mirror of
				git://git.psyced.org/git/psyced
				synced 2024-08-15 03:25:10 +00:00 
			
		
		
		
	Merge branch 'master' of git://git.psyced.org/git/psyced
This commit is contained in:
		
						commit
						7840f73c91
					
				
					 21 changed files with 243 additions and 138 deletions
				
			
		|  | @ -135,12 +135,16 @@ | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
| #ifdef MUD | #ifdef MUD | ||||||
| # define	NO_NEWBIES | # define	_flag_disable_authorization | ||||||
|  | #endif | ||||||
|  | 
 | ||||||
|  | #ifdef REGISTERED_USERS_ONLY | ||||||
|  | # echo Please fix your #define REGISTERED_USERS_ONLY | ||||||
|  | # define _flag_disable_unauthenticated_users | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
| #ifdef RELAY | #ifdef RELAY | ||||||
| # define	NO_NEWBIES	// same as REGISTERED_USERS_ONLY ?
 | # define	_flag_disable_authorization | ||||||
| 				// anyway, chance for some ifdef optimizations TODO
 |  | ||||||
| # define	IRCGATE_NICK		"PSYC.EU" | # define	IRCGATE_NICK		"PSYC.EU" | ||||||
| # undef		DEFAULT_USER_OBJECT | # undef		DEFAULT_USER_OBJECT | ||||||
| # define	DEFAULT_USER_OBJECT	IRC_PATH "ghost" | # define	DEFAULT_USER_OBJECT	IRC_PATH "ghost" | ||||||
|  |  | ||||||
|  | @ -39,7 +39,7 @@ | ||||||
| # define ONLINE	(ME && (interactive(ME) || (member(v("locations"), 0) && sizeof(v("locations")[0])))) | # define ONLINE	(ME && (interactive(ME) || (member(v("locations"), 0) && sizeof(v("locations")[0])))) | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
| #ifdef NO_NEWBIES | #ifdef _flag_disable_authorization | ||||||
| # define IS_NEWBIE	0 | # define IS_NEWBIE	0 | ||||||
| #else | #else | ||||||
| # define IS_NEWBIE	(!v("password")) | # define IS_NEWBIE	(!v("password")) | ||||||
|  |  | ||||||
|  | @ -315,7 +315,7 @@ tls_logon(result) { | ||||||
| 	mixed cert = tls_certificate(ME, 0); | 	mixed cert = tls_certificate(ME, 0); | ||||||
| 	P3(("active::certinfo %O\n", cert)) | 	P3(("active::certinfo %O\n", cert)) | ||||||
| 	if (mappingp(cert)) { | 	if (mappingp(cert)) { | ||||||
| 	    unless (certificate_check_jabbername(hostname, cert)) { | 	    unless (certificate_check_name(hostname, cert, "xmpp-server")) { | ||||||
| #ifdef _flag_report_bogus_certificates | #ifdef _flag_report_bogus_certificates | ||||||
| 		monitor_report("_error_invalid_certificate_identity", | 		monitor_report("_error_invalid_certificate_identity", | ||||||
| 			       sprintf("%O presented a certificate that " | 			       sprintf("%O presented a certificate that " | ||||||
|  |  | ||||||
|  | @ -393,6 +393,7 @@ xmpp_error(node, xmpperror) { | ||||||
|     return 0; |     return 0; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | // deprecated - use certificate_check_name from library/tls.c instead
 | ||||||
| #ifdef WANT_S2S_TLS | #ifdef WANT_S2S_TLS | ||||||
| certificate_check_jabbername(name, cert) { | certificate_check_jabbername(name, cert) { | ||||||
|     mixed t; |     mixed t; | ||||||
|  |  | ||||||
|  | @ -18,7 +18,7 @@ | ||||||
| disco_info_root(vars) { | disco_info_root(vars) { | ||||||
|     string featurelist; |     string featurelist; | ||||||
|     featurelist = "<feature var='http://jabber.org/protocol/muc'/>" |     featurelist = "<feature var='http://jabber.org/protocol/muc'/>" | ||||||
| #ifndef REGISTERED_USERS_ONLY | #ifndef _flag_disable_unauthenticated_users | ||||||
| # ifndef _flag_disable_registration | # ifndef _flag_disable_registration | ||||||
| #  ifndef _flag_disable_registration_XMPP | #  ifndef _flag_disable_registration_XMPP | ||||||
| 		"<feature var='jabber:iq:register'/>" | 		"<feature var='jabber:iq:register'/>" | ||||||
|  |  | ||||||
|  | @ -291,13 +291,14 @@ jabberMsg(XMLNode node) { | ||||||
| 	// paranoia note: as with XEP 0178 we might want to check dns anyway to
 | 	// paranoia note: as with XEP 0178 we might want to check dns anyway to
 | ||||||
| 	// 	protect against stolen certificates
 | 	// 	protect against stolen certificates
 | ||||||
| 	if (mappingp(certinfo) && certinfo[0] == 0  | 	if (mappingp(certinfo) && certinfo[0] == 0  | ||||||
| 	    && node["@from"] && certificate_check_jabbername(node["@from"], certinfo)) { | 	    && node["@from"] && certificate_check_name(node["@from"], certinfo, "xmpp-server")) { | ||||||
| 		P0(("dialback without dialback %O\n", certinfo)) | 		P2(("dialback without dialback %O\n", certinfo)) | ||||||
| 		verify_connection(node["@to"], node["@from"], "valid");  | 		verify_connection(node["@to"], node["@from"], "valid");  | ||||||
| 	} else { | 	} else { | ||||||
| 		sendmsg(origin, | 		sendmsg(origin, | ||||||
| 			"_dialback_request_verify", 0, | 			"_dialback_request_verify", 0, | ||||||
| 			([ "_INTERNAL_target_jabber" : source, | 			([ "_INTERNAL_target_jabber" : source, | ||||||
|  | 		// we shouldnt have to NAMEPREP a static string.. FIXME
 | ||||||
| 			   "_INTERNAL_source_jabber" : NAMEPREP(_host_XMPP), | 			   "_INTERNAL_source_jabber" : NAMEPREP(_host_XMPP), | ||||||
| 			   "_dialback_key" : node[Cdata], | 			   "_dialback_key" : node[Cdata], | ||||||
| 			   "_tag" : streamid | 			   "_tag" : streamid | ||||||
|  | @ -413,7 +414,7 @@ jabberMsg(XMLNode node) { | ||||||
| 		 */ | 		 */ | ||||||
| 		int success = 0; | 		int success = 0; | ||||||
| 
 | 
 | ||||||
| 		success = certificate_check_jabbername(t, certinfo); | 		success = certificate_check_name(t, certinfo, "xmpp-server"); | ||||||
| 		if (success) { | 		if (success) { | ||||||
