Mercurial > prosody-modules
comparison mod_privilege/mod_privilege.lua @ 4937:3ddab718f717
mod_privilege: update to v0.4:
- now the namespace "urn:xmpp:privilege:2" is exclusively used
- IQ permission implementation
- README update
roster pushes are not implemented yet
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Wed, 11 May 2022 12:43:26 +0200 |
| parents | 7454274ead2f |
| children | cce12a660b98 |
comparison
equal
deleted
inserted
replaced
| 4912:b45c23ce24ba | 4937:3ddab718f717 |
|---|---|
| 1 -- XEP-0356 (Privileged Entity) | 1 -- XEP-0356 (Privileged Entity) |
| 2 -- Copyright (C) 2015-2016 Jérôme Poisson | 2 -- Copyright (C) 2015-2022 Jérôme Poisson |
| 3 -- | 3 -- |
| 4 -- This module is MIT/X11 licensed. Please see the | 4 -- This module is MIT/X11 licensed. Please see the |
| 5 -- COPYING file in the source package for more information. | 5 -- COPYING file in the source package for more information. |
| 6 -- | 6 -- |
| 7 -- Some parts come from mod_remote_roster (module by Waqas Hussain and Kim Alvefur, see https://code.google.com/p/prosody-modules/) | 7 -- Some parts come from mod_remote_roster (module by Waqas Hussain and Kim Alvefur, see https://code.google.com/p/prosody-modules/) |
| 10 | 10 |
| 11 local jid = require("util.jid") | 11 local jid = require("util.jid") |
| 12 local set = require("util.set") | 12 local set = require("util.set") |
| 13 local st = require("util.stanza") | 13 local st = require("util.stanza") |
| 14 local roster_manager = require("core.rostermanager") | 14 local roster_manager = require("core.rostermanager") |
| 15 local usermanager_user_exists = require "core.usermanager".user_exists; | 15 local usermanager_user_exists = require "core.usermanager".user_exists |
| 16 local hosts = prosody.hosts | 16 local hosts = prosody.hosts |
| 17 local full_sessions = prosody.full_sessions; | 17 local full_sessions = prosody.full_sessions |
| 18 | 18 |
| 19 local priv_session = module:shared("/*/privilege/session") | 19 local priv_session = module:shared("/*/privilege/session") |
| 20 | 20 |
| 21 if priv_session.connected_cb == nil then | 21 if priv_session.connected_cb == nil then |
| 22 -- set used to have connected event listeners | 22 -- set used to have connected event listeners |
| 23 -- which allows a host to react on events from | 23 -- which allows a host to react on events from |
| 24 -- other hosts | 24 -- other hosts |
| 25 priv_session.connected_cb = set.new() | 25 priv_session.connected_cb = set.new() |
| 26 end | 26 end |
| 27 local connected_cb = priv_session.connected_cb | 27 local connected_cb = priv_session.connected_cb |
| 28 | 28 |
| 29 -- the folowing sets are used to forward presence stanza | 29 -- the folowing sets are used to forward presence stanza |
| 30 -- the folowing sets are used to forward presence stanza | 30 -- the folowing sets are used to forward presence stanza |
| 36 local _ROSTER_SET_PERM = set.new({'set', 'both'}) | 36 local _ROSTER_SET_PERM = set.new({'set', 'both'}) |
| 37 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) | 37 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) |
| 38 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) | 38 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) |
| 39 local _PRESENCE_MANAGED = set.new({'managed_entity', 'roster'}) | 39 local _PRESENCE_MANAGED = set.new({'managed_entity', 'roster'}) |
| 40 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} | 40 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} |
| 41 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' | 41 local _PRIV_ENT_NS = 'urn:xmpp:privilege:2' |
| 42 local _FORWARDED_NS = 'urn:xmpp:forward:0' | 42 local _FORWARDED_NS = 'urn:xmpp:forward:0' |
| 43 local _MODULE_HOST = module:get_host() | 43 local _MODULE_HOST = module:get_host() |
| 44 | 44 |
| 45 | 45 |
| 46 module:log("debug", "Loading privileged entity module "); | 46 module:log("debug", "Loading privileged entity module ") |
| 47 | 47 |
| 48 | 48 |
| 49 --> Permissions management <-- | 49 --> Permissions management <-- |
| 50 | 50 |
| 51 local privileges = module:get_option("privileged_entities", {}) | 51 local config_priv = module:get_option("privileged_entities", {}) |
| 52 | 52 |
| 53 local function get_session_privileges(session, host) | 53 local function get_session_privileges(session, host) |
| 54 if not session.privileges then return nil end | 54 if not session.privileges then return nil end |
| 55 return session.privileges[host] | 55 return session.privileges[host] |
| 56 end | 56 end |
| 57 | 57 |
| 58 | 58 |
| 59 local function advertise_perm(session, to_jid, perms) | 59 local function advertise_perm(session, to_jid, perms) |
