mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set

Browse source 
Prevents some weirdness in cases where no authentication is done
This commit is contained in:
Kim Alvefur 2019-11-28 18:57:17 +01:00
parent 61228e919c
commit 53cde4a8a8
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
plugins/mod_s2s_bidi.lua
View file

@ -10,15 +10,17 @@ local st = require "util.stanza";
local xmlns_bidi_feature = "urn:xmpp:features:bidi"
local xmlns_bidi = "urn:xmpp:bidi";
local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
module:hook("s2s-stream-features", function(event)
local origin, features = event.origin, event.features;
if origin.type == "s2sin_unauthed" then
if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then
features:tag("bidi", { xmlns = xmlns_bidi_feature }):up();
end
end);
module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza)
if session.type == "s2sout_unauthed" then
if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then
local bidi = stanza:get_child("bidi", xmlns_bidi_feature);
if bidi then
session.incoming = true;
@ -29,7 +31,7 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio
end, 200);
module:hook_tag("urn:xmpp:bidi", "bidi", function(session)
if session.type == "s2sin_unauthed" then
if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then
session.log("debug", "Requested bidirectional stream");
session.outgoing = true;
return true;