| 		    emitraw("<success xmlns='" NS_XMPP "xmpp-sasl'/>"); | 		    emitraw("<success xmlns='" NS_XMPP "xmpp-sasl'/>"); | ||||||
| 		    P2(("successful sasl external authentication with " | 		    P2(("successful sasl external authentication with " | ||||||
|  | @ -541,8 +542,8 @@ open_stream(XMLNode node) { | ||||||
| 		    // sasl external if we know that it will succeed
 | 		    // sasl external if we know that it will succeed
 | ||||||
| 		    // later on
 | 		    // later on
 | ||||||
| 		    if (node["@from"] && | 		    if (node["@from"] && | ||||||
| 			    certificate_check_jabbername(node["@from"], | 			    certificate_check_name(node["@from"], | ||||||
| 						     certinfo)) { | 						     certinfo, "xmpp-server")) { | ||||||
| 			packet += "<mechanisms xmlns='" NS_XMPP "xmpp-sasl'>"; | 			packet += "<mechanisms xmlns='" NS_XMPP "xmpp-sasl'>"; | ||||||
| 			packet += "<mechanism>EXTERNAL</mechanism>"; | 			packet += "<mechanism>EXTERNAL</mechanism>"; | ||||||
| 			packet += "</mechanisms>"; | 			packet += "</mechanisms>"; | ||||||
|  |  | ||||||
|  | @ -86,6 +86,7 @@ virtual inherit JABBER_PATH "common"; | ||||||
| 
 | 
 | ||||||
| // net/jabber is not ready for regular is_localhost
 | // net/jabber is not ready for regular is_localhost
 | ||||||
| #define is_localhost(a) (lower_case(a)) == _host_XMPP | #define is_localhost(a) (lower_case(a)) == _host_XMPP | ||||||
|  | // but.. what about NAMEPREP here?
 | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| #define JABSOURCE "_INTERNAL_source_jabber" | #define JABSOURCE "_INTERNAL_source_jabber" | ||||||
|  |  | ||||||
|  | @ -187,7 +187,7 @@ jabberMsg(XMLNode node) { | ||||||
| 	    case "jabber:iq:register": | 	    case "jabber:iq:register": | ||||||
| 		if (node["@type"] == "get"){ | 		if (node["@type"] == "get"){ | ||||||
| 		    string packet; | 		    string packet; | ||||||
| #if defined(REGISTERED_USERS_ONLY) || defined(_flag_disable_registration) || defined(_flag_disable_registration_XMPP) | #if defined(_flag_disable_unauthenticated_users) || defined(_flag_disable_registration) || defined(_flag_disable_registration_XMPP) | ||||||
| 		    // super dirty.. this should all be in textdb
 | 		    // super dirty.. this should all be in textdb
 | ||||||
| 		    packet = sprintf("<iq type='result' id='%s'>" | 		    packet = sprintf("<iq type='result' id='%s'>" | ||||||
| 				     "<query xmlns='jabber:iq:register'/>" | 				     "<query xmlns='jabber:iq:register'/>" | ||||||
|  | @ -234,7 +234,7 @@ jabberMsg(XMLNode node) { | ||||||
| 			emit(packet); | 			emit(packet); | ||||||
| 			// QUIT
 | 			// QUIT
 | ||||||
| 		    } else { | 		    } else { | ||||||
| #if defined(REGISTERED_USERS_ONLY) || defined(_flag_disable_registration) || defined(_flag_disable_registration_XMPP) | #if defined(_flag_disable_unauthenticated_users) || defined(_flag_disable_registration) || defined(_flag_disable_registration_XMPP) | ||||||
| 			// TODO: generate some error as above
 | 			// TODO: generate some error as above
 | ||||||
| #else | #else | ||||||
| 			user -> vSet("password", t[Cdata]); | 			user -> vSet("password", t[Cdata]); | ||||||
|  | @ -358,7 +358,7 @@ jabberMsg(XMLNode node) { | ||||||
| # endif | # endif | ||||||
| 		break; | 		break; | ||||||
| #endif | #endif | ||||||
| #ifndef REGISTERED_USERS_ONLY | #ifndef _flag_disable_unauthenticated_users | ||||||
| 	    case "ANONYMOUS": | 	    case "ANONYMOUS": | ||||||
| 		unless(node[Cdata]) { | 		unless(node[Cdata]) { | ||||||
| 		    SASL_ERROR("incorrect-encoding") | 		    SASL_ERROR("incorrect-encoding") | ||||||
|  | @ -481,10 +481,12 @@ open_stream(XMLNode node) { | ||||||
| 		      "<mechanism>DIGEST-MD5</mechanism>" | 		      "<mechanism>DIGEST-MD5</mechanism>" | ||||||
| #endif | #endif | ||||||
| 		      "<mechanism>PLAIN</mechanism>"; | 		      "<mechanism>PLAIN</mechanism>"; | ||||||
| #ifndef REGISTERED_USERS_ONLY | #ifndef _flag_disable_unauthenticated_users | ||||||
| 		    // sasl anonymous
 | 		    // sasl anonymous
 | ||||||
| 		      "<mechanism>ANONYMOUS</mechanism>"; | 		      "<mechanism>ANONYMOUS</mechanism>"; | ||||||
| #endif | #endif | ||||||
|  | 		// here it makes sense to use check_jabbername 
 | ||||||
|  | 		// but that is currently unused anyway
 | ||||||
| #if __EFUN_DEFINED__(tls_available) | #if __EFUN_DEFINED__(tls_available) | ||||||
| 		if (tls_available() && tls_query_connection_state(ME) > 0 | 		if (tls_available() && tls_query_connection_state(ME) > 0 | ||||||
| 			&& mappingp(certinfo) && certinfo[0] == 0 | 			&& mappingp(certinfo) && certinfo[0] == 0 | ||||||
|  | @ -494,7 +496,7 @@ open_stream(XMLNode node) { | ||||||
| #endif | #endif | ||||||
| 		features += "</mechanisms>"; | 		features += "</mechanisms>"; | ||||||
| 		features += "<auth xmlns='http://jabber.org/features/iq-auth'/>"; | 		features += "<auth xmlns='http://jabber.org/features/iq-auth'/>"; | ||||||
| #ifndef REGISTERED_USERS_ONLY | #ifndef _flag_disable_unauthenticated_users | ||||||
| 		features += "<register xmlns='http://jabber.org/features/iq-register'/>"; | 		features += "<register xmlns='http://jabber.org/features/iq-register'/>"; | ||||||
| #endif | #endif | ||||||
| 	    } | 	    } | ||||||
|  |  | ||||||
|  | @ -277,6 +277,7 @@ logon() { | ||||||
| #endif | #endif | ||||||
|     nodeHandler = #'jabberMsg; |     nodeHandler = #'jabberMsg; | ||||||
|     set_prompt(""); |     set_prompt(""); | ||||||
