2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
9 if module:get_host_type() ~= "component" then
10 error("Don't load mod_component manually, it should be for a component, please see http://prosody.im/doc/components", 0);
13 local hosts = _G.hosts;
15 local t_concat = table.concat;
17 local sha1 = require "util.hashes".sha1;
18 local st = require "util.stanza";
20 local log = module._log;
22 local main_session, send;
24 local function on_destroy(session, err)
25 if main_session == session then
28 session.on_destroy = nil;
32 local function handle_stanza(event)
33 local stanza = event.stanza;
35 stanza.attr.xmlns = nil;
38 log("warn", "Stanza being handled by default component; bouncing error for: %s", stanza:top_tag());
39 if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then
40 event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable"));
46 module:hook("iq/bare", handle_stanza, -1);
47 module:hook("message/bare", handle_stanza, -1);
48 module:hook("presence/bare", handle_stanza, -1);
49 module:hook("iq/full", handle_stanza, -1);
50 module:hook("message/full", handle_stanza, -1);
51 module:hook("presence/full", handle_stanza, -1);
52 module:hook("iq/host", handle_stanza, -1);
53 module:hook("message/host", handle_stanza, -1);
54 module:hook("presence/host", handle_stanza, -1);
56 --- Handle authentication attempts by components
57 function handle_component_auth(event)
58 local session, stanza = event.origin, event.stanza;
60 if session.type ~= "component" then return; end
61 if main_session == session then return; end
63 if (not session.host) or #stanza.tags > 0 then
64 (session.log or log)("warn", "Invalid component handshake for host: %s", session.host);
65 session:close("not-authorized");
69 local secret = module:get_option("component_secret");
71 (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.host);
72 session:close("not-authorized");
76 local supplied_token = t_concat(stanza);
77 local calculated_token = sha1(session.streamid..secret, true);
78 if supplied_token:lower() ~= calculated_token:lower() then
79 log("info", "Component authentication failed for %s", session.host);
80 session:close{ condition = "not-authorized", text = "Given token does not match calculated token" };
84 -- If component not already created for this host, create one now
85 if not main_session then
87 main_session = session;
88 session.on_destroy = on_destroy;
89 session.component_validate_from = module:get_option_boolean("validate_from_addresses") ~= false;
90 log("info", "Component successfully authenticated: %s", session.host);
91 session.send(st.stanza("handshake"));
92 else -- TODO: Implement stanza distribution
93 log("error", "Multiple components bound to the same address, first one wins: %s", session.host);
94 session:close{ condition = "conflict", text = "Component already connected" };
100 module:hook("stanza/jabber:component:accept:handshake", handle_component_auth);