[Pkg-javascript-commits] [ltx] 107/469: router: SASL EXTERNAL outgoing

Wed Aug 31 13:01:10 UTC 2016

This is an automated email from the git hooks/post-receive script.

js pushed a commit to branch master
in repository ltx.

commit 02d9468d9bb77ffaad5ab7a89e8d58e6c75ebeb7
Author: Astro <astro at spaceboyz.net>
Date:   Tue Sep 7 23:55:49 2010 +0200

    router: SASL EXTERNAL outgoing
---
 lib/xmpp/router.js | 85 ++++++++++++++++++++++++++++++++++++++++++------------
 lib/xmpp/server.js | 16 ++++++++--
 2 files changed, 81 insertions(+), 20 deletions(-)

diff --git a/lib/xmpp/router.js b/lib/xmpp/router.js
index fb32b7a..a2c5059 100644
--- a/lib/xmpp/router.js
+++ b/lib/xmpp/router.js
@@ -1,10 +1,13 @@
 var net = require('net');
 var Server = require('./server');
 var JID = require('./jid');
+var xml = require('./xml');
 var StreamShaper = require('./../stream_shaper');
 var StringPrep = require('node-stringprep').StringPrep;
 var nameprep = new StringPrep('nameprep');
 
+var NS_XMPP_SASL = 'urn:ietf:params:xml:ns:xmpp-sasl';
+
 
 dbgStream = function(tag, stream) {
     stream.on('data', function(data) {
@@ -58,7 +61,7 @@ DomainContext.prototype.send = function(stanza) {
     destDomain = new JID.JID(stanza.attrs.to).domain;
     var outStream = this.getOutStream(destDomain);
 
-    if (outStream.isVerified)
+    if (outStream.isAuthed)
 	outStream.send(stanza);
     else {
 	outStream.queue = outStream.queue || [];
@@ -81,7 +84,7 @@ DomainContext.prototype.sendRaw = function(stanza, destDomain) {
 	outStream.send(stanza);
     };
 
-    if (outStream.isOnline)
+    if (outStream.isConnected)
 	send();
     else
 	outStream.addListener('online', send);
@@ -131,27 +134,66 @@ DomainContext.prototype.getOutStream = function(destDomain) {
 	    delete self.s2sOut[destDomain];
 	});
 
-	// Prepare dialback
-	outStream.addListener('online', function() {
-	    outStream.isOnline = true;
-	    outStream.dbKey = generateKey();
-	    outStream.send(Server.dialbackKey(self.domain, destDomain, outStream.dbKey));
-	});
+	var onAuth =  function(method) {
+	    console.log({auth:method});
+	    outStream.isConnected = true;
+	    switch(method) {
+	    case 'dialback':
+		// Prepare dialback
+		outStream.dbKey = generateKey();
+		outStream.send(Server.dialbackKey(self.domain, destDomain, outStream.dbKey));
+		break;
+
+	    case 'external':
+		outStream.send(new xml.Element('auth', { xmlns: NS_XMPP_SASL,
+							 mechanism: 'EXTERNAL' }).
+			       t(new Buffer(self.domain).toString('base64'))
+			      );
+		var onStanza;
+		onStanza = function(stanza) {
+		    console.log({external:{domain:destDomain,stanza:stanza.toString()}});
+		    if (stanza.is('success', NS_XMPP_SASL)) {
+			outStream.startStream();
+			outStream.removeListener('stanza', onStanza);
+			var onStream;
+			onStream = function() {
+			    outStream.emit('online');
+			    outStream.removeListener('streamStart', onStream);
+			};
+			outStream.addListener('streamStart', onStream);
+		    } else if (stanza.is('failure', NS_XMPP_SASL))
+			outStream.end();
+		};
+		outStream.addListener('stanza', onStanza);
+		break;
+
+	    default:
+		outStream.error('undefined-condition',
+				'Cannot authenticate via ' + method);
+	    }
+	    outStream.removeListener('auth', onAuth);
+	};
+	outStream.addListener('auth', onAuth);
+
 	outStream.addListener('dialbackResult', function(from, to, isValid) {
 	    if (isValid) {
-		outStream.isVerified = true;
-		if (outStream.queue) {
-		    outStream.queue.forEach(function(stanza) {
-			outStream.send(stanza);
-		    });
-		    delete outStream.queue;
-		}
+		outStream.emit('online');
 	    } else {
 		// we cannot do anything else with this stream that
 		// failed dialback
 		outStream.end();
 	    }
 	});
+	outStream.addListener('online', function() {
+console.log('ONLINE!');
+	    outStream.isAuthed = true;
+	    if (outStream.queue) {
+		outStream.queue.forEach(function(stanza) {
+		    outStream.send(stanza);
+		});
+		delete outStream.queue;
+	    }
+	});
 