|  |     // we shouldn't have to NAMEPREP our SERVER_HOST for each new user.. FIXME
 | ||||||
|     myjid = NODEPREP(MYLOWERNICK) +"@" + NAMEPREP(SERVER_HOST); |     myjid = NODEPREP(MYLOWERNICK) +"@" + NAMEPREP(SERVER_HOST); | ||||||
|     myjidresource = myjid +"/"+ RESOURCEPREP(resource); |     myjidresource = myjid +"/"+ RESOURCEPREP(resource); | ||||||
|     P2(("%O ready to rumble (%O)\n", myjidresource, ME)) |     P2(("%O ready to rumble (%O)\n", myjidresource, ME)) | ||||||
|  | @ -626,7 +627,7 @@ iq(XMLNode node) { | ||||||
| 	    break; | 	    break; | ||||||
| 	} | 	} | ||||||
| 	break; | 	break; | ||||||
| #if !defined(REGISTERED_USERS_ONLY) && !defined(_flag_disable_registration) && !defined(_flag_disable_registration_XMPP) | #if !defined(_flag_disable_unauthenticated_users) && !defined(_flag_disable_registration) && !defined(_flag_disable_registration_XMPP) | ||||||
|     case "jabber:iq:register": |     case "jabber:iq:register": | ||||||
| 	switch(node["@type"]) { | 	switch(node["@type"]) { | ||||||
| 	case "get": | 	case "get": | ||||||
|  |  | ||||||
|  | @ -132,6 +132,8 @@ static varargs void ready_freddie(vamixed ip) { | ||||||
| 
 | 
 | ||||||
| static void create() { | static void create() { | ||||||
| 	PROTECT("CREATE") | 	PROTECT("CREATE") | ||||||
|  | 	string t; | ||||||
|  | 
 | ||||||
| #ifndef __PIKE__ | #ifndef __PIKE__ | ||||||
|         master = previous_object(); |         master = previous_object(); | ||||||
| 	restore_object(DATA_PATH "library"); | 	restore_object(DATA_PATH "library"); | ||||||
|  | @ -194,7 +196,7 @@ static void create() { | ||||||
| #ifdef VOLATILE | #ifdef VOLATILE | ||||||
| 	D("VOLATILE flag set: Server will not save any data.\n"); | 	D("VOLATILE flag set: Server will not save any data.\n"); | ||||||
| #endif | #endif | ||||||
| 	myLowerCaseHost = lower_case(SERVER_HOST); | 	myLowerCaseHost = NAMEPREP(SERVER_HOST); | ||||||
| 	register_localhost(myLowerCaseHost); | 	register_localhost(myLowerCaseHost); | ||||||
| #ifdef __PIKE__ | #ifdef __PIKE__ | ||||||
|         //debug_write("Creating psyced library in Pike.\n"); |         //debug_write("Creating psyced library in Pike.\n"); | ||||||
|  | @ -259,9 +261,10 @@ static void create() { | ||||||
| #ifdef JABBER_PATH | #ifdef JABBER_PATH | ||||||
| 	register_target("xmpp:"+ myLowerCaseHost); | 	register_target("xmpp:"+ myLowerCaseHost); | ||||||
| # ifdef _host_XMPP | # ifdef _host_XMPP | ||||||
|         register_localhost(lower_case(_host_XMPP)); | 	t = NAMEPREP(_host_XMPP); | ||||||
| 	register_target(lower_case(_host_XMPP)); |         register_localhost(t); | ||||||
| 	register_target("xmpp:"+ lower_case(_host_XMPP)); | 	register_target(t); | ||||||
|  | 	register_target("xmpp:"+ t); | ||||||
| # endif | # endif | ||||||
| #endif | #endif | ||||||
| 	// base64decode("test2000"); | 	// base64decode("test2000"); | ||||||
|  |  | ||||||
|  | @ -82,3 +82,78 @@ mapping tls_certificate(object who, int longnames) { | ||||||
|     P2(("cert is %O\n", cert)) |     P2(("cert is %O\n", cert)) | ||||||
|     return cert; |     return cert; | ||||||
| } | } | ||||||
|  | 
 | ||||||
|  | // generalized variant of the old certificate_check_jabbername
 | ||||||
|  | // RFC 6125 describes the process in more detail
 | ||||||
|  | int certificate_check_name(string name, mixed cert, string scheme) { | ||||||
|  |     mixed t; | ||||||
|  |     string idn; | ||||||
|  |     // FIXME: should probably be more careful about internationalized
 | ||||||
|  |     // domain names - need testcases
 | ||||||
|  | #define WILDCARD_MATCH(thing) (strlen(thing) > 2 && thing[0] == '*' && thing[1] == '.' && trail(thing[2..], name)) | ||||||
|  |     /* this does not support wildcards if there is more than one
 | ||||||
|  |      * id-on-xmppAddr/CN | ||||||
|  |      * API Note: name MUST be an utf8 string | ||||||
|  |      */ | ||||||
|  |     unless(name && cert && mappingp(cert)) return 0; | ||||||
|  | 
 | ||||||
|  |     name = NAMEPREP(name); | ||||||
|  | 
 | ||||||
|  |     // subjectAlternativeName - dNSName
 | ||||||
|  |     if ((t = cert["2.5.29.17:dNSName"])) {  | ||||||
|  | 	if (stringp(t)) t = ({ t }); | ||||||
|  | 	foreach(string t2 : t) { | ||||||
|  | 	    t2 = NAMEPREP(t2); | ||||||
|  | 	    if (name == t2 || WILDCARD_MATCH(t2)) | ||||||
|  | 		return 1; | ||||||
|  | 	} | ||||||
|  |     }  | ||||||
|  | 
 | ||||||
|  |     // subjectAlternativeName - SRV ID - FIXME
 | ||||||
|  |     // unfortunately, the only ones I have encountered so far were ... unusable
 | ||||||
|  |     if ((t = cert["2.5.29.17:1.3.6.1.5.5.7.8.7"])) { | ||||||
|  | 	    P2(("encountered SRVName, please tell fippo: %O\n", t)) | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     // URI ID  - FIXME
 | ||||||
|  |     // not seen yet
 | ||||||
|  |      | ||||||
|  | #if 0 | ||||||
|  |     // id-on-xmppAddr - have not seen them issued by anyone but 
 | ||||||
|  |     // startcom and those usually include dnsname, too
 | ||||||
|  |     if ((t = cert["2.5.29.17:1.3.6.1.5.5.7.8.5"])) {  | ||||||
|  | 	if (pointerp(t)) { | ||||||
|  | 	    if (member(t, name) != -1) return 1; | ||||||
|  | 	    foreach(string cn : t) { | ||||||
|  | 		if (NAMEPREP(cn) == name) return 1; | ||||||
|  | 	    } | ||||||
|  | 	}  | ||||||
|  | 	else if (name == NAMEPREP(t)) | ||||||
|  | 	    return 1; | ||||||
|  |     }  | ||||||
|  | #endif | ||||||
|  | 
 | ||||||
|  |     // commonName - deprecated to put the host here but...