| 60 -- send <message/> stanza to advertise permissions | 60 -- send <message/> stanza to advertise permissions |
| 61 -- as expained in § 4.2 | 61 -- as expained in § 4.2 |
| 62 local message = st.message({from=module.host, to=to_jid}) | 62 local message = st.message({from=module.host, to=to_jid}) |
| 63 :tag("privilege", {xmlns=_PRIV_ENT_NS}) | 63 :tag("privilege", {xmlns=_PRIV_ENT_NS}) |
| 64 | 64 |
| 65 for _, perm in pairs({'roster', 'message', 'presence'}) do | 65 for _, perm in pairs({'roster', 'message', 'presence'}) do |
| 66 if perms[perm] then | 66 if perms[perm] then |
| 67 message:tag("perm", {access=perm, type=perms[perm]}):up() | 67 message:tag("perm", {access=perm, type=perms[perm]}):up() |
| 68 end | 68 end |
| 69 end | 69 end |
| 70 session.send(message) | 70 local iq_perm = perms["iq"] |
| 71 if iq_perm ~= nil then | |
| 72 message:tag("perm", {access="iq"}) | |
| 73 for namespace, ns_perm in pairs(iq_perm) do | |
| 74 local perm_type | |
| 75 if ns_perm.set and ns_perm.get then | |
| 76 perm_type = "both" | |
| 77 elseif ns_perm.set then | |
| 78 perm_type = "set" | |
| 79 elseif ns_perm.get then | |
| 80 perm_type = "get" | |
| 81 else | |
| 82 perm_type = nil | |
| 83 end | |
| 84 message:tag("namespace", {ns=namespace, type=perm_type}) | |
| 85 end | |
| 86 end | |
| 87 session.send(message) | |
| 71 end | 88 end |
| 72 | 89 |
| 73 local function set_presence_perm_set(to_jid, perms) | 90 local function set_presence_perm_set(to_jid, perms) |
| 74 -- fill the presence sets according to perms | 91 -- fill the presence sets according to perms |
| 75 if _PRESENCE_MANAGED:contains(perms.presence) then | 92 if _PRESENCE_MANAGED:contains(perms.presence) then |
| 76 presence_man_ent:add(to_jid) | 93 presence_man_ent:add(to_jid) |
| 77 end | 94 end |
| 78 if perms.presence == 'roster' then | 95 if perms.presence == 'roster' then |
| 79 presence_roster:add(to_jid) | 96 presence_roster:add(to_jid) |
| 80 end | 97 end |
| 81 end | 98 end |
| 82 | 99 |
| 83 local function advertise_presences(session, to_jid, perms) | 100 local function advertise_presences(session, to_jid, perms) |
| 84 -- send presence status for already conencted entities | 101 -- send presence status for already connected entities |
| 85 -- as explained in § 7.1 | 102 -- as explained in § 7.1 |
| 86 -- people in roster are probed only for active sessions | 103 -- people in roster are probed only for active sessions |
| 87 -- TODO: manage roster load for inactive sessions | 104 -- TODO: manage roster load for inactive sessions |
| 88 if not perms.presence then return; end | 105 if not perms.presence then return; end |
| 89 local to_probe = {} | 106 local to_probe = {} |
| 90 for _, user_session in pairs(full_sessions) do | 107 for _, user_session in pairs(full_sessions) do |
| 91 if user_session.presence and _PRESENCE_MANAGED:contains(perms.presence) then | 108 if user_session.presence and _PRESENCE_MANAGED:contains(perms.presence) then |
| 92 local presence = st.clone(user_session.presence) | 109 local presence = st.clone(user_session.presence) |
| 93 presence.attr.to = to_jid | 110 presence.attr.to = to_jid |
| 94 module:log("debug", "sending current presence for "..tostring(user_session.full_jid)) | 111 module:log("debug", "sending current presence for "..tostring(user_session.full_jid)) |
| 95 session.send(presence) | 112 session.send(presence) |
| 96 end | 113 end |
| 97 if perms.presence == "roster" then | 114 if perms.presence == "roster" then |
| 98 -- we reset the cache to avoid to miss a presence that just changed | 115 -- we reset the cache to avoid to miss a presence that just changed |
| 99 priv_session.last_presence = nil | 116 priv_session.last_presence = nil |
| 100 | 117 |
| 101 if user_session.roster then | 118 if user_session.roster then |
| 102 local bare_jid = jid.bare(user_session.full_jid) | 119 local bare_jid = jid.bare(user_session.full_jid) |
| 103 for entity, item in pairs(user_session.roster) do | 120 for entity, item in pairs(user_session.roster) do |
| 104 if entity~=false and entity~="pending" and (item.subscription=="both" or item.subscription=="to") then | 121 if entity~=false and entity~="pending" and (item.subscription=="both" or item.subscription=="to") then |
| 105 local _, host = jid.split(entity) | 122 local _, host = jid.split(entity) |
| 106 if not hosts[host] then -- we don't probe jid from hosts we manage | 123 if not hosts[host] then -- we don't probe jid from hosts we manage |
| 107 -- using a table with entity as key avoid probing several time the same one | 124 -- using a table with entity as key avoid probing several time the same one |
