X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_dialback.lua;h=dc3c3f10a7a06cf8a52ec9aa8463c2039ed62ab4;hb=8708def4f55e61acdd5b2c762d420ab40da0d015;hp=67be15e33bda6ecb7ed17a7758ed7b6fbcd0ea55;hpb=6cd8cfafaab03a47d3c511bcc95c758e7c1d4428;p=prosody.git

diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua
index 67be15e3..dc3c3f10 100644
--- a/plugins/mod_dialback.lua
+++ b/plugins/mod_dialback.lua
@@ -7,12 +7,12 @@
 --
 
 local hosts = _G.hosts;
-local s2s_make_authenticated = require "core.s2smanager".make_authenticated;
 
 local log = module._log;
 
 local st = require "util.stanza";
 local sha256_hash = require "util.hashes".sha256;
+local sha256_hmac = require "util.hashes".hmac_sha256;
 local nameprep = require "util.encodings".stringprep.nameprep;
 
 local xmlns_stream = "http://etherx.jabber.org/streams";
@@ -20,7 +20,7 @@ local xmlns_stream = "http://etherx.jabber.org/streams";
 local dialback_requests = setmetatable({}, { __mode = 'v' });
 
 function generate_dialback(id, to, from)
-	return sha256_hash(id..to..from..hosts[from].dialback_secret, true);
+	return sha256_hmac(sha256_hash(hosts[from].dialback_secret), to .. ' ' .. from .. ' ' .. id, true);
 end
 
 function initiate_dialback(session)
@@ -41,6 +41,11 @@ module:hook("stanza/jabber:server:dialback:verify", function(event)
 		-- We are being asked to verify the key, to ensure it was generated by us
 		origin.log("debug", "verifying that dialback key is ours...");
 		local attr = stanza.attr;
+		if attr.type then
+			module:log("warn", "Ignoring incoming session from %s claiming a dialback key for %s is %s",
+				origin.from_host or "(unknown)", attr.from or "(unknown)", attr.type);
+			return true;
+		end
 		-- COMPAT: Grr, ejabberd breaks this one too?? it is black and white in XEP-220 example 34
 		--if attr.from ~= origin.to_host then error("invalid-from"); end
 		local type;
@@ -102,18 +107,17 @@ module:hook("stanza/jabber:server:dialback:verify", function(event)
 	if origin.type == "s2sout_unauthed" or origin.type == "s2sout" then
 		local attr = stanza.attr;
 		local dialback_verifying = dialback_requests[attr.from.."/"..(attr.id or "")];
-		module:log("debug", tostring(dialback_verifying).." "..attr.from.." "..origin.to_host);
 		if dialback_verifying and attr.from == origin.to_host then
 			local valid;
 			if attr.type == "valid" then
-				s2s_make_authenticated(dialback_verifying, attr.from);
+				module:fire_event("s2s-authenticated", { session = dialback_verifying, host = attr.from });
 				valid = "valid";
 			else
 				-- Warn the original connection that is was not verified successfully
-				log("warn", "authoritative server for "..(attr.from or "(unknown)").." denied the key");
+				log("warn", "authoritative server for %s denied the key", attr.from or "(unknown)");
 				valid = "invalid";
 			end
-			if not dialback_verifying.sends2s then
+			if dialback_verifying.destroyed then
 				log("warn", "Incoming s2s session %s was closed in the meantime, so we can't notify it of the db result", tostring(dialback_verifying):match("%w+$"));
 			else
 				dialback_verifying.sends2s(
@@ -142,7 +146,7 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
 			return true;
 		end
 		if stanza.attr.type == "valid" then
-			s2s_make_authenticated(origin, attr.from);
+			module:fire_event("s2s-authenticated", { session = origin, host = attr.from });
 		else
 			origin:close("not-authorized", "dialback authentication failed");
 		end
@@ -166,7 +170,7 @@ module:hook_stanza(xmlns_stream, "features", function (origin, stanza)
 	end
 end, 100);
 
-module:hook("s2s-authenticate-legacy", function (event)
+module:hook("s2sout-authenticate-legacy", function (event)
 	module:log("debug", "Initiating dialback...");
 	initiate_dialback(event.origin);
 	return true;