projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Slightly more secure dialback secret generation
[prosody.git] / core / s2smanager.lua
diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index df877767cc77c8fa95c45ab77f4b6ddb051b26b6..7827381d4b1eee375a674448fc7e760f2048bf82 100644 (file)
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -43,7 +43,7 @@ local log = logger_init("s2smanager");
 
 local sha256_hash = require "util.hashes".sha256;
 
-local dialback_secret = "This is very secret!!! Ha!";
+local dialback_secret = sha256_hash(tostring{} .. math.random() .. socket.gettime(), true);
 
 local dns = require "net.dns";
 
@@ -52,20 +52,20 @@ module "s2smanager"
 local function compare_srv_priorities(a,b) return a.priority < b.priority or a.weight < b.weight; end
 
 function send_to_host(from_host, to_host, data)
-       if data.name then data = tostring(data); end
        local host = hosts[from_host].s2sout[to_host];
        if host then
                -- We have a connection to this host already
-               if host.type == "s2sout_unauthed" and ((not data.xmlns) or data.xmlns == "jabber:client" or data.xmlns == "jabber:server") then
-                       (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host..", authing it now...");
+               if host.type == "s2sout_unauthed" and data.name ~= "db:verify" and ((not data.xmlns) or data.xmlns == "jabber:client" or data.xmlns == "jabber:server") then
+                       (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
                        if not host.notopen and not host.dialback_key then
                                host.log("debug", "dialback had not been initiated");
                                initiate_dialback(host);
                        end
                        
                        -- Queue stanza until we are able to send it
-                       if host.sendq then t_insert(host.sendq, data);
-                       else host.sendq = { data }; end
+                       if host.sendq then t_insert(host.sendq, tostring(data));
+                       else host.sendq = { tostring(data) }; end
+                       host.log("debug", "stanza [%s] queued ", data.name);
                elseif host.type == "local" or host.type == "component" then
                        log("error", "Trying to send a stanza to ourselves??")
                        log("error", "Traceback: %s", get_traceback());
@@ -84,7 +84,7 @@ function send_to_host(from_host, to_host, data)
                log("debug", "opening a new outgoing connection for this stanza");
                local host_session = new_outgoing(from_host, to_host);
                -- Store in buffer
-               host_session.sendq = { data };
+               host_session.sendq = { tostring(data) };
        end
 end
 
@@ -94,7 +94,7 @@ function new_incoming(conn)
        local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming" };
        if true then
                session.trace = newproxy(true);
-               getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; print("s2s session got collected, now "..open_sessions.." s2s sessions are allocated") end;
+               getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; end;
        end
        open_sessions = open_sessions + 1;
        local w, log = conn.write, logger_init("s2sin"..tostring(conn):match("[a-f0-9]+$"));