| 108 to_probe[entity] = bare_jid | 125 to_probe[entity] = bare_jid |
| 109 end | 126 end |
| 110 end | 127 end |
| 111 end | 128 end |
| 112 end | 129 end |
| 113 end | 130 end |
| 114 end | 131 end |
| 115 | 132 |
| 116 -- now we probe peoples for "roster" presence permission | 133 -- now we probe peoples for "roster" presence permission |
| 117 for probe_to, probe_from in pairs(to_probe) do | 134 for probe_to, probe_from in pairs(to_probe) do |
| 118 module:log("debug", "probing presence for %s (on behalf of %s)", tostring(probe_to), tostring(probe_from)) | 135 module:log("debug", "probing presence for %s (on behalf of %s)", tostring(probe_to), tostring(probe_from)) |
| 119 local probe = st.presence({from=probe_from, to=probe_to, type="probe"}) | 136 local probe = st.presence({from=probe_from, to=probe_to, type="probe"}) |
| 120 prosody.core_route_stanza(nil, probe) | 137 prosody.core_route_stanza(nil, probe) |
| 121 end | 138 end |
| 122 end | 139 end |
| 140 | |
| 123 | 141 |
| 124 local function on_auth(event) | 142 local function on_auth(event) |
| 125 -- Check if entity is privileged according to configuration, | 143 -- Check if entity is privileged according to configuration, |
| 126 -- and set session.privileges accordingly | 144 -- and set session.privileges accordingly |
| 127 | 145 |
| 128 local session = event.session | 146 local session = event.session |
| 129 local bare_jid = jid.join(session.username, session.host) | 147 local bare_jid = jid.join(session.username, session.host) |
| 130 if not session.privileges then | 148 if not session.privileges then |
| 131 session.privileges = {} | 149 session.privileges = {} |
| 132 end | 150 end |
| 133 | 151 |
| 134 local ent_priv = privileges[bare_jid] | 152 local conf_ent_priv = config_priv[bare_jid] |
| 135 if ent_priv ~= nil then | 153 local ent_priv = {} |
| 136 module:log("debug", "Entity is privileged") | 154 if conf_ent_priv ~= nil then |
| 137 for perm_type, allowed_values in pairs(_TO_CHECK) do | 155 module:log("debug", "Entity is privileged") |
| 138 local value = ent_priv[perm_type] | 156 for perm_type, allowed_values in pairs(_TO_CHECK) do |
| 139 if value ~= nil then | 157 local value = conf_ent_priv[perm_type] |
| 140 if not allowed_values:contains(value) then | 158 if value ~= nil then |
| 141 module:log('warn', 'Invalid value for '..perm_type..' privilege: ['..value..']') | 159 if not allowed_values:contains(value) then |
| 142 module:log('warn', 'Setting '..perm_type..' privilege to none') | 160 module:log('warn', 'Invalid value for '..perm_type..' privilege: ['..value..']') |
| 143 ent_priv[perm_type] = nil | 161 module:log('warn', 'Setting '..perm_type..' privilege to none') |
| 144 end | 162 ent_priv[perm_type] = nil |
| 145 if value == 'none' then | 163 elseif value == 'none' then |
| 146 ent_priv[perm_type] = nil | 164 ent_priv[perm_type] = nil |
| 147 end | 165 else |
| 148 end | 166 ent_priv[perm_type] = value |
| 149 end | 167 end |
| 150 -- extra checks for presence permission | 168 else |
| 151 if ent_priv.presence == 'roster' and not _ROSTER_GET_PERM:contains(ent_priv.roster) then | 169 ent_priv[perm_type] = nil |
| 152 module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege") | 170 end |
| 153 module:log("warn", "Setting presence permission to none") | 171 end |
| 154 ent_priv.presence = nil | 172 -- extra checks for presence permission |
| 155 end | 173 if ent_priv.presence == 'roster' and not _ROSTER_GET_PERM:contains(ent_priv.roster) then |
| 156 | 174 module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege") |
| 157 if session.type == "component" then | 175 module:log("warn", "Setting presence permission to none") |
| 158 -- we send the message stanza only for component | 176 ent_priv.presence = nil |
| 159 -- it will be sent at first <presence/> for other entities | 177 end |
| 160 advertise_perm(session, bare_jid, ent_priv) | 178 -- iq permission |
| 161 set_presence_perm_set(bare_jid, ent_priv) | 179 local iq_perm_config = conf_ent_priv["iq"] |
| 162 advertise_presences(session, bare_jid, ent_priv) | 180 if iq_perm_config ~= nil then |
| 163 end | 181 local iq_perm = {} |
| 164 end | 182 ent_priv["iq"] = iq_perm |
| 165 | 183 for ns, ns_perm_config in pairs(iq_perm_config) do |
| 166 session.privileges[_MODULE_HOST] = ent_priv | 184 iq_perm[ns] = { |
| 185 ["get"] = ns_perm_config == "get" or ns_perm_config == "both", | |
| 186 ["set"] = ns_perm_config == "set" or ns_perm_config == "both" | |
| 187 } | |
| 188 end | |
| 189 else | |
| 190 ent_priv["iq"] = nil | |
