:get_option_string("external_auth_protocol", "generic"); local command = module:get_option_string("external_auth_command", ""); local read_timeout = module:get_option_number("external_auth_timeout", 5); -local blocking = module:get_option_boolean("external_auth_blocking", not(have_async and server.event and lpty.getfd)); +local blocking = module:get_option_boolean("external_auth_blocking", true); -- non-blocking is very experimental local auth_processes = module:get_option_number("external_auth_processes", 1); assert(script_type == "ejabberd" or script_type == "generic", diff -r 7454274ead2f -r 4fe7eee926ce mod_s2s_auth_monkeysphere/README.markdown --- a/mod_s2s_auth_monkeysphere/README.markdown Sat Dec 01 17:50:36 2018 +0100 +++ b/mod_s2s_auth_monkeysphere/README.markdown Sat Dec 01 17:52:17 2018 +0100 @@ -3,26 +3,24 @@ - 'Stage-Alpha' - 'Type-S2SAuth' summary: Monkeysphere certificate checking for s2s -... +--- -Introduction ------------- +## Introduction [Monkeysphere](http://web.monkeysphere.info/) is a project aiming to introduce PGP's web of trust to protocols such as SSH and TLS (which XMPP uses). -Details -------- +## Details This module is currently just a prototype, it has numerous issues and is **not** suitable for production use. -Compatibility -------------- +## Compatibility - ------- ------- - trunk Works - 0.10 Works - 0.9 Works - ------- ------- + ------- ----------------------------- + trunk Works (not tested recently) + 0.11 Works (not tested) + 0.10 Does not work + 0.9 Does not work + ------- ----------------------------- diff -r 7454274ead2f -r 4fe7eee926ce mod_s2s_auth_monkeysphere/mod_s2s_auth_monkeysphere.lua --- a/mod_s2s_auth_monkeysphere/mod_s2s_auth_monkeysphere.lua Sat Dec 01 17:50:36 2018 +0100 +++ b/mod_s2s_auth_monkeysphere/mod_s2s_auth_monkeysphere.lua Sat Dec 01 17:52:17 2018 +0100 @@ -1,33 +1,17 @@ module:set_global(); -local http_request = require"socket.http".request; -local ltn12 = require"ltn12"; local json = require"util.json"; local json_encode, json_decode = json.encode, json.decode; local gettime = require"socket".gettime; local serialize = require"util.serialization".serialize; -local have_async, async = pcall(require, "util.async"); +local async = require"util.async"; +local http_request = require "net.http".request; local msva_url = assert(os.getenv"MONKEYSPHERE_VALIDATION_AGENT_SOCKET", "MONKEYSPHERE_VALIDATION_AGENT_SOCKET is unset, please set it").."/reviewcert"; -if have_async then - local _http_request = require "net.http".request; - function http_request(url, ex) - local wait, done = async.waiter(); - local content, code, request, response; - _http_request(url, ex, function (_content, _code, _request, _response) - content, code, request, response = _content, _code, _request, _response; - done(); - end); - wait(); - return content, code, request, response; - end -end - local function check_with_monkeysphere(event) local session, host, cert = event.session, event.host, event.cert; - local result = {}; local post_body = json_encode { peer = { name = host; @@ -42,23 +26,26 @@ } local req = { method = "POST"; - url = msva_url; headers = { ["Content-Type"] = "application/json"; - ["Content-Length"] = tostring(#post_body); }; - sink = ltn12.sink.table(result); - source = ltn12.source.string(post_body); + body = post_body; }; session.log("debug", "Asking what Monkeysphere thinks about this certificate"); local starttime = gettime(); - local ok, code = http_request(req); + local wait, done = async.waiter(); + local body, code; + http_request(msva_url, req, function (_, _code) + body, code = body, _code; + done(); + end); + wait(); module:log("debug", "Request took %fs", gettime() - starttime); - local body = table.concat(result); - if ok and code == 200 and body then + if code == 200 and body then body = json_decode(body); if body then - session.log(body.valid and "info" or "warn", "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message); + session.log(body.valid and "info" or "warn", + "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message); if body.valid then session.cert_chain_status = "valid"; session.cert_identity_status = "valid";