 	return outStream;
     }
@@ -171,7 +213,7 @@ DomainContext.prototype.addInStream = function(srcDomain, stream) {
 
     this.setupStream(srcDomain, stream);
     stream.isOnline = true;
-    stream.isVerified = true;
+    stream.isAuthed = true;
     stream.addListener('close', function() {
 	if (self.s2sIn[srcDomain] == stream)
 	    delete self.s2sIn[srcDomain];
@@ -184,9 +226,16 @@ DomainContext.prototype.setupStream = function(domain, stream) {
 
     stream.addListener('stanza', function(stanza) {
 	// Before verified they can send whatever they want
-	if (!stream.isVerified)
+	if (!stream.isAuthed)
 	    return;
 
+	if (stanza.name !== 'message' &&
+	    stanza.name !== 'presence' &&
+	    stanza.name !== 'iq')
+	    // no normal stanza
+	    return;
+
+
 	if (!(typeof stanza.attrs.from === 'string' &&
 	      typeof stanza.attrs.to === 'string')) {
 	    stream.error('improper-addressing');
@@ -271,7 +320,7 @@ Router.prototype.rateLimit = 100;  // 100 KB/s, it's S2S after all
 Router.prototype.maxStanzaSize = 65536;  // 64 KB, by convention
 Router.prototype.keepAlive = 30 * 1000;  // 30s
 Router.prototype.streamTimeout = 5 * 60 * 1000;  // 5min
-Router.prototype.credentials = undefined;  // TLS credentials
+Router.prototype.credentials = undefined;  // TLS credentials, TODO: per domain
 
 // little helper, because dealing with crypto & fs gets unwieldy
 Router.prototype.loadCredentials = function(keyPath, certPath) {
diff --git a/lib/xmpp/server.js b/lib/xmpp/server.js
index fc988a2..bb7ff5f 100644
--- a/lib/xmpp/server.js
+++ b/lib/xmpp/server.js
@@ -5,6 +5,7 @@ var xml = require('./xml');
 var NS_SERVER = 'jabber:server';
 var NS_DIALBACK = 'jabber:server:dialback';
 var NS_XMPP_STREAMS = 'urn:ietf:params:xml:ns:xmpp-streams';
+var NS_XMPP_SASL = 'urn:ietf:params:xml:ns:xmpp-sasl';
 
 /**
  * Dialback-specific events:
@@ -165,11 +166,22 @@ exports.makeOutgoingServer = function(domain) {
     self.addListener('streamStart', function(attrs) {
 			 if (attrs.version !== "1.0")
 			     // Don't wait for <stream:features/>
-			     self.emit('online');
+			     self.emit('auth', 'dialback');
 		     });
     self.addListener('rawStanza', function(stanza) {
 	if (stanza.is('features', Connection.NS_STREAM)) {
-	    self.emit('online');
+	    var mechsEl;
+	    if ((mechsEl = stanza.getChild('mechanisms', NS_XMPP_SASL))) {
+		var mechs = mechsEl.getChildren('mechanism', NS_XMPP_SASL).
+		    map(function(el) { return el.getText(); });
+		if (mechs.indexOf('EXTERNAL') >= 0)
+		    self.emit('auth', 'external');
+		else
+		    self.emit('auth', 'dialback');
+	    } else {
+		// No SASL mechanisms
+		self.emit('auth', 'dialback');
+	    }
 	}
     });
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/ltx.git

