Mercurial > prosody-modules
changeset 6476:4a1c17a5745f
mod_s2s_v6mesh: Fixes for peer authentication
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 17 Mar 2026 23:08:08 +0000 |
| parents | d5b9da8c94ae |
| children | 88852e4f81bf |
| files | mod_s2s_v6mesh/mod_s2s_v6mesh.lua |
| diffstat | 1 files changed, 5 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2s_v6mesh/mod_s2s_v6mesh.lua Tue Mar 17 20:18:32 2026 +0100 +++ b/mod_s2s_v6mesh/mod_s2s_v6mesh.lua Tue Mar 17 23:08:08 2026 +0000 @@ -12,7 +12,7 @@ local function is_secure_range(remote_ip) for range in secure_ranges do if ip.match(remote_ip, parse_cidr(range)) then - return true; + return true, range; end end return false; @@ -33,7 +33,7 @@ local raw = base32.decode(dom); if not raw then return nil; end - return (net.ntop(raw):gsub("=+$", "")); + return net.ntop(raw), raw; end module:hook("s2sout-pre-connect", function(event) @@ -66,8 +66,9 @@ local remote_ip = ip.new_ip(event.origin.ip); - if lookup(dom) ~= remote_ip.packed then + if select(2, lookup(dom)) ~= remote_ip.packed then module:log("warn", "Rejecting incoming connection from %s: unexpected IP %s", host, remote_ip); + event.origin:close({ condition = "not-authorized", text = "Hostname does not match IP address" }); return; end @@ -87,7 +88,7 @@ local remote_ip = ip.new_ip(session.ip); - if lookup(dom) ~= remote_ip.packed then + if select(2, lookup(dom)) ~= remote_ip.packed then module:log("warn", "Unable to authenticate incoming connection from %s: unexpected IP %s", host, remote_ip); return; end