 | ||||||
|  |     // this is only to be checked if no subjectAlternativeName is present
 | ||||||
|  |     if (!cert["2.5.29.17"] && (t = cert["2.5.4.3"])) { // common name
 | ||||||
|  | 	if (pointerp(t)) { // does that happen?! I don't think so...
 | ||||||
|  | 	    // fast way - works for traditional hostnames
 | ||||||
|  | 	    if (member(t, name) != -1) return 1; | ||||||
|  | 
 | ||||||
|  | 	    // look for idn encoded stuff
 | ||||||
|  | 	    foreach(string cn : t) { | ||||||
|  | 		idn = NAMEPREP(idna_to_unicode(cn)); | ||||||
|  | 		if (idn == name) return 1; | ||||||
|  | 	    } | ||||||
|  | 	    return 0; | ||||||
|  | 	}  | ||||||
|  | #ifdef __IDNA__ | ||||||
|  | 	idn = NAMEPREP(idna_to_unicode(t)); | ||||||
|  | #else | ||||||
|  | 	idn = NAMEPREP(t); | ||||||
|  | #endif | ||||||
|  | 	if (idn == name || WILDCARD_MATCH(idn)) | ||||||
|  | 	    return 1; | ||||||
|  |     } | ||||||
|  |     return 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @ -756,7 +756,7 @@ checkPassword(try, method, salt, args, cb, varargs cbargs) { | ||||||
| #endif | #endif | ||||||
| 	// why here?
 | 	// why here?
 | ||||||
| 	//while (remove_call_out(#'quit) != -1);
 | 	//while (remove_call_out(#'quit) != -1);
 | ||||||
| #ifndef REGISTERED_USERS_ONLY | #ifndef _flag_disable_unauthenticated_users | ||||||
| # ifdef AUTH_HMAC_SECRET | # ifdef AUTH_HMAC_SECRET | ||||||
|         if (IS_NEWBIE && method != "hmac-sha1-shared") ARETURN(1) |         if (IS_NEWBIE && method != "hmac-sha1-shared") ARETURN(1) | ||||||
| # else | # else | ||||||
|  |  | ||||||
|  | @ -225,8 +225,8 @@ int logon(int neverfails) { | ||||||
| 		P1(("%O believing dNSName %O\n", ME, m)) | 		P1(("%O believing dNSName %O\n", ME, m)) | ||||||
| 		// probably also: register_target?
 | 		// probably also: register_target?
 | ||||||
| 		// but be careful never to register_target wildcards
 | 		// but be careful never to register_target wildcards
 | ||||||
| 		if (stringp(m)) sAuthenticated(NAMEPREP(m)); | 		if (stringp(m)) sAuthenticated(m); | ||||||
| 		else foreach(t : m) sAuthenticated(NAMEPREP(t)); | 		else foreach(t : m) sAuthenticated(t); | ||||||
| 	    } | 	    } | ||||||
| //#ifdef _flag_allow_certificate_name_common	// to be switched this year
 | //#ifdef _flag_allow_certificate_name_common	// to be switched this year
 | ||||||
| # ifndef _flag_disallow_certificate_name_common | # ifndef _flag_disallow_certificate_name_common | ||||||
|  | @ -235,7 +235,7 @@ int logon(int neverfails) { | ||||||
| 	    // note: CN is deprecated for good reasons.
 | 	    // note: CN is deprecated for good reasons.
