Mercurial > prosody-modules
comparison mod_client_certs/mod_client_certs.lua @ 697:c3337f62a538
mod_client_certs: Disconnect every session that was using that cert when revoking a client certificate.
| author | Thijs Alkemade <thijsalkemade@gmail.com> |
|---|---|
| date | Tue, 05 Jun 2012 19:31:03 +0200 |
| parents | f6be46f15b74 |
| children | 3a3293f37139 |
comparison
equal
deleted
inserted
replaced
| 696:da69b65288e4 | 697:c3337f62a538 |
|---|---|
| 165 local origin, stanza = event.origin, event.stanza; | 165 local origin, stanza = event.origin, event.stanza; |
| 166 if stanza.attr.type == "set" then | 166 if stanza.attr.type == "set" then |
| 167 local disable = stanza.tags[1]; | 167 local disable = stanza.tags[1]; |
| 168 module:log("debug", "%s disabled a certificate", origin.full_jid); | 168 module:log("debug", "%s disabled a certificate", origin.full_jid); |
| 169 | 169 |
| 170 if disable.name == "revoke" then | |
| 171 module:log("debug", "%s revoked a certificate! Should disconnect all clients that used it", origin.full_jid); | |
| 172 -- TODO hosts.sessions[user].sessions.each{close if uses this cert} | |
| 173 end | |
| 174 local item = disable:get_child("item"); | 170 local item = disable:get_child("item"); |
| 175 local name = item and item.attr.id; | 171 local name = item and item.attr.id; |
| 176 | 172 |
| 177 if not name then | 173 if not name then |
| 178 origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified.")); | 174 origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified.")); |
| 179 return true | 175 return true |
| 180 end | 176 end |
| 181 | 177 |
| 182 disable_cert(origin.username, name); | 178 local disabled_cert = disable_cert(origin.username, name):pem(); |
| 183 | 179 |
| 180 if disable.name == "revoke" then | |
| 181 module:log("debug", "%s revoked a certificate! Disconnecting all clients that used it", origin.full_jid); | |
| 182 local sessions = hosts[module.host].sessions[origin.username].sessions; | |
| 183 | |
| 184 for _, session in pairs(sessions) do | |
| 185 local cert = session.external_auth_cert; | |
| 186 | |
| 187 if cert and cert == disabled_cert then | |
| 188 module:log("debug", "Found a session that should be closed: %s", tostring(session)); | |
| 189 session:close{ condition = "not-authorized", text = "This client side certificate has been revoked."}; | |
| 190 end | |
| 191 end | |
| 192 end | |
| 184 origin.send(st.reply(stanza)); | 193 origin.send(st.reply(stanza)); |
| 185 | 194 |
| 186 return true | 195 return true |
| 187 end | 196 end |
| 188 end | 197 end |