| 191 end | |
| 192 | |
| 193 if session.type == "component" then | |
| 194 -- we send the message stanza only for component | |
| 195 -- it will be sent at first <presence/> for other entities | |
| 196 advertise_perm(session, bare_jid, ent_priv) | |
| 197 set_presence_perm_set(bare_jid, ent_priv) | |
| 198 advertise_presences(session, bare_jid, ent_priv) | |
| 199 end | |
| 200 end | |
| 201 | |
| 202 session.privileges[_MODULE_HOST] = ent_priv | |
| 167 end | 203 end |
| 168 | 204 |
| 169 local function on_presence(event) | 205 local function on_presence(event) |
| 170 -- Permission are already checked at this point, | 206 -- Permission are already checked at this point, |
| 171 -- we only advertise them to the entity | 207 -- we only advertise them to the entity |
| 172 local session = event.origin | 208 local session = event.origin |
| 173 local session_privileges = get_session_privileges(session, _MODULE_HOST) | 209 local session_privileges = get_session_privileges(session, _MODULE_HOST) |
| 174 if session_privileges then | 210 if session_privileges then |
| 175 advertise_perm(session, session.full_jid, session_privileges) | 211 advertise_perm(session, session.full_jid, session_privileges) |
| 176 set_presence_perm_set(session.full_jid, session_privileges) | 212 set_presence_perm_set(session.full_jid, session_privileges) |
| 177 advertise_presences(session, session.full_jid, session_privileges) | 213 advertise_presences(session, session.full_jid, session_privileges) |
| 178 end | 214 end |
| 179 end | 215 end |
| 180 | 216 |
| 181 local function on_component_auth(event) | 217 local function on_component_auth(event) |
| 182 -- react to component-authenticated event from this host | 218 -- react to component-authenticated event from this host |
| 183 -- and call the on_auth methods from all other hosts | 219 -- and call the on_auth methods from all other hosts |
| 184 -- needed for the component to get delegations advertising | 220 -- needed for the component to get delegations advertising |
| 185 for callback in connected_cb:items() do | 221 for callback in connected_cb:items() do |
| 186 callback(event) | 222 callback(event) |
| 187 end | 223 end |
| 188 end | 224 end |
| 189 | 225 |
| 190 if module:get_host_type() ~= "component" then | 226 if module:get_host_type() ~= "component" then |
| 191 connected_cb:add(on_auth) | 227 connected_cb:add(on_auth) |
| 192 end | 228 end |
| 197 | 233 |
| 198 --> roster permission <-- | 234 --> roster permission <-- |
| 199 | 235 |
| 200 -- get | 236 -- get |
| 201 module:hook("iq-get/bare/jabber:iq:roster:query", function(event) | 237 module:hook("iq-get/bare/jabber:iq:roster:query", function(event) |
| 202 local session, stanza = event.origin, event.stanza; | 238 local session, stanza = event.origin, event.stanza |
| 203 if not stanza.attr.to then | 239 if not stanza.attr.to then |
| 204 -- we don't want stanzas addressed to /self | 240 -- we don't want stanzas addressed to /self |
| 205 return; | 241 return |
| 206 end | 242 end |
| 207 local node, host = jid.split(stanza.attr.to); | 243 local node, host = jid.split(stanza.attr.to) |
| 208 local session_privileges = get_session_privileges(session, host) | 244 local session_privileges = get_session_privileges(session, host) |
| 209 | 245 |
| 210 if session_privileges and _ROSTER_GET_PERM:contains(session_privileges.roster) then | 246 if session_privileges and _ROSTER_GET_PERM:contains(session_privileges.roster) then |
| 211 module:log("debug", "Roster get from allowed privileged entity received") | 247 module:log("debug", "Roster get from allowed privileged entity received") |
| 212 -- following code is adapted from mod_remote_roster | 248 -- following code is adapted from mod_remote_roster |
| 213 local roster = roster_manager.load_roster(node, host); | 249 local roster = roster_manager.load_roster(node, host) |
| 214 | 250 |
| 215 local reply = st.reply(stanza):query("jabber:iq:roster"); | 251 local reply = st.reply(stanza):query("jabber:iq:roster") |
| 216 for entity_jid, item in pairs(roster) do | 252 for entity_jid, item in pairs(roster) do |
| 217 if entity_jid and entity_jid ~= "pending" then | 253 if entity_jid and entity_jid ~= "pending" then |
| 218 reply:tag("item", { | 254 reply:tag("item", { |
| 219 jid = entity_jid, | 255 jid = entity_jid, |
| 220 subscription = item.subscription, | 256 subscription = item.subscription, |
| 221 ask = item.ask, | 257 ask = item.ask, |
| 222 name = item.name, | 258 name = item.name, |
| 223 }); | 259 }) |
| 224 for group in pairs(item.groups) do | 260 for group in pairs(item.groups) do |