 | ||||||
| 	    else if (t = cert["2.5.4.3"]) { | 	    else if (t = cert["2.5.4.3"]) { | ||||||
| 		P1(("%O believing CN %O\n", ME, t)) | 		P1(("%O believing CN %O\n", ME, t)) | ||||||
| 		sAuthenticated(NAMEPREP(t)); | 		sAuthenticated(t); | ||||||
| 	    } | 	    } | ||||||
| # endif | # endif | ||||||
| 	    if (m = tls_query_connection_info(ME)) { | 	    if (m = tls_query_connection_info(ME)) { | ||||||
|  |  | ||||||
|  | @ -343,6 +343,9 @@ int psyc_sendmsg(mixed target, string mc, mixed data, mapping vars, | ||||||
| 		    // nothing else is possible, but some clients may | 		    // nothing else is possible, but some clients may | ||||||
| 		    // no longer be able to connect to you... | 		    // no longer be able to connect to you... | ||||||
| 		} | 		} | ||||||
|  | #ifdef USE_SPYC | ||||||
|  | 		o -> sender_verification(SERVER_UNIFORM, u[URoot]); | ||||||
|  | #endif | ||||||
| 		register_target($4, o); | 		register_target($4, o); | ||||||
| 		register_target(psychopo, o); | 		register_target(psychopo, o); | ||||||
| 		register_target(psycippo, o); | 		register_target(psycippo, o); | ||||||
|  |  | ||||||
|  | @ -598,7 +598,7 @@ vamixed getdata(string a) { | ||||||
| #else | #else | ||||||
| # ifdef PSYC_TCP | # ifdef PSYC_TCP | ||||||
| 		// Authenticated | 		// Authenticated | ||||||
| 		} else if (qAuthenticated(NAMEPREP(u[UHost]))) { | 		} else if (qAuthenticated(u[UHost])) { | ||||||
| 			if (u[UTransport] && (u[UTransport] != | 			if (u[UTransport] && (u[UTransport] != | ||||||
| #  if __EFUN_DEFINED__(tls_query_connection_state) | #  if __EFUN_DEFINED__(tls_query_connection_state) | ||||||
| 			    tls_query_connection_state() ? "s" : | 			    tls_query_connection_state() ? "s" : | ||||||
|  | @ -997,17 +997,34 @@ protected int deliver(mixed ip, string host, string mc, string buffer, mapping c | ||||||
|                             } |                             } | ||||||
|                             P1(("RELAYING denied from %O to %O (%O)\n", |                             P1(("RELAYING denied from %O to %O (%O)\n", | ||||||
|                                 source, t, ME)) |                                 source, t, ME)) | ||||||
| #if 0 |  | ||||||
| 			    monitor_report("_warning_unsupported_relay", | 			    monitor_report("_warning_unsupported_relay", | ||||||
| 				  S("%O is trying to find %O here. Relaying denied.\n", ME, t)); | 				  S("%O is trying to find %O here. Relaying denied.\n", ME, t)); | ||||||
| 			    croak("_failure_unsupported_relay", | 			    croak("_failure_unsupported_relay", | ||||||
| 				//"Well done mate, you crashed me."); | 				//"Well done mate, you crashed me."); | ||||||
| 				"Relaying denied: [_host] is not a hostname of ours.", | 				"Relaying denied: [_host] is not a hostname of ours.", | ||||||
| 				    ([ "_host": u[UHost] ])); | 				    ([ "_host": u[UHost] ])); | ||||||
|  | #if 0 | ||||||
| 			    // TODO: we quit here to not do the same hash-lookup | 			    // TODO: we quit here to not do the same hash-lookup | ||||||
| 			    // in rootmsg again. | 			    // in rootmsg again. | ||||||
| 			    // (didn't get it? nevermind.. it's just el's sick humor) | 			    // (didn't get it? nevermind.. it's just el's sick humor) | ||||||
| 			    QUIT | 			    QUIT | ||||||
|  | #else | ||||||
|  | 			    // we do not QUIT here as an evil attacker may | ||||||
|  | 			    // CNAME his evil.com to us and try to disrupt | ||||||
|  | 			    // our communications with some popular server | ||||||
|  | 			    // by making us drop an otherwise very popular | ||||||
|  | 			    // circuit. then again, what if a sender SHOULD | ||||||
|  | 			    // not send to us with any other hostname but | ||||||
|  | 			    // the one we announced ourselves as _source | ||||||
|  | 			    // when we sent our first greeting() ? then we | ||||||
|  | 			    // could just dump "illegal" transmissions. | ||||||
|  | 			    // well, we don't need to be so harsh against | ||||||
|  | 			    // multi domain hosters really: relaying is | ||||||
|  | 			    // denied by default so the attacker needs to | ||||||
|  | 			    // be a user on the sending server. in the end | ||||||
|  | 			    // it's a question of trust: don't let zero | ||||||
|  | 			    // trust users send funny amounts of data. | ||||||
|  | 			    return 1; | ||||||
| #endif | #endif | ||||||
| 			} | 			} | ||||||
| 			// .. yes.. add is_localhost check here, but without callback | 			// .. yes.. add is_localhost check here, but without callback | ||||||
|  |  | ||||||
|  | @ -55,7 +55,7 @@ msg(source, mc, data, vars, showingLog, target) { | ||||||
| 				       	"version",    // _tab
 | 				       	"version",    // _tab
 | ||||||
| 					"time", "lasttime" | 					"time", "lasttime" | ||||||
| #endif | #endif | ||||||
| #if !defined(REGISTERED_USERS_ONLY) && !defined(_flag_disable_registration) &&!defined(_flag_disable_registration_XMPP) | #if !defined(_flag_disable_unauthenticated_users) && !defined(_flag_disable_registration) &&!defined(_flag_disable_registration_XMPP) | ||||||
| 					"registration", | 					"registration", | ||||||
| #endif | #endif | ||||||
| #ifndef VOLATILE | #ifndef VOLATILE | ||||||
|  |  | ||||||
|  | @ -81,7 +81,7 @@ hello(ni, elm, try, method, salt) { | ||||||
| 				     ni, try, elm); | 				     ni, try, elm); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #ifdef REGISTERED_USERS_ONLY	// TODO: rename into a _flag
 | #ifdef _flag_disable_unauthenticated_users | ||||||
| ohYeah(whatever) { | ohYeah(whatever) { | ||||||
| 	input_to(#'ohYeah, input_to_settings); | 	input_to(#'ohYeah, input_to_settings); | ||||||
| 	// input ignore warning? inverting mc's is really a good idea!
 | 	// input ignore warning? inverting mc's is really a good idea!
