mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
* src/ejabberd_s2s_in.erl: Support for dNSName certificate field
and DNS name matching * src/XmppAddr.asn1: Moved here from src/tls/XmppAddr.asn1 * src/tls/XmppAddr.asn1: Likewise * src/Makefile.in: Updated * src/tls/Makefile.in: Updated SVN Revision: 435
This commit is contained in:
parent
57a6d0e1d3
commit
c6441edc7a
@ -1,3 +1,12 @@
|
||||
2005-11-17 Alexey Shchepin <alexey@sevcom.net>
|
||||
|
||||
* src/ejabberd_s2s_in.erl: Support for dNSName certificate field
|
||||
and DNS name matching
|
||||
* src/XmppAddr.asn1: Moved here from src/tls/XmppAddr.asn1
|
||||
* src/tls/XmppAddr.asn1: Likewise
|
||||
* src/Makefile.in: Updated
|
||||
* src/tls/Makefile.in: Updated
|
||||
|
||||
2005-11-16 Alexey Shchepin <alexey@sevcom.net>
|
||||
|
||||
* src/odbc/ejabberd_odbc.erl: Support for mnesia-like transaction
|
||||
|
@ -27,9 +27,11 @@ MSGSDIR = $(PRIVDIR)/msgs
|
||||
LOGDIR = $(DESTDIR)/var/log/ejabberd
|
||||
ETCDIR = $(DESTDIR)/etc/ejabberd
|
||||
|
||||
ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
|
||||
|
||||
all: $(ERLSHLIBS) compile-beam all-recursive
|
||||
|
||||
compile-beam:
|
||||
compile-beam: XmppAddr.hrl
|
||||
@ERL@ -s make all report -noinput -s erlang halt
|
||||
|
||||
|
||||
@ -43,6 +45,9 @@ mostlyclean-recursive maintainer-clean-recursive:
|
||||
done
|
||||
|
||||
|
||||
%.hrl: %.asn1
|
||||
erlc $(ASN_FLAGS) $<
|
||||
|
||||
$(ERLSHLIBS): %.so: %.c
|
||||
gcc -Wall $(CFLAGS) $(LDFLAGS) $(LIBS) \
|
||||
$(subst ../,,$(subst .so,.c,$@)) \
|
||||
|
@ -14,7 +14,7 @@
|
||||
|
||||
%% External exports
|
||||
-export([start/2,
|
||||
start_link/2]).
|
||||
start_link/2,match_domain/2]).
|
||||
|
||||
%% gen_fsm callbacks
|
||||
-export([init/1,
|
||||
@ -32,7 +32,7 @@
|
||||
%-include_lib("ssl/pkix/SSL-PKIX.hrl").
|
||||
-include_lib("ssl/pkix/PKIX1Explicit88.hrl").
|
||||
-include_lib("ssl/pkix/PKIX1Implicit88.hrl").
|
||||
-include("tls/XmppAddr.hrl").
|
||||
-include("XmppAddr.hrl").
|
||||
|
||||
-define(DICT, dict).
|
||||
|
||||
@ -239,9 +239,16 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
|
||||
error ->
|
||||
false;
|
||||
_ ->
|
||||
lists:member(
|
||||
AuthDomain,
|
||||
get_cert_domains(Cert))
|
||||
case idna:domain_utf8_to_ascii(AuthDomain) of
|
||||
false ->
|
||||
false;
|
||||
PCAuthDomain ->
|
||||
lists:any(
|
||||
fun(D) ->
|
||||
match_domain(
|
||||
PCAuthDomain, D)
|
||||
end, get_cert_domains(Cert))
|
||||
end
|
||||
end;
|
||||
_ ->
|
||||
false
|
||||
@ -548,8 +555,7 @@ get_cert_domains(Cert) ->
|
||||
lists:flatmap(
|
||||
fun(#'AttributeTypeAndValue'{type = ?'id-at-commonName',
|
||||
value = Val}) ->
|
||||
case 'PKIX1Explicit88':decode(
|
||||
'X520CommonName', Val) of
|
||||
case 'PKIX1Explicit88':decode('X520CommonName', Val) of
|
||||
{ok, {_, D1}} ->
|
||||
D = if
|
||||
is_list(D1) -> D1;
|
||||
@ -598,13 +604,27 @@ get_cert_domains(Cert) ->
|
||||
#jid{luser = "",
|
||||
lserver = LD,
|
||||
lresource = ""} ->
|
||||
[LD];
|
||||
case idna:domain_utf8_to_ascii(LD) of
|
||||
false ->
|
||||
[];
|
||||
PCLD ->
|
||||
[PCLD]
|
||||
end;
|
||||
_ ->
|
||||
[]
|
||||
end;
|
||||
_ ->
|
||||
[]
|
||||
end;
|
||||
({dNSName, D}) when is_list(D) ->
|
||||
case jlib:string_to_jid(D) of
|
||||
#jid{luser = "",
|
||||
lserver = LD,
|
||||
lresource = ""} ->
|
||||
[LD];
|
||||
_ ->
|
||||
[]
|
||||
end;
|
||||
(_) ->
|
||||
[]
|
||||
end, SANs);
|
||||
@ -615,5 +635,34 @@ get_cert_domains(Cert) ->
|
||||
[]
|
||||
end, Extensions).
|
||||
|
||||
match_domain(Domain, Domain) ->
|
||||
true;
|
||||
match_domain(Domain, Pattern) ->
|
||||
DLabels = string:tokens(Domain, "."),
|
||||
PLabels = string:tokens(Pattern, "."),
|
||||
match_labels(DLabels, PLabels).
|
||||
|
||||
match_labels([], []) ->
|
||||
true;
|
||||
match_labels([], [_ | _]) ->
|
||||
false;
|
||||
match_labels([_ | _], []) ->
|
||||
false;
|
||||
match_labels([DL | DLabels], [PL | PLabels]) ->
|
||||
case lists:all(fun(C) -> (($a =< C) andalso (C =< $z))
|
||||
orelse (($0 =< C) andalso (C =< $9))
|
||||
orelse (C == $-) orelse (C == $*)
|
||||
end, PL) of
|
||||
true ->
|
||||
Regexp = regexp:sh_to_awk(PL),
|
||||
case regexp:match(DL, Regexp) of
|
||||
{match, _, _} ->
|
||||
match_labels(DLabels, PLabels);
|
||||
_ ->
|
||||
false
|
||||
end;
|
||||
false ->
|
||||
false
|
||||
end.
|
||||
|
||||
|
||||
|
@ -12,18 +12,14 @@ ERLSHLIBS = ../tls_drv.so
|
||||
|
||||
OUTDIR = ..
|
||||
EFLAGS = -I .. -pz ..
|
||||
ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
|
||||
OBJS = \
|
||||
$(OUTDIR)/tls.beam $(OUTDIR)/XmppAddr.beam
|
||||
$(OUTDIR)/tls.beam
|
||||
|
||||
all: $(OBJS) $(ERLSHLIBS)
|
||||
|
||||
$(OUTDIR)/%.beam: %.erl
|
||||
@ERLC@ -W $(EFLAGS) -o $(OUTDIR) $<
|
||||
|
||||
%.erl: %.asn1
|
||||
erlc $(ASN_FLAGS) $<
|
||||
|
||||
#all: $(ERLSHLIBS)
|
||||
# erl -s make all report "{outdir, \"..\"}" -noinput -s erlang halt
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user