| 225 reply:tag("group"):text(group):up(); | 261 reply:tag("group"):text(group):up() |
| 226 end | 262 end |
| 227 reply:up(); -- move out from item | 263 reply:up(); -- move out from item |
| 228 end | 264 end |
| 229 end | 265 end |
| 230 -- end of code adapted from mod_remote_roster | 266 -- end of code adapted from mod_remote_roster |
| 231 session.send(reply); | 267 session.send(reply) |
| 232 else | 268 else |
| 233 module:log("warn", "Entity "..tostring(session.full_jid).." try to get roster without permission") | 269 module:log("warn", "Entity "..tostring(session.full_jid).." try to get roster without permission") |
| 234 session.send(st.error_reply(stanza, 'auth', 'forbidden')) | 270 session.send(st.error_reply(stanza, 'auth', 'forbidden')) |
| 235 end | 271 end |
| 236 | 272 |
| 237 return true | 273 return true |
| 238 end); | 274 end) |
| 239 | 275 |
| 240 -- set | 276 -- set |
| 241 module:hook("iq-set/bare/jabber:iq:roster:query", function(event) | 277 module:hook("iq-set/bare/jabber:iq:roster:query", function(event) |
| 242 local session, stanza = event.origin, event.stanza; | 278 local session, stanza = event.origin, event.stanza |
| 243 if not stanza.attr.to then | 279 if not stanza.attr.to then |
| 244 -- we don't want stanzas addressed to /self | 280 -- we don't want stanzas addressed to /self |
| 245 return; | 281 return |
| 246 end | 282 end |
| 247 local from_node, from_host = jid.split(stanza.attr.to); | 283 local from_node, from_host = jid.split(stanza.attr.to) |
| 248 local session_privileges = get_session_privileges(session, from_host) | 284 local session_privileges = get_session_privileges(session, from_host) |
| 249 | 285 |
| 250 if session_privileges and _ROSTER_SET_PERM:contains(session_privileges.roster) then | 286 if session_privileges and _ROSTER_SET_PERM:contains(session_privileges.roster) then |
| 251 module:log("debug", "Roster set from allowed privileged entity received") | 287 module:log("debug", "Roster set from allowed privileged entity received") |
| 252 -- following code is adapted from mod_remote_roster | 288 -- following code is adapted from mod_remote_roster |
| 253 if not(usermanager_user_exists(from_node, from_host)) then return; end | 289 if not(usermanager_user_exists(from_node, from_host)) then return; end |
| 254 local roster = roster_manager.load_roster(from_node, from_host); | 290 local roster = roster_manager.load_roster(from_node, from_host) |
| 255 if not(roster) then return; end | 291 if not(roster) then return; end |
| 256 | 292 |
| 257 local query = stanza.tags[1]; | 293 local query = stanza.tags[1] |
| 258 for _, item in ipairs(query.tags) do | 294 for _, item in ipairs(query.tags) do |
| 259 if item.name == "item" | 295 if item.name == "item" |
| 260 and item.attr.xmlns == "jabber:iq:roster" and item.attr.jid | 296 and item.attr.xmlns == "jabber:iq:roster" and item.attr.jid |
| 261 -- Protection against overwriting roster.pending, until we move it | 297 -- Protection against overwriting roster.pending, until we move it |
| 262 and item.attr.jid ~= "pending" then | 298 and item.attr.jid ~= "pending" then |
| 263 | 299 |
| 264 local item_jid = jid.prep(item.attr.jid); | 300 local item_jid = jid.prep(item.attr.jid) |
| 265 local _, host, resource = jid.split(item_jid); | 301 local _, host, resource = jid.split(item_jid) |
| 266 if not resource then | 302 if not resource then |
| 267 if item_jid ~= stanza.attr.to then -- not self-item_jid | 303 if item_jid ~= stanza.attr.to then -- not self-item_jid |
| 268 if item.attr.subscription == "remove" then | 304 if item.attr.subscription == "remove" then |
| 269 local r_item = roster[item_jid]; | 305 local r_item = roster[item_jid] |
| 270 if r_item then | 306 if r_item then |
| 271 roster[item_jid] = nil; | 307 roster[item_jid] = nil |
| 272 if roster_manager.save_roster(from_node, from_host, roster) then | 308 if roster_manager.save_roster(from_node, from_host, roster) then |
| 273 session.send(st.reply(stanza)); | 309 session.send(st.reply(stanza)) |
| 274 roster_manager.roster_push(from_node, from_host, item_jid); | 310 roster_manager.roster_push(from_node, from_host, item_jid) |
| 275 else | 311 else |
| 276 roster[item_jid] = item; | 312 roster[item_jid] = item |
| 277 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster")); | 313 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster")) |
| 278 end | 314 end |
| 279 else | 315 else |
| 280 session.send(st.error_reply(stanza, "modify", "item-not-found")); | 316 session.send(st.error_reply(stanza, "modify", "item-not-found")) |
| 281 end | 317 end |
| 282 else | 318 else |