 | ||||||
|  | @ -120,7 +120,7 @@ authChecked(int result, ni, try, elm) { | ||||||
| //			    return;
 | //			    return;
 | ||||||
| //		    }
 | //		    }
 | ||||||
| 		} | 		} | ||||||
| #ifdef REGISTERED_USERS_ONLY | #ifdef _flag_disable_unauthenticated_users | ||||||
| 		else { | 		else { | ||||||
| 			if (user -> isNewbie()) { | 			if (user -> isNewbie()) { | ||||||
| #ifdef PSYC_SYNCHRONIZE | #ifdef PSYC_SYNCHRONIZE | ||||||
|  | @ -157,7 +157,7 @@ authChecked(int result, ni, try, elm) { | ||||||
| 		return promptForPassword(user); | 		return promptForPassword(user); | ||||||
| #endif | #endif | ||||||
| 	} | 	} | ||||||
| #ifndef REGISTERED_USERS_ONLY | #ifndef _flag_disable_unauthenticated_users | ||||||
| 	// added user->isNewbie() check for ircers
 | 	// added user->isNewbie() check for ircers
 | ||||||
| 	if (user->online() && user->isNewbie() | 	if (user->online() && user->isNewbie() | ||||||
| #ifdef _flag_log_hosts | #ifdef _flag_log_hosts | ||||||
|  |  | ||||||
|  | @ -38,6 +38,7 @@ mapping outstate; | ||||||
| 
 | 
 | ||||||
| mapping legal_senders; | mapping legal_senders; | ||||||
| 
 | 
 | ||||||
|  | array(mixed) verify_queue = ({ }); | ||||||
| 
 | 
 | ||||||
| volatile int flags = 0; | volatile int flags = 0; | ||||||
| 
 | 
 | ||||||
|  | @ -74,24 +75,26 @@ varargs mixed croak(string mc, string data, vamapping vars, vamixed source) { | ||||||
|     return 0; |     return 0; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #ifdef USE_VERIFICATION |  | ||||||
| // request sender authentication and/or target acknowledgement 
 | // request sender authentication and/or target acknowledgement 
 | ||||||
| // from the remote side
 | // from the remote side
 | ||||||
| void sender_verification(array(string) sourcehosts, array(string) targethosts) | void sender_verification(string sourcehost, mixed targethost) | ||||||
| { | { | ||||||
|     // FIXME: wrong variables here
 |     unless(interactive()) { | ||||||
|     mapping vars = ([ "_list_sources_hosts" : sourcehosts, | 	    verify_queue += ({ ({ sourcehost, targethost }) }); | ||||||
| 		    "_list_targets_hosts" : targethosts, | 	    return; | ||||||
|  |     } | ||||||
|  |     mapping vars = ([ "_uniform_source" : sourcehost, | ||||||
|  | 		    "_uniform_target" : targethost, | ||||||
| 		    "_tag" : RANDHEXSTRING ]); | 		    "_tag" : RANDHEXSTRING ]); | ||||||
|     // assumption: we have already resolved all targethosts and 
 |     P0(("sender_verification(%O, %O)\n", sourcehost, targethost)) | ||||||
|     // they point to the remote ip
 |     // since we send packets to them we should trust them to
 | ||||||
|     foreach(string ho : targethosts) { |     // send packets to us, eh?
 | ||||||
| 	sAuthenticated(ho); |     if (stringp(targethost)) { | ||||||
|  | 	    targethost = parse_uniform(targethost); | ||||||
|     } |     } | ||||||
| 
 |     sAuthenticated(targethost[UHost]); | ||||||
|     msg(0, "_request_verification", 0, vars); |     msg(0, "_request_authorization", 0, vars); | ||||||
| } | } | ||||||
| #endif |  | ||||||
| 
 | 
 | ||||||
| // gets called during socket logon
 | // gets called during socket logon
 | ||||||
| int logon(int failure) { | int logon(int failure) { | ||||||
|  | @ -117,10 +120,10 @@ int logon(int failure) { | ||||||
| 	    // probably also: register_target?
 | 	    // probably also: register_target?
 | ||||||
| 	    // but be careful never to register_target wildcards
 | 	    // but be careful never to register_target wildcards
 | ||||||
| 	    if (stringp(m))  | 	    if (stringp(m))  | ||||||
| 		sAuthenticated(NAMEPREP(m)); | 		sAuthenticated(m); | ||||||
| 	    else  | 	    else  | ||||||
| 		foreach(t : m)  | 		foreach(t : m)  | ||||||
| 		    sAuthenticated(NAMEPREP(t)); | 		    sAuthenticated(t); | ||||||
| 	} | 	} | ||||||
| //#ifdef _flag_allow_certificate_name_common	// to be switched this year
 | //#ifdef _flag_allow_certificate_name_common	// to be switched this year
 | ||||||
| #ifndef _flag_disallow_certificate_name_common | #ifndef _flag_disallow_certificate_name_common | ||||||
|  | @ -129,7 +132,7 @@ int logon(int failure) { | ||||||
| 	// note: CN is deprecated for good reasons.
 | 	// note: CN is deprecated for good reasons.
 | ||||||
| 	else if (t = cert["2.5.4.3"]) { | 	else if (t = cert["2.5.4.3"]) { | ||||||
| 	    P1(("%O believing CN %O\n", ME, t)) | 	    P1(("%O believing CN %O\n", ME, t)) | ||||||
| 	    sAuthenticated(NAMEPREP(t)); | 	    sAuthenticated(t); | ||||||
| 	} | 	} | ||||||
| #endif | #endif | ||||||
| 	if (m = tls_query_connection_info(ME)) { | 	if (m = tls_query_connection_info(ME)) { | ||||||
|  | @ -161,20 +164,12 @@ int logon(int failure) { | ||||||
|     // FIXME
 |     // FIXME
 | ||||||
|     unless(isServer()) { |     unless(isServer()) { | ||||||
| 	emit("|\n"); // initial greeting
 | 	emit("|\n"); // initial greeting
 | ||||||
| #ifdef USE_FEATURES | 	if (sizeof(verify_queue)) { | ||||||
| 	// we have no features to request or offer
 | 	    foreach(mixed t : verify_queue) { | ||||||
| 	msg(0, "_request_features", 0); | 		sender_verification(t[0], t[1]); | ||||||
| #else | 	    } | ||||||
| # ifdef USE_VERIFICATION | 	    verify_queue = ({ }); | ||||||
| 	// start hostname verification
 |  | ||||||
| 	// rather: look at Q and look for the hostnames we need
 |  | ||||||
| 	sender_verification(({ SERVER_HOST }), ({ peerhost })); |  | ||||||
| # else |  | ||||||
| 	if (function_exists("runQ")) { |  | ||||||
| 	    runQ(); |  | ||||||
| 	} | 	} | ||||||
| # endif |  | ||||||
| #endif |  | ||||||
|     } |     } | ||||||
|     return 1; |     return 1; | ||||||
