X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_proxy65.lua;h=73527cbc1188f6c0277d39b6195f1b25afeafc40;hb=f1578bdc4e0a3b10a46adbe3ebd9ae39fbc682a0;hp=b2f6f7035b9111ee36dfd801de38be8f8896339c;hpb=2dd2707cf32ebe48ac5af9fcabd1dfd9e4d216c8;p=prosody.git diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua index b2f6f703..73527cbc 100644 --- a/plugins/mod_proxy65.lua +++ b/plugins/mod_proxy65.lua @@ -2,7 +2,7 @@ -- Copyright (C) 2008-2011 Matthew Wild -- Copyright (C) 2008-2011 Waqas Hussain -- Copyright (C) 2009 Thilo Cestonaro --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -14,6 +14,7 @@ local st = require "util.stanza"; local sha1 = require "util.hashes".sha1; local b64 = require "util.encodings".base64.encode; local server = require "net.server"; +local portmanager = require "core.portmanager"; local sessions, transfers = module:shared("sessions", "transfers"); local max_buffer_size = 4096; @@ -29,7 +30,7 @@ function listener.onincoming(conn, data) (conn == initiator and target or initiator):write(data); return; end -- FIXME server.link should be doing this? - + if not session.greeting_done then local nmethods = data:byte(2) or 0; if data:byte(1) == 0x05 and nmethods > 0 and #data == 2 + nmethods then -- check if we have all the data @@ -89,57 +90,52 @@ end function module.add_host(module) local host, name = module:get_host(), module:get_option_string("name", "SOCKS5 Bytestreams Service"); - + local proxy_address = module:get_option("proxy65_address", host); - local proxy_port = module:get_option_number("proxy65_port", next(portmanager.get_active_services():search("proxy65", nil)[1] or {})); + local proxy_port = next(portmanager.get_active_services():search("proxy65", nil)[1] or {}); local proxy_acl = module:get_option("proxy65_acl"); + -- COMPAT w/pre-0.9 where proxy65_port was specified in the components section of the config + local legacy_config = module:get_option_number("proxy65_port"); + if legacy_config then + module:log("warn", "proxy65_port is deprecated, please put proxy65_ports = { %d } into the global section instead", legacy_config); + end + + module:depends("disco"); module:add_identity("proxy", "bytestreams", name); module:add_feature("http://jabber.org/protocol/bytestreams"); - - module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event) - local origin, stanza = event.origin, event.stanza; - origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#info") - :tag("identity", {category='proxy', type='bytestreams', name=name}):up() - :tag("feature", {var="http://jabber.org/protocol/bytestreams"}) ); - return true; - end, -1); - - module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function(event) - local origin, stanza = event.origin, event.stanza; - origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#items")); - return true; - end, -1); - + module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event) local origin, stanza = event.origin, event.stanza; - + -- check ACL while proxy_acl and #proxy_acl > 0 do -- using 'while' instead of 'if' so we can break out of it local jid = stanza.attr.from; + local allow; for _, acl in ipairs(proxy_acl) do - if jid_compare(jid, acl) then break; end + if jid_compare(jid, acl) then allow = true; break; end end + if allow then break; end module:log("warn", "Denying use of proxy for %s", tostring(stanza.attr.from)); origin.send(st.error_reply(stanza, "auth", "forbidden")); return true; end - + local sid = stanza.tags[1].attr.sid; origin.send(st.reply(stanza):tag("query", {xmlns="http://jabber.org/protocol/bytestreams", sid=sid}) :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port})); return true; end); - + module:hook("iq-set/host/http://jabber.org/protocol/bytestreams:query", function(event) local origin, stanza = event.origin, event.stanza; - + local query = stanza.tags[1]; local sid = query.attr.sid; local from = stanza.attr.from; local to = query:get_child_text("activate"); local prepped_to = jid_prep(to); - + local info = "sid: "..tostring(sid)..", initiator: "..tostring(from)..", target: "..tostring(prepped_to or to); if prepped_to and sid then local sha = sha1(sid .. from .. prepped_to, true);