| 283 local subscription = item.attr.subscription; | 319 local subscription = item.attr.subscription |
| 284 if subscription ~= "both" and subscription ~= "to" and subscription ~= "from" and subscription ~= "none" then -- TODO error on invalid | 320 if subscription ~= "both" and subscription ~= "to" and subscription ~= "from" and subscription ~= "none" then -- TODO error on invalid |
| 285 subscription = roster[item_jid] and roster[item_jid].subscription or "none"; | 321 subscription = roster[item_jid] and roster[item_jid].subscription or "none" |
| 286 end | 322 end |
| 287 local r_item = {name = item.attr.name, groups = {}}; | 323 local r_item = {name = item.attr.name, groups = {}} |
| 288 if r_item.name == "" then r_item.name = nil; end | 324 if r_item.name == "" then r_item.name = nil; end |
| 289 r_item.subscription = subscription; | 325 r_item.subscription = subscription |
| 290 if subscription ~= "both" and subscription ~= "to" then | 326 if subscription ~= "both" and subscription ~= "to" then |
| 291 r_item.ask = roster[item_jid] and roster[item_jid].ask; | 327 r_item.ask = roster[item_jid] and roster[item_jid].ask |
| 292 end | 328 end |
| 293 for _, child in ipairs(item) do | 329 for _, child in ipairs(item) do |
| 294 if child.name == "group" then | 330 if child.name == "group" then |
| 295 local text = table.concat(child); | 331 local text = table.concat(child) |
| 296 if text and text ~= "" then | 332 if text and text ~= "" then |
| 297 r_item.groups[text] = true; | 333 r_item.groups[text] = true |
| 298 end | 334 end |
| 299 end | 335 end |
| 300 end | 336 end |
| 301 local olditem = roster[item_jid]; | 337 local olditem = roster[item_jid] |
| 302 roster[item_jid] = r_item; | 338 roster[item_jid] = r_item |
| 303 if roster_manager.save_roster(from_node, from_host, roster) then -- Ok, send success | 339 if roster_manager.save_roster(from_node, from_host, roster) then -- Ok, send success |
| 304 session.send(st.reply(stanza)); | 340 session.send(st.reply(stanza)) |
| 305 -- and push change to all resources | 341 -- and push change to all resources |
| 306 roster_manager.roster_push(from_node, from_host, item_jid); | 342 roster_manager.roster_push(from_node, from_host, item_jid) |
| 307 else -- Adding to roster failed | 343 else -- Adding to roster failed |
| 308 roster[item_jid] = olditem; | 344 roster[item_jid] = olditem |
| 309 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster")); | 345 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster")) |
| 310 end | 346 end |
| 311 end | 347 end |
| 312 else -- Trying to add self to roster | 348 else -- Trying to add self to roster |
| 313 session.send(st.error_reply(stanza, "cancel", "not-allowed")); | 349 session.send(st.error_reply(stanza, "cancel", "not-allowed")) |
| 314 end | 350 end |
| 315 else -- Invalid JID added to roster | 351 else -- Invalid JID added to roster |
| 316 module:log("warn", "resource: %s , host: %s", tostring(resource), tostring(host)) | 352 module:log("warn", "resource: %s , host: %s", tostring(resource), tostring(host)) |
| 317 session.send(st.error_reply(stanza, "modify", "bad-request")); -- FIXME what's the correct error? | 353 session.send(st.error_reply(stanza, "modify", "bad-request")); -- FIXME what's the correct error? |
| 318 end | 354 end |
| 319 else -- Roster set didn't include a single item, or its name wasn't 'item' | 355 else -- Roster set didn't include a single item, or its name wasn't 'item' |
| 320 session.send(st.error_reply(stanza, "modify", "bad-request")); | 356 session.send(st.error_reply(stanza, "modify", "bad-request")) |
| 321 end | 357 end |
| 322 end -- for loop end | 358 end -- for loop end |
| 323 -- end of code adapted from mod_remote_roster | 359 -- end of code adapted from mod_remote_roster |
| 324 else -- The permission is not granted | 360 else -- The permission is not granted |
| 325 module:log("warn", "Entity "..tostring(session.full_jid).." try to set roster without permission") | 361 module:log("warn", "Entity "..tostring(session.full_jid).." try to set roster without permission") |
| 326 session.send(st.error_reply(stanza, 'auth', 'forbidden')) | 362 session.send(st.error_reply(stanza, 'auth', 'forbidden')) |
| 327 end | 363 end |
| 328 | 364 |
| 329 return true | 365 return true |
| 330 end); | 366 end) |
| 331 | 367 |
| 332 | 368 |
| 333 --> message permission <-- | 369 --> message permission <-- |
| 334 | 370 |
| 335 local function clean_xmlns(node) | 371 local function clean_xmlns(node) |
| 336 -- Recursively remove "jabber:client" attribute from node. | 372 -- Recursively remove "jabber:client" attribute from node. |
