ChronosXYZ/psyced
1
0
Fork 0
mirror of https://github.com/ChronosX88/psyced.git synced 2024-11-09 20:11:00 +00:00
Code Issues Projects Releases Wiki Activity

dialback without dial-back - use certificate information if available

Browse Source
This commit is contained in:
Philipp Hancke 2010-03-28 13:48:08 +02:00
parent bc67782291
commit 024c0514de
1 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
world/net/jabber/gateway.c
View File

@ -255,21 +255,32 @@ jabberMsg(XMLNode node) {
remove_interactive(ME); remove_interactive(ME);
return; return;
} }
sendmsg(origin, // dialback without dial-back - if the certificate is valid and the sender
"_dialback_request_verify", 0, // is contained in the subject take the shortcut and consider the request
([ "_INTERNAL_target_jabber" : source, // valid
"_INTERNAL_source_jabber" : NAMEPREP(_host_XMPP), // paranoia note: as with XEP 0178 we might want to check dns anyway to
"_dialback_key" : node[Cdata], // protect against stolen certificates
"_tag" : streamid if (mappingp(certinfo) && certinfo[0] == 0
]) && node["@from"] && certificate_check_jabbername(node["@from"], certinfo)) {
); P2(("dialback without dialback %O\n", certinfo))
unless (o = find_target_handler(NAMEPREP(origin))) { verify_connection(node["@to"], node["@from"], "valid");
// sendmsg should have created it! } else {
P0(("%O could not find target handler for %O " sendmsg(origin,
"after sendmsg\n", ME, origin)) "_dialback_request_verify", 0,
return; ([ "_INTERNAL_target_jabber" : source,
"_INTERNAL_source_jabber" : NAMEPREP(_host_XMPP),
"_dialback_key" : node[Cdata],
"_tag" : streamid
])
);
unless (o = find_target_handler(NAMEPREP(origin))) {
// sendmsg should have created it!
P0(("%O could not find target handler for %O "
"after sendmsg\n", ME, origin))
return;
}
active = o -> sGateway(ME, target, streamid);
} }
active = o -> sGateway(ME, target, streamid);
return; return;
case "db:verify": case "db:verify":
target = NAMEPREP(target); target = NAMEPREP(target);
@ -474,6 +485,7 @@ open_stream(XMLNode node) {
// we offer SASL external (authentication via name // we offer SASL external (authentication via name
// presented in x509 certificate // presented in x509 certificate
P3(("gateway::certinfo %O\n", certinfo)) P3(("gateway::certinfo %O\n", certinfo))
# ifndef DIALBACK_WITHOUT_DIAL_BACK
if (mappingp(certinfo) && certinfo[0] == 0) { if (mappingp(certinfo) && certinfo[0] == 0) {
// if from attribute is present we only offer // if from attribute is present we only offer
// sasl external if we know that it will succeed // sasl external if we know that it will succeed
@ -484,6 +496,7 @@ open_stream(XMLNode node) {
packet += "<mechanism>EXTERNAL</mechanism>"; packet += "<mechanism>EXTERNAL</mechanism>";
} }
} }
# endif
packet += "</mechanisms>"; packet += "</mechanisms>";
# endif # endif
} }