| } | } | ||||||
|  | @ -209,74 +204,66 @@ first_response() { | ||||||
| // receives a msg from the remote side
 | // receives a msg from the remote side
 | ||||||
| // note: this is circuit-messaging
 | // note: this is circuit-messaging
 | ||||||
| void circuit_msg(string mc, mapping vars, string data) { | void circuit_msg(string mc, mapping vars, string data) { | ||||||
|  |     mapping rv = ([ ]); | ||||||
|  |     mixed *u; | ||||||
|     switch(mc) { |     switch(mc) { | ||||||
|     case "_request_verification": |     case "_request_authorization": | ||||||
| 	if (tls_query_connection_state(ME) == 0) { | 	if (vars["_tag"]) { | ||||||
| 	    array(string) targethosts = ({ }); | 		rv["_tag_relay"] = vars["_tag"]; | ||||||
| 	    foreach(string ho : vars["_list_targets_hosts"]) { |  | ||||||
| 		if (is_localhost(ho)) { |  | ||||||
| 		    targethosts += ({ ho }); |  | ||||||
| 	} | 	} | ||||||
|  | 	if (!vars["_uniform_source"] && vars["_uniform_target"]) { | ||||||
|  | 		CIRCUITERROR("_request_authorization without uniform source and/or target?!"); | ||||||
| 	} | 	} | ||||||
| 	    if (sizeof(vars["_list_sources_hosts"]) == 1) { |  | ||||||
| 		// doing multiple resolutions in parallel is more complicated
 |  | ||||||
| 		string ho = vars["_list_sources_hosts"][0]; |  | ||||||
| 		if (qAuthenticated(ho)) { |  | ||||||
| 		    P0(("warning: trying to reverify authenticated host %O",ho)) |  | ||||||
| 		} else { |  | ||||||
| 		    dns_resolve(ho, (:  |  | ||||||
| 			// FIXME: psyc/parse::deliver is much better here
 |  | ||||||
| 			mixed rv = (["_list_targets_accepted_hosts":targethosts]); |  | ||||||
| 
 | 
 | ||||||
| 			if (vars["_tag"]) rv["_tag_reply"] = vars["_tag"]; | 	rv["_uniform_target"] = vars["_uniform_target"]; | ||||||
| 			if ($1 == peerip) { | 	rv["_uniform_source"] = vars["_uniform_source"]; | ||||||
| 			    sAuthenticated(NAMEPREP(ho)); | 
 | ||||||
| 			    rv["_list_sources_verified_hosts"] = ({ ho }); | 	u = parse_uniform(vars["_uniform_target"]); | ||||||
| 			} else { | 	if (!(u && is_localhost(u[UHost]))) { | ||||||
| 			    rv["_list_sources_rejected_hosts"] = ({ ho }); | 		msg(0, "_error_invalid_uniform_target", "[_uniform_target] is not hosted here.", rv); | ||||||
| 			} |  | ||||||
| 			msg(0, "_notice_verification", 0, rv); |  | ||||||
| 		return; | 		return; | ||||||
| 		    :)); |  | ||||||
| 	} | 	} | ||||||
| 	    } else { | 	u = parse_uniform(vars["_uniform_source"]); | ||||||
| 		// FIXME!!!!
 | 	// qAuthenticated does that:u[UHost] = NAMEPREP(u[UHost]);
 | ||||||
| 		CIRCUITERROR("sorry, no more than one element in _list_sources_hosts currently"); | 	if (qAuthenticated(u[UHost])) { | ||||||
| 		P0(("more than one element in _list_sources_hosts: %O\n", vars["_list_sources_hosts"])) | 		// possibly different _uniform_target only
 | ||||||
| 	    } |  | ||||||
| 	    // keep tag if present!!!
 |  | ||||||
| 	    // resolve all of _list_sources_hosts
 |  | ||||||
| 	    // look at _list_targets_hosts and determine localhostiness
 |  | ||||||
| 	} else { |  | ||||||
| 	    CIRCUITERROR("_request_verification is not allowed on TLS circuits."); |  | ||||||
| 	} |  | ||||||
| 	break; |  | ||||||
|     case "_notice_features": |  | ||||||
| 	// FIXME: watch for _list_using_modules
 |  | ||||||
| 		if (flags & TCP_PENDING_TIMEOUT) { | 		if (flags & TCP_PENDING_TIMEOUT) { | ||||||
| 			P0(("removing call out\n")) | 			P0(("removing call out\n")) | ||||||
| 					remove_call_out(#'quit); | 					remove_call_out(#'quit); | ||||||
| 			flags -= TCP_PENDING_TIMEOUT; | 			flags -= TCP_PENDING_TIMEOUT; | ||||||
| 		} | 		} | ||||||
| 	sTextPath(); | 		msg(0, "_status_authorization", 0, rv); | ||||||
| #ifdef USE_FEATURES | 	// } else if (tls_query_connection_state(ME) == 1 && ...) {
 | ||||||
| 	if (tls_query_connection_state(ME) == 0) { | 	// FIXME
 | ||||||
| # ifdef USE_VERIFICATION |  | ||||||
| 	    // start hostname verification
 |  | ||||||
| 	    // rather: look at Q and look for the hostnames we need
 |  | ||||||
| 	    sender_verification(({ SERVER_HOST }), ({ peerhost })); |  | ||||||
| # endif |  | ||||||
| 	} else { | 	} else { | ||||||
| 	    if (function_exists("runQ")) { | 		string ho = u[UHost]; | ||||||
| 		runQ(); | 		// FIXME: this actually needs to consider srv, too...
 | ||||||
|  | 		dns_resolve(ho, (:  | ||||||
|  | 				 // FIXME: psyc/parse::deliver is much better here
 | ||||||
|  | 				 P0(("resolved %O to %O, expecting %O\n", ho, $1, peerip)) | ||||||
|  | 				 if ($1 == peerip) { | ||||||
|  | 					sAuthenticated(ho); | ||||||
|  | 					if (flags & TCP_PENDING_TIMEOUT) { | ||||||
|  | 						P0(("removing call out\n")) | ||||||
|  | 						remove_call_out(#'quit); | ||||||
|  | 						flags -= TCP_PENDING_TIMEOUT; | ||||||
| 					} | 					} | ||||||
|  | 					msg(0, "_status_authorization", 0, rv); | ||||||
|  | 				 } else { | ||||||
|  | 				 	msg(0, "_error_invalid_uniform_source", 0, rv); | ||||||
|  | 				 } | ||||||
|  | 				 return; | ||||||
|  | 				 :)); | ||||||
| 	} | 	} | ||||||
| #endif |  | ||||||
| 	break; | 	break; | ||||||
|     case "_notice_verification":	 |     case "_status_authorization":	 | ||||||
| 	P0(("_notice verification with %O\n", vars)) | 	P0(("_status authorization with %O\n", vars)) | ||||||
|  | 	// this means we can send from _uniform_source to _uniform_target
 | ||||||
|  | 	// we already did sAuthenticated _uniform_target before so we can't get
 | ||||||
|  | 	// tricked into it here
 | ||||||
| 	if (function_exists("runQ")) { | 	if (function_exists("runQ")) { | ||||||
| 	    runQ();  | 	    runQ();  | ||||||