| 337 -- In Prosody internal routing, xmlns should not be set. | 373 -- In Prosody internal routing, xmlns should not be set. |
| 338 -- Keeping xmlns would lead to issues like mod_smacks ignoring the outgoing stanza, | 374 -- Keeping xmlns would lead to issues like mod_smacks ignoring the outgoing stanza, |
| 339 -- so we remove all xmlns attributes with a value of "jabber:client" | 375 -- so we remove all xmlns attributes with a value of "jabber:client" |
| 340 if node.attr.xmlns == 'jabber:client' then | 376 if node.attr.xmlns == 'jabber:client' then |
| 341 for childnode in node:childtags() do | 377 for childnode in node:childtags() do |
| 342 clean_xmlns(childnode); | 378 clean_xmlns(childnode) |
| 343 end | 379 end |
| 344 node.attr.xmlns = nil; | 380 node.attr.xmlns = nil |
| 345 end | 381 end |
| 346 end | 382 end |
| 347 | 383 |
| 348 module:hook("message/host", function(event) | 384 module:hook("message/host", function(event) |
| 349 local session, stanza = event.origin, event.stanza; | 385 local session, stanza = event.origin, event.stanza |
| 350 local privilege_elt = stanza:get_child('privilege', _PRIV_ENT_NS) | 386 local privilege_elt = stanza:get_child('privilege', _PRIV_ENT_NS) |
| 351 if privilege_elt==nil then return; end | 387 if privilege_elt==nil then return; end |
| 352 local _, to_host = jid.split(stanza.attr.to) | 388 local _, to_host = jid.split(stanza.attr.to) |
| 353 local session_privileges = get_session_privileges(session, to_host) | 389 local session_privileges = get_session_privileges(session, to_host) |
| 354 | 390 |
| 355 if session_privileges and session_privileges.message=="outgoing" then | 391 if session_privileges and session_privileges.message=="outgoing" then |
| 356 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded" | 392 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded" |
| 357 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then | 393 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then |
| 358 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client') | 394 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client') |
| 359 if message_elt ~= nil then | 395 if message_elt ~= nil then |
| 360 local _, from_host, from_resource = jid.split(message_elt.attr.from) | 396 local _, from_host, from_resource = jid.split(message_elt.attr.from) |
| 361 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts | 397 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts |
| 362 clean_xmlns(message_elt); -- needed do to proper routing | 398 clean_xmlns(message_elt); -- needed do to proper routing |
| 363 -- at this point everything should be alright, we can send the message | 399 -- at this point everything should be alright, we can send the message |
| 364 prosody.core_route_stanza(nil, message_elt) | 400 prosody.core_route_stanza(nil, message_elt) |
| 365 else -- trying to send a message from a forbidden entity | 401 else -- trying to send a message from a forbidden entity |
| 366 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from)) | 402 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from)) |
| 367 session.send(st.error_reply(stanza, 'auth', 'forbidden')) | 403 session.send(st.error_reply(stanza, 'auth', 'forbidden')) |
| 368 end | 404 end |
| 369 else -- incorrect message child | 405 else -- incorrect message child |
| 370 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid forwarded <message/> element")); | 406 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid forwarded <message/> element")) |
| 371 end | 407 end |
| 372 else -- incorrect forwarded child | 408 else -- incorrect forwarded child |
| 373 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid <forwarded/> element")); | 409 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid <forwarded/> element")) |
| 374 end; | 410 end |
| 375 else -- The permission is not granted | 411 else -- The permission is not granted |
| 376 module:log("warn", "Entity "..tostring(session.full_jid).." try to send message without permission") | 412 module:log("warn", "Entity "..tostring(session.full_jid).." try to send message without permission") |
| 377 session.send(st.error_reply(stanza, 'auth', 'forbidden')) | 413 session.send(st.error_reply(stanza, 'auth', 'forbidden')) |
| 378 end | 414 end |
| 379 | 415 |
| 380 return true | 416 return true |
| 381 end); | 417 end) |
| 382 | 418 |
| 383 | 419 |
| 384 --> presence permission <-- | 420 --> presence permission <-- |
| 385 | 421 |
| 386 local function same_tags(tag1, tag2) | 422 local function same_tags(tag1, tag2) |
