local st = require "util.stanza";
local sha256_hash = require "util.hashes".sha256;
+local sha256_hmac = require "util.hashes".hmac_sha256;
local nameprep = require "util.encodings".stringprep.nameprep;
local check_cert_status = module:depends"s2s".check_cert_status;
local uuid_gen = require"util.uuid".generate;
local dialback_requests = setmetatable({}, { __mode = 'v' });
-local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen());
+local dialback_secret = sha256_hash(module:get_option_string("dialback_secret", uuid_gen()), true);
local dwd = module:get_option_boolean("dialback_without_dialback", false);
function module.save()
end
function generate_dialback(id, to, from)
- return sha256_hash(id..to..dialback_secret, true);
+ return sha256_hmac(dialback_secret, to .. ' ' .. from .. ' ' .. id, true);
end
function initiate_dialback(session)
local attr = stanza.attr;
local to, from = nameprep(attr.to), nameprep(attr.from);
+ if not hosts[to] then
+ -- Not a host that we serve
+ origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
+ origin:close("host-unknown");
+ return true;
+ elseif not from then
+ origin:close("improper-addressing");
+ end
+
if dwd and origin.secure then
if check_cert_status(origin, from) == false then
return
end
end
- if not hosts[to] then
- -- Not a host that we serve
- origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
- origin:close("host-unknown");
- return true;
- elseif not from then
- origin:close("improper-addressing");
- end
-
origin.hosts[from] = { dialback_key = stanza[1] };
dialback_requests[from.."/"..origin.streamid] = origin;
end
end);
-module:hook_stanza("urn:ietf:params:xml:ns:xmpp-sasl", "failure", function (origin, stanza)
- if origin.external_auth == "failed" then
- module:log("debug", "SASL EXTERNAL failed, falling back to dialback");
- initiate_dialback(origin);
- return true;
- end
-end, 100);
-
module:hook_stanza(xmlns_stream, "features", function (origin, stanza)
if not origin.external_auth or origin.external_auth == "failed" then
module:log("debug", "Initiating dialback...");