dialback without dial-back - use certificate information if available

This commit is contained in:
Philipp Hancke 2010-03-28 13:48:08 +02:00
parent bc67782291
commit 024c0514de

View File

@ -255,6 +255,16 @@ jabberMsg(XMLNode node) {
remove_interactive(ME); remove_interactive(ME);
return; return;
} }
// dialback without dial-back - if the certificate is valid and the sender
// is contained in the subject take the shortcut and consider the request
// valid
// paranoia note: as with XEP 0178 we might want to check dns anyway to
// protect against stolen certificates
if (mappingp(certinfo) && certinfo[0] == 0
&& node["@from"] && certificate_check_jabbername(node["@from"], certinfo)) {
P2(("dialback without dialback %O\n", certinfo))
verify_connection(node["@to"], node["@from"], "valid");
} else {
sendmsg(origin, sendmsg(origin,
"_dialback_request_verify", 0, "_dialback_request_verify", 0,
([ "_INTERNAL_target_jabber" : source, ([ "_INTERNAL_target_jabber" : source,
@ -270,6 +280,7 @@ jabberMsg(XMLNode node) {
return; return;
} }
active = o -> sGateway(ME, target, streamid); active = o -> sGateway(ME, target, streamid);
}
return; return;
case "db:verify": case "db:verify":
target = NAMEPREP(target); target = NAMEPREP(target);
@ -474,6 +485,7 @@ open_stream(XMLNode node) {
// we offer SASL external (authentication via name // we offer SASL external (authentication via name
// presented in x509 certificate // presented in x509 certificate
P3(("gateway::certinfo %O\n", certinfo)) P3(("gateway::certinfo %O\n", certinfo))
# ifndef DIALBACK_WITHOUT_DIAL_BACK
if (mappingp(certinfo) && certinfo[0] == 0) { if (mappingp(certinfo) && certinfo[0] == 0) {
// if from attribute is present we only offer // if from attribute is present we only offer
// sasl external if we know that it will succeed // sasl external if we know that it will succeed
@ -484,6 +496,7 @@ open_stream(XMLNode node) {
packet += "<mechanism>EXTERNAL</mechanism>"; packet += "<mechanism>EXTERNAL</mechanism>";
} }
} }
# endif
packet += "</mechanisms>"; packet += "</mechanisms>";
# endif # endif
} }