58 local session, stanza = event.origin, event.stanza; |
58 local session, stanza = event.origin, event.stanza; |
59 |
59 |
60 if session.type ~= "component" then return; end |
60 if session.type ~= "component" then return; end |
61 if main_session == session then return; end |
61 if main_session == session then return; end |
62 |
62 |
63 log("info", "Handling component auth"); |
|
64 if (not session.host) or #stanza.tags > 0 then |
63 if (not session.host) or #stanza.tags > 0 then |
65 (session.log or log)("warn", "Component handshake invalid"); |
64 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host); |
66 session:close("not-authorized"); |
65 session:close("not-authorized"); |
67 return true; |
66 return true; |
68 end |
67 end |
69 |
68 |
70 local secret = module:get_option("component_secret"); |
69 local secret = module:get_option("component_secret"); |
75 end |
74 end |
76 |
75 |
77 local supplied_token = t_concat(stanza); |
76 local supplied_token = t_concat(stanza); |
78 local calculated_token = sha1(session.streamid..secret, true); |
77 local calculated_token = sha1(session.streamid..secret, true); |
79 if supplied_token:lower() ~= calculated_token:lower() then |
78 if supplied_token:lower() ~= calculated_token:lower() then |
80 log("info", "Component for %s authentication failed", session.host); |
79 log("info", "Component authentication failed for %s", session.host); |
81 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; |
80 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" }; |
82 return true; |
81 return true; |
83 end |
82 end |
84 |
|
85 -- Authenticated now |
|
86 log("info", "Component authenticated: %s", session.host); |
|
87 |
|
88 session.component_validate_from = module:get_option_boolean("validate_from_addresses") ~= false; |
|
89 |
83 |
90 -- If component not already created for this host, create one now |
84 -- If component not already created for this host, create one now |
91 if not main_session then |
85 if not main_session then |
92 send = session.send; |
86 send = session.send; |
93 main_session = session; |
87 main_session = session; |
94 session.on_destroy = on_destroy; |
88 session.on_destroy = on_destroy; |
95 log("info", "Component successfully registered"); |
89 session.component_validate_from = module:get_option_boolean("validate_from_addresses") ~= false; |
|
90 log("info", "Component successfully authenticated: %s", session.host); |
96 session.send(st.stanza("handshake")); |
91 session.send(st.stanza("handshake")); |
97 else |
92 else -- TODO: Implement stanza distribution |
98 log("error", "Multiple components bound to the same address, first one wins (TODO: Implement stanza distribution)"); |
93 log("error", "Multiple components bound to the same address, first one wins: %s", session.host); |
99 session:close{ condition = "conflict", text = "Component already connected" }; |
94 session:close{ condition = "conflict", text = "Component already connected" }; |
100 end |
95 end |
101 |
96 |
102 return true; |
97 return true; |
103 end |
98 end |