|  | 	    // actually runQ(_uniform_source, _uniform_target)
 | ||||||
| 	} | 	} | ||||||
| 	break; | 	break; | ||||||
|     default: |     default: | ||||||
|  | @ -290,6 +277,7 @@ varargs int msg(string source, string mc, string data, | ||||||
|     mapping vars, int showingLog, mixed target) { |     mapping vars, int showingLog, mixed target) { | ||||||
| 
 | 
 | ||||||
|     string buf = ""; |     string buf = ""; | ||||||
|  |     mixed u; | ||||||
| 
 | 
 | ||||||
|     unless(vars) vars = ([ ]); |     unless(vars) vars = ([ ]); | ||||||
|     buf = render_psyc(source, mc, data, vars, showingLog, target); |     buf = render_psyc(source, mc, data, vars, showingLog, target); | ||||||
|  |  | ||||||
|  | @ -161,14 +161,12 @@ void dispatch(mapping rvars, mapping evars, mixed method, mixed body) { | ||||||
|         unless (u = parse_uniform(t)) { |         unless (u = parse_uniform(t)) { | ||||||
|             DISPATCHERROR("logical source is not a uniform\n") |             DISPATCHERROR("logical source is not a uniform\n") | ||||||
|         } |         } | ||||||
| #ifdef USE_VERIFICATION |  | ||||||
| #ifdef PSYC_TCP | #ifdef PSYC_TCP | ||||||
|         unless (qAuthenticated(NAMEPREP(u[UHost]))) { |         unless (qAuthenticated(u[UHost])) { | ||||||
|             DISPATCHERROR("non-authenticated host\n") |             DISPATCHERROR("non-authenticated host\n") | ||||||
|         } |         } | ||||||
| #else | #else | ||||||
|         // TODO? |         // TODO? | ||||||
| # endif |  | ||||||
| #endif | #endif | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -69,6 +69,7 @@ void greet() { | ||||||
| 	// should be sharing code with net/psyc and do a proper greeting
 | 	// should be sharing code with net/psyc and do a proper greeting
 | ||||||
| 	// three separate packets follow (thus three emits)
 | 	// three separate packets follow (thus three emits)
 | ||||||
| 	//emit(S_GLYPH_PACKET_DELIMITER "\n");
 | 	//emit(S_GLYPH_PACKET_DELIMITER "\n");
 | ||||||
|  | 	/*
 | ||||||
| 	emit("\
 | 	emit("\
 | ||||||
| :_source\t"+ SERVER_UNIFORM +"\n\ | :_source\t"+ SERVER_UNIFORM +"\n\ | ||||||
| :_target_peer\tpsyc://"+ peeraddr +"/\n\ | :_target_peer\tpsyc://"+ peeraddr +"/\n\ | ||||||
|  | @ -81,6 +82,7 @@ _status_circuit\n" S_GLYPH_PACKET_DELIMITER "\n"); | ||||||
| #ifdef _flag_log_sockets_SPYC | #ifdef _flag_log_sockets_SPYC | ||||||
| 	log_file("RAW_SPYC", "« %O greeted.\n", ME); | 	log_file("RAW_SPYC", "« %O greeted.\n", ME); | ||||||
| #endif | #endif | ||||||
|  | 	*/ | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void resolved(mixed host, mixed tag) { | static void resolved(mixed host, mixed tag) { | ||||||
|  | @ -176,20 +178,27 @@ static void resolved(mixed host, mixed tag) { | ||||||
| 	sTextPath(); | 	sTextPath(); | ||||||
| 	greet(); | 	greet(); | ||||||
| 
 | 
 | ||||||
| 	// FIXME: determine response to greeting
 | 	//msg(0, "_notice_features", 0, tag ? ([ "_tag_reply" : tag ]) : 0);
 | ||||||
| 	// 	instead of this dummy
 |  | ||||||
| 	msg(0, "_notice_features", 0, tag ? ([ "_tag_reply" : tag ]) : 0); |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void circuit_msg(string mc, mapping vars, string data) { | int logon(int nothing) { | ||||||
|     switch(mc) { | 	P2(("%O accepted TCP from %O (%s:%O)\n", ME, | ||||||
|     case "_request_features": // only servers handle _request_features
 | 	    query_ip_name(), query_ip_number(), peerport)) | ||||||
| 	interrupt_parse(); | 	// we could set the next_input_to and reply with _failure until
 | ||||||
| 	dns_rresolve(peerip, #'resolved, vars && vars["_tag"]); | 	// hostname is resolved  .. TODO  ... no, we need some form
 | ||||||
| 	break; | 	// of queuing for the scripts which do not wait.. why? don't we
 | ||||||
|     default: | 	// squeeze received packets thru dns-lambdas anyway?
 | ||||||
| 	return ::circuit_msg(mc, vars, data); | 	// peerport has either positive or negative value
 | ||||||
|     } | 	//peeraddr = peerip+":"+peerport;
 | ||||||
|  | 	::logon(0); | ||||||
|  | #if 0 //def EXPERIMENTAL
 | ||||||
|  | 	// added this because greet() happens after dns resolution and
 | ||||||
|  | 	// some quick clients may not be waiting that long.. then again
 | ||||||
|  | 	// if they do, they deserve other treatment
 | ||||||
|  | 	sTextPath(); | ||||||
|  | #endif | ||||||
|  | 	dns_rresolve(peerip, #'resolved); | ||||||
|  | 	return 1;   // success
 | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #endif // LIBPSYC
 | #endif // LIBPSYC
 | ||||||
|  |  | ||||||
|  | @ -29,12 +29,14 @@ volatile mapping authhosts; | ||||||
| void sAuthenticated(string hostname) {  | void sAuthenticated(string hostname) {  | ||||||
|     P3(("sAuthenticated: %O\n", hostname)) |     P3(("sAuthenticated: %O\n", hostname)) | ||||||
|     unless(authhosts && mappingp(authhosts)) authhosts = ([ ]); |     unless(authhosts && mappingp(authhosts)) authhosts = ([ ]); | ||||||
|  |     hostname = NAMEPREP(hostname); | ||||||
|     authhosts[hostname] = 1; |     authhosts[hostname] = 1; | ||||||
| }  | }  | ||||||
| 
 | 
 | ||||||
| int qAuthenticated(mixed hostname) { | int qAuthenticated(mixed hostname) { | ||||||
|     P3(("qAuthenticated %O, %O\n", hostname, authhosts)) |     P3(("qAuthenticated %O, %O\n", hostname, authhosts)) | ||||||
|     unless (authhosts && mappingp(authhosts)) return 0; |     unless (authhosts && mappingp(authhosts)) return 0; | ||||||
|  |     hostname = NAMEPREP(hostname); | ||||||
|     return member(authhosts, hostname); |     return member(authhosts, hostname); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue