Permalink
Browse files

* src/ejabberd_s2s_in.erl: Support for dNSName certificate field

and DNS name matching
* src/XmppAddr.asn1: Moved here from src/tls/XmppAddr.asn1
* src/tls/XmppAddr.asn1: Likewise    
* src/Makefile.in: Updated
* src/tls/Makefile.in: Updated

SVN Revision: 435
  • Loading branch information...
1 parent 57a6d0e commit c6441edc7a33566e83ce2e223b865019a54f6c47 @alexeyshch alexeyshch committed Nov 17, 2005
Showing with 73 additions and 14 deletions.
  1. +9 −0 ChangeLog
  2. +6 −1 src/Makefile.in
  3. 0 src/{tls → }/XmppAddr.asn1
  4. +57 −8 src/ejabberd_s2s_in.erl
  5. +1 −5 src/tls/Makefile.in
View
@@ -1,3 +1,12 @@
+2005-11-17 Alexey Shchepin <alexey@sevcom.net>
+
+ * src/ejabberd_s2s_in.erl: Support for dNSName certificate field
+ and DNS name matching
+ * src/XmppAddr.asn1: Moved here from src/tls/XmppAddr.asn1
+ * src/tls/XmppAddr.asn1: Likewise
+ * src/Makefile.in: Updated
+ * src/tls/Makefile.in: Updated
+
2005-11-16 Alexey Shchepin <alexey@sevcom.net>
* src/odbc/ejabberd_odbc.erl: Support for mnesia-like transaction
View
@@ -27,9 +27,11 @@ MSGSDIR = $(PRIVDIR)/msgs
LOGDIR = $(DESTDIR)/var/log/ejabberd
ETCDIR = $(DESTDIR)/etc/ejabberd
+ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
+
all: $(ERLSHLIBS) compile-beam all-recursive
-compile-beam:
+compile-beam: XmppAddr.hrl
@ERL@ -s make all report -noinput -s erlang halt
@@ -43,6 +45,9 @@ mostlyclean-recursive maintainer-clean-recursive:
done
+%.hrl: %.asn1
+ erlc $(ASN_FLAGS) $<
+
$(ERLSHLIBS): %.so: %.c
gcc -Wall $(CFLAGS) $(LDFLAGS) $(LIBS) \
$(subst ../,,$(subst .so,.c,$@)) \
File renamed without changes.
@@ -14,7 +14,7 @@
%% External exports
-export([start/2,
- start_link/2]).
+ start_link/2,match_domain/2]).
%% gen_fsm callbacks
-export([init/1,
@@ -32,7 +32,7 @@
%-include_lib("ssl/pkix/SSL-PKIX.hrl").
-include_lib("ssl/pkix/PKIX1Explicit88.hrl").
-include_lib("ssl/pkix/PKIX1Implicit88.hrl").
--include("tls/XmppAddr.hrl").
+-include("XmppAddr.hrl").
-define(DICT, dict).
@@ -239,9 +239,16 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
error ->
false;
_ ->
- lists:member(
- AuthDomain,
- get_cert_domains(Cert))
+ case idna:domain_utf8_to_ascii(AuthDomain) of
+ false ->
+ false;
+ PCAuthDomain ->
+ lists:any(
+ fun(D) ->
+ match_domain(
+ PCAuthDomain, D)
+ end, get_cert_domains(Cert))
+ end
end;
_ ->
false
@@ -548,8 +555,7 @@ get_cert_domains(Cert) ->
lists:flatmap(
fun(#'AttributeTypeAndValue'{type = ?'id-at-commonName',
value = Val}) ->
- case 'PKIX1Explicit88':decode(
- 'X520CommonName', Val) of
+ case 'PKIX1Explicit88':decode('X520CommonName', Val) of
{ok, {_, D1}} ->
D = if
is_list(D1) -> D1;
@@ -598,13 +604,27 @@ get_cert_domains(Cert) ->
#jid{luser = "",
lserver = LD,
lresource = ""} ->
- [LD];
+ case idna:domain_utf8_to_ascii(LD) of
+ false ->
+ [];
+ PCLD ->
+ [PCLD]
+ end;
_ ->
[]
end;
_ ->
[]
end;
+ ({dNSName, D}) when is_list(D) ->
+ case jlib:string_to_jid(D) of
+ #jid{luser = "",
+ lserver = LD,
+ lresource = ""} ->
+ [LD];
+ _ ->
+ []
+ end;
(_) ->
[]
end, SANs);
@@ -615,5 +635,34 @@ get_cert_domains(Cert) ->
[]
end, Extensions).
+match_domain(Domain, Domain) ->
+ true;
+match_domain(Domain, Pattern) ->
+ DLabels = string:tokens(Domain, "."),
+ PLabels = string:tokens(Pattern, "."),
+ match_labels(DLabels, PLabels).
+
+match_labels([], []) ->
+ true;
+match_labels([], [_ | _]) ->
+ false;
+match_labels([_ | _], []) ->
+ false;
+match_labels([DL | DLabels], [PL | PLabels]) ->
+ case lists:all(fun(C) -> (($a =< C) andalso (C =< $z))
+ orelse (($0 =< C) andalso (C =< $9))
+ orelse (C == $-) orelse (C == $*)
+ end, PL) of
+ true ->
+ Regexp = regexp:sh_to_awk(PL),
+ case regexp:match(DL, Regexp) of
+ {match, _, _} ->
+ match_labels(DLabels, PLabels);
+ _ ->
+ false
+ end;
+ false ->
+ false
+ end.
View
@@ -12,18 +12,14 @@ ERLSHLIBS = ../tls_drv.so
OUTDIR = ..
EFLAGS = -I .. -pz ..
-ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
OBJS = \
- $(OUTDIR)/tls.beam $(OUTDIR)/XmppAddr.beam
+ $(OUTDIR)/tls.beam
all: $(OBJS) $(ERLSHLIBS)
$(OUTDIR)/%.beam: %.erl
@ERLC@ -W $(EFLAGS) -o $(OUTDIR) $<
-%.erl: %.asn1
- erlc $(ASN_FLAGS) $<
-
#all: $(ERLSHLIBS)
# erl -s make all report "{outdir, \"..\"}" -noinput -s erlang halt

0 comments on commit c6441ed

Please sign in to comment.