Mercurial > prosody-hg
comparison plugins/mod_proxy65.lua @ 14161:9728c3fabeef
Merge 13.0->trunk
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 29 Apr 2026 17:12:59 +0100 |
| parents | e3ddbf7f2d3f |
| children |
comparison
equal
deleted
inserted
replaced
| 14147:320e1d49aa9e | 14161:9728c3fabeef |
|---|---|
| 58 module:log("debug", "SOCKS5 target connected for session %s", sha); | 58 module:log("debug", "SOCKS5 target connected for session %s", sha); |
| 59 else -- transfers[sha].target ~= nil | 59 else -- transfers[sha].target ~= nil |
| 60 transfers[sha].initiator = conn; | 60 transfers[sha].initiator = conn; |
| 61 session.sha = sha; | 61 session.sha = sha; |
| 62 module:log("debug", "SOCKS5 initiator connected for session %s", sha); | 62 module:log("debug", "SOCKS5 initiator connected for session %s", sha); |
| 63 server.link(conn, transfers[sha].target, max_buffer_size); | |
| 64 server.link(transfers[sha].target, conn, max_buffer_size); | |
| 65 end | 63 end |
| 66 else -- error, unexpected input | 64 else -- error, unexpected input |
| 67 conn:write("\5\1\0\3\0\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte) | 65 conn:write("\5\1\0\3\0\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte) |
| 68 conn:close(); | 66 conn:close(); |
| 69 module:log("debug", "Invalid SOCKS5 negotiation received: %q", data:sub(1, 300)); | 67 module:log("debug", "Invalid SOCKS5 negotiation received: %q", data:sub(1, 300)); |
| 103 | 101 |
| 104 module:depends("disco"); | 102 module:depends("disco"); |
| 105 module:add_identity("proxy", "bytestreams", name); | 103 module:add_identity("proxy", "bytestreams", name); |
| 106 module:add_feature("http://jabber.org/protocol/bytestreams"); | 104 module:add_feature("http://jabber.org/protocol/bytestreams"); |
| 107 | 105 |
| 108 module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event) | 106 local function is_permitted(origin, stanza) |
| 109 local origin, stanza = event.origin, event.stanza; | |
| 110 | |
| 111 -- check ACL | |
| 112 -- using 'while' instead of 'if' so we can break out of it | |
| 113 local allow; | |
| 114 if proxy_acl and #proxy_acl > 0 then | 107 if proxy_acl and #proxy_acl > 0 then |
| 115 local jid = stanza.attr.from; | 108 local jid = stanza.attr.from; |
| 116 for _, acl in ipairs(proxy_acl) do | 109 for _, acl in ipairs(proxy_acl) do |
| 117 if jid_compare(jid, acl) then | 110 if jid_compare(jid, acl) then |
| 118 allow = true; | 111 return true; |
| 119 break; | |
| 120 end | 112 end |
| 121 end | 113 end |
| 122 elseif proxy_open_access or origin.type == "c2s" then | 114 elseif proxy_open_access or origin.type == "c2s" then |
| 123 allow = true; | 115 return true; |
| 124 end | 116 end |
| 117 return false; | |
| 118 end | |
| 125 | 119 |
| 126 if not allow then | 120 module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event) |
| 121 local origin, stanza = event.origin, event.stanza; | |
| 122 | |
| 123 if not is_permitted(origin, stanza) then | |
| 127 module:log("warn", "Denying use of proxy for %s", stanza.attr.from); | 124 module:log("warn", "Denying use of proxy for %s", stanza.attr.from); |
| 128 origin.send(st.error_reply(stanza, "auth", "forbidden")); | 125 origin.send(st.error_reply(stanza, "auth", "forbidden")); |
| 129 return true; | 126 return true; |
| 130 end | 127 end |
| 131 | 128 |
| 142 return true; | 139 return true; |
| 143 end); | 140 end); |
| 144 | 141 |
| 145 module:hook("iq-set/host/http://jabber.org/protocol/bytestreams:query", function(event) | 142 module:hook("iq-set/host/http://jabber.org/protocol/bytestreams:query", function(event) |
| 146 local origin, stanza = event.origin, event.stanza; | 143 local origin, stanza = event.origin, event.stanza; |
| 144 | |
| 145 if not is_permitted(origin, stanza) then | |
| 146 module:log("warn", "Denying use of proxy for %s", stanza.attr.from); | |
| 147 origin.send(st.error_reply(stanza, "auth", "forbidden")); | |
| 148 return true; | |
| 149 end | |
| 147 | 150 |
| 148 local query = stanza.tags[1]; | 151 local query = stanza.tags[1]; |
| 149 local sid = query.attr.sid; | 152 local sid = query.attr.sid; |
| 150 local from = stanza.attr.from; | 153 local from = stanza.attr.from; |
| 151 local to = query:get_child_text("activate"); | 154 local to = query:get_child_text("activate"); |
| 164 -- module:log("debug", "The recipient was not connected to the proxy; activation failed (%s)", info); | 167 -- module:log("debug", "The recipient was not connected to the proxy; activation failed (%s)", info); |
| 165 -- origin.send(st.error_reply(stanza, "cancel", "not-allowed", "The recipient is not connected to the proxy")); | 168 -- origin.send(st.error_reply(stanza, "cancel", "not-allowed", "The recipient is not connected to the proxy")); |
| 166 else -- if transfers[sha].initiator ~= nil and transfers[sha].target ~= nil then | 169 else -- if transfers[sha].initiator ~= nil and transfers[sha].target ~= nil then |
| 167 module:log("debug", "Transfer activated (%s)", info); | 170 module:log("debug", "Transfer activated (%s)", info); |
| 168 transfers[sha].activated = true; | 171 transfers[sha].activated = true; |
| 172 server.link(transfers[sha].initiator, transfers[sha].target, max_buffer_size); | |
| 173 server.link(transfers[sha].target, transfers[sha].initiator, max_buffer_size); | |
| 169 transfers[sha].target:resume(); | 174 transfers[sha].target:resume(); |
| 170 transfers[sha].initiator:resume(); | 175 transfers[sha].initiator:resume(); |
| 171 origin.send(st.reply(stanza)); | 176 origin.send(st.reply(stanza)); |
| 172 end | 177 end |
| 173 elseif to and sid then | 178 elseif to and sid then |
