12 |
12 |
13 if module:get_host_type() ~= "component" then |
13 if module:get_host_type() ~= "component" then |
14 error("proxy65 should be loaded as a component, please see http://prosody.im/doc/components", 0); |
14 error("proxy65 should be loaded as a component, please see http://prosody.im/doc/components", 0); |
15 end |
15 end |
16 |
16 |
17 local jid_split, jid_join = require "util.jid".split, require "util.jid".join; |
17 local jid_split, jid_join, jid_compare = require "util.jid".split, require "util.jid".join, require "util.jid".compare; |
18 local st = require "util.stanza"; |
18 local st = require "util.stanza"; |
19 local componentmanager = require "core.componentmanager"; |
19 local componentmanager = require "core.componentmanager"; |
20 local config_get = require "core.configmanager".get; |
20 local config_get = require "core.configmanager".get; |
21 local connlisteners = require "net.connlisteners"; |
21 local connlisteners = require "net.connlisteners"; |
22 local sha1 = require "util.hashes".sha1; |
22 local sha1 = require "util.hashes".sha1; |
149 local function get_stream_host(origin, stanza) |
149 local function get_stream_host(origin, stanza) |
150 local reply = replies_cache.stream_host; |
150 local reply = replies_cache.stream_host; |
151 local err_reply = replies_cache.stream_host_err; |
151 local err_reply = replies_cache.stream_host_err; |
152 local sid = stanza.tags[1].attr.sid; |
152 local sid = stanza.tags[1].attr.sid; |
153 local allow = false; |
153 local allow = false; |
154 local jid_node, jid_host, jid_resource = jid_split(stanza.attr.from); |
154 local jid = stanza.attr.from; |
155 |
|
156 if stanza.attr.from == nil then |
|
157 jid_node = origin.username; |
|
158 jid_host = origin.host; |
|
159 jid_resource = origin.resource; |
|
160 end |
|
161 |
155 |
162 if proxy_acl and #proxy_acl > 0 then |
156 if proxy_acl and #proxy_acl > 0 then |
163 if host ~= nil then -- at least a domain is needed. |
157 for _, acl in ipairs(proxy_acl) do |
164 for _, acl in ipairs(proxy_acl) do |
158 if jid_compare(jid, acl) then allow = true; end |
165 local acl_node, acl_host, acl_resource = jid_split(acl); |
|
166 if ((acl_node ~= nil and acl_node == jid_node) or acl_node == nil) and |
|
167 ((acl_host ~= nil and acl_host == jid_host) or acl_host == nil) and |
|
168 ((acl_resource ~= nil and acl_resource == jid_resource) or acl_resource == nil) then |
|
169 allow = true; |
|
170 end |
|
171 end |
|
172 end |
159 end |
173 else |
160 else |
174 allow = true; |
161 allow = true; |
175 end |
162 end |
176 if allow == true then |
163 if allow == true then |
179 :query("http://jabber.org/protocol/bytestreams") |
166 :query("http://jabber.org/protocol/bytestreams") |
180 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); |
167 :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); |
181 replies_cache.stream_host = reply; |
168 replies_cache.stream_host = reply; |
182 end |
169 end |
183 else |
170 else |
184 module:log("warn", "Denying use of proxy for %s", tostring(jid_join(jid_node, jid_host, jid_resource))); |
171 module:log("warn", "Denying use of proxy for %s", tostring(jid)); |
185 if err_reply == nil then |
172 if err_reply == nil then |
186 err_reply = st.iq({type="error", from=host}) |
173 err_reply = st.iq({type="error", from=host}) |
187 :query("http://jabber.org/protocol/bytestreams") |
174 :query("http://jabber.org/protocol/bytestreams") |
188 :tag("error", {code='403', type='auth'}) |
175 :tag("error", {code='403', type='auth'}) |
189 :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); |
176 :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); |