Mercurial > prosody-modules
annotate mod_auth_ldap2/mod_auth_ldap2.lua @ 6082:1a6cd0bbb7ab
mod_compliance_2023: Add 2023 Version of the compliance module, basis is the 2021 Version.
diff --git a/mod_compliance_2023/README.md b/mod_compliance_2023/README.md
new file mode 100644
--- /dev/null
+++ b/mod_compliance_2023/README.md
@@ -0,0 +1,22 @@
+---
+summary: XMPP Compliance Suites 2023 self-test
+labels:
+- Stage-Beta
+rockspec:
+ dependencies:
+ - mod_cloud_notify
+
+...
+
+Compare the list of enabled modules with
+[XEP-0479: XMPP Compliance Suites 2023] and produce basic report to the
+Prosody log file.
+
+If installed with the Prosody plugin installer then all modules needed for a green checkmark should be included. (With prosody 0.12 only [mod_cloud_notify] is not included with prosody and we need the community module)
+
+# Compatibility
+
+ Prosody-Version Status
+ --------------- ----------------------
+ trunk Works as of 2024-12-21
+ 0.12 Works
diff --git a/mod_compliance_2023/mod_compliance_2023.lua b/mod_compliance_2023/mod_compliance_2023.lua
new file mode 100644
--- /dev/null
+++ b/mod_compliance_2023/mod_compliance_2023.lua
@@ -0,0 +1,79 @@
+-- Copyright (c) 2021 Kim Alvefur
+--
+-- This module is MIT licensed.
+
+local hostmanager = require "core.hostmanager";
+
+local array = require "util.array";
+local set = require "util.set";
+
+local modules_enabled = module:get_option_inherited_set("modules_enabled");
+
+for host in pairs(hostmanager.get_children(module.host)) do
+ local component = module:context(host):get_option_string("component_module");
+ if component then
+ modules_enabled:add(component);
+ modules_enabled:include(module:context(host):get_option_set("modules_enabled", {}));
+ end
+end
+
+local function check(suggested, alternate, ...)
+ if set.intersection(modules_enabled, set.new({suggested; alternate; ...})):empty() then return suggested; end
+ return false;
+end
+
+local compliance = {
+ array {"Server"; check("tls"); check("disco")};
+
+ array {"Advanced Server"; check("pep", "pep_simple")};
+
+ array {"Web"; check("bosh"); check("websocket")};
+
+ -- No Server requirements for Advanced Web
+
+ array {"IM"; check("vcard_legacy", "vcard"); check("carbons"); check("http_file_share", "http_upload")};
+
+ array {
+ "Advanced IM";
+ check("vcard_legacy", "vcard");
+ check("blocklist");
+ check("muc");
+ check("private");
+ check("smacks");
+ check("mam");
+ check("bookmarks");
+ };
+
+ array {"Mobile"; check("smacks"); check("csi_simple", "csi_battery_saver")};
+
+ array {"Advanced Mobile"; check("cloud_notify")};
+
+ array {"A/V Calling"; check("turn_external", "external_services", "turncredentials", "extdisco")};
+
+};
+
+function check_compliance()
+ local compliant = true;
+ for _, suite in ipairs(compliance) do
+ local section = suite:pop(1);
+ if module:get_option_boolean("compliance_" .. section:lower():gsub("%A", "_"), true) then
+ local missing = set.new(suite:filter(function(m) return type(m) == "string" end):map(function(m) return "mod_" .. m end));
+ if suite[1] then
+ if compliant then
+ compliant = false;
+ module:log("warn", "Missing some modules for XMPP Compliance 2023");
+ end
+ module:log("info", "%s Compliance: %s", section, missing);
+ end
+ end
+ end
+
+ if compliant then module:log("info", "XMPP Compliance 2023: Compliant ✔️"); end
+end
+
+if prosody.start_time then
+ check_compliance()
+else
+ module:hook_global("server-started", check_compliance);
+end
+
| author | Menel <menel@snikket.de> |
|---|---|
| date | Sun, 22 Dec 2024 16:06:28 +0100 |
| parents | f2b29183ef08 |
| children |
| rev | line source |
|---|---|
| 809 | 1 -- vim:sts=4 sw=4 |
| 2 | |
| 3 -- Prosody IM | |
| 4 -- Copyright (C) 2008-2010 Matthew Wild | |
| 5 -- Copyright (C) 2008-2010 Waqas Hussain | |
| 6 -- Copyright (C) 2012 Rob Hoelz | |
| 7 -- | |
| 8 -- This project is MIT/X11 licensed. Please see the | |
| 9 -- COPYING file in the source package for more information. | |
| 10 -- | |
| 11 -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua | |
| 12 -- adapted to use common LDAP store | |
| 13 | |
| 14 local ldap = module:require 'ldap'; | |
| 15 local new_sasl = require 'util.sasl'.new; | |
| 16 local jsplit = require 'util.jid'.split; | |
| 17 | |
| 18 if not ldap then | |
| 19 return; | |
| 20 end | |
| 21 | |
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
809
diff
changeset
|
22 local provider = {} |
| 809 | 23 |
| 24 function provider.test_password(username, password) | |
| 25 return ldap.bind(username, password); | |
| 26 end | |
| 27 | |
| 28 function provider.user_exists(username) | |
| 29 local params = ldap.getparams() | |
| 30 | |
| 31 local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); | |
| 32 | |
| 33 return ldap.singlematch { | |
| 34 base = params.user.basedn, | |
| 35 filter = filter, | |
| 36 }; | |
| 37 end | |
| 38 | |
| 39 function provider.get_password(username) | |
| 40 return nil, "Passwords unavailable for LDAP."; | |
| 41 end | |
| 42 | |
| 43 function provider.set_password(username, password) | |
| 44 return nil, "Passwords unavailable for LDAP."; | |
| 45 end | |
| 46 | |
| 47 function provider.create_user(username, password) | |
| 48 return nil, "Account creation/modification not available with LDAP."; | |
| 49 end | |
| 50 | |
| 51 function provider.get_sasl_handler() | |
| 52 local testpass_authentication_profile = { | |
| 53 plain_test = function(sasl, username, password, realm) | |
|
902
490cb9161c81
mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents:
862
diff
changeset
|
54 return provider.test_password(username, password), true; |
| 809 | 55 end, |
| 56 mechanisms = { PLAIN = true }, | |
| 57 }; | |
| 58 return new_sasl(module.host, testpass_authentication_profile); | |
| 59 end | |
| 60 | |
| 61 function provider.is_admin(jid) | |
|
3869
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
62 local username, userhost = jsplit(jid); |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
63 if userhost ~= module.host then |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
64 return false; |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
65 end |
| 809 | 66 local admin_config = ldap.getparams().admin; |
| 67 | |
| 68 if not admin_config then | |
| 69 return; | |
| 70 end | |
| 71 | |
| 72 local ld = ldap:getconnection(); | |
| 73 local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); | |
| 74 | |
| 75 return ldap.singlematch { | |
| 76 base = admin_config.basedn, | |
| 77 filter = filter, | |
| 78 }; | |
| 79 end | |
| 80 | |
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
809
diff
changeset
|
81 module:provides("auth", provider); |