| 387 -- check if two tags are equivalent | 423 -- check if two tags are equivalent |
| 388 | 424 |
| 389 if tag1.name ~= tag2.name then return false; end | 425 if tag1.name ~= tag2.name then return false; end |
| 390 | 426 |
| 391 if #tag1 ~= #tag2 then return false; end | 427 if #tag1 ~= #tag2 then return false; end |
| 392 | 428 |
| 393 for name, value in pairs(tag1.attr) do | 429 for name, value in pairs(tag1.attr) do |
| 394 if tag2.attr[name] ~= value then return false; end | 430 if tag2.attr[name] ~= value then return false; end |
| 395 end | 431 end |
| 396 | 432 |
| 397 for i=1,#tag1 do | 433 for i=1,#tag1 do |
| 398 if type(tag1[i]) == "string" then | 434 if type(tag1[i]) == "string" then |
| 399 if tag1[i] ~= tag2[i] then return false; end | 435 if tag1[i] ~= tag2[i] then return false; end |
| 400 else | 436 else |
| 401 if not same_tags(tag1[i], tag2[i]) then return false; end | 437 if not same_tags(tag1[i], tag2[i]) then return false; end |
| 402 end | 438 end |
| 403 end | 439 end |
| 404 | 440 |
| 405 return true | 441 return true |
| 406 end | 442 end |
| 407 | 443 |
| 408 local function same_presences(presence1, presence2) | 444 local function same_presences(presence1, presence2) |
| 409 -- check that 2 <presence/> stanzas are equivalent (except for "to" attribute) | 445 -- check that 2 <presence/> stanzas are equivalent (except for "to" attribute) |
| 410 -- /!\ if the id change but everything else is equivalent, this method return false | 446 -- /!\ if the id change but everything else is equivalent, this method return false |
| 411 -- this behaviour may change in the future | 447 -- this behaviour may change in the future |
| 412 if presence1.attr.from ~= presence2.attr.from or presence1.attr.id ~= presence2.attr.id | 448 if presence1.attr.from ~= presence2.attr.from or presence1.attr.id ~= presence2.attr.id |
| 413 or presence1.attr.type ~= presence2.attr.type then | 449 or presence1.attr.type ~= presence2.attr.type then |
| 414 return false | 450 return false |
| 415 end | 451 end |
| 416 | 452 |
| 417 if presence1.attr.id and presence1.attr.id == presence2.attr.id then return true; end | 453 if presence1.attr.id and presence1.attr.id == presence2.attr.id then return true; end |
| 418 | 454 |
| 419 if #presence1 ~= #presence2 then return false; end | 455 if #presence1 ~= #presence2 then return false; end |
| 420 | 456 |
| 421 for i=1,#presence1 do | 457 for i=1,#presence1 do |
| 422 if type(presence1[i]) == "string" then | 458 if type(presence1[i]) == "string" then |
| 423 if presence1[i] ~= presence2[i] then return false; end | 459 if presence1[i] ~= presence2[i] then return false; end |
| 424 else | 460 else |
| 425 if not same_tags(presence1[i], presence2[i]) then return false; end | 461 if not same_tags(presence1[i], presence2[i]) then return false; end |
| 426 end | 462 end |
| 427 end | 463 end |
| 428 | 464 |
| 429 return true | 465 return true |
| 430 end | 466 end |
| 431 | 467 |
| 432 local function forward_presence(presence, to_jid) | 468 local function forward_presence(presence, to_jid) |
| 433 local presence_fwd = st.clone(presence) | 469 local presence_fwd = st.clone(presence) |
| 434 presence_fwd.attr.to = to_jid | 470 presence_fwd.attr.to = to_jid |
| 435 module:log("debug", "presence forwarded to "..to_jid..": "..tostring(presence_fwd)) | 471 module:log("debug", "presence forwarded to "..to_jid..": "..tostring(presence_fwd)) |
| 436 module:send(presence_fwd) | 472 module:send(presence_fwd) |
| 437 -- cache used to avoid to send several times the same stanza | 473 -- cache used to avoid to send several times the same stanza |
| 438 priv_session.last_presence = presence | 474 priv_session.last_presence = presence |
| 439 end | 475 end |
| 440 | 476 |
| 441 module:hook("presence/bare", function(event) | 477 module:hook("presence/bare", function(event) |
| 442 if presence_man_ent:empty() and presence_roster:empty() then return; end | 478 if presence_man_ent:empty() and presence_roster:empty() then return; end |
| 443 | 479 |
| 444 local stanza = event.stanza | 480 local stanza = event.stanza |
| 445 if stanza.attr.type == nil or stanza.attr.type == "unavailable" then | 481 if stanza.attr.type == nil or stanza.attr.type == "unavailable" then |
| 446 if not stanza.attr.to then | 482 if not stanza.attr.to then |
| 447 for entity in presence_man_ent:items() do | 483 for entity in presence_man_ent:items() do |
| 448 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end | 484 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end |
| 449 end | 485 end |
| 450 else -- directed presence | 486 else -- directed presence |
| 451 -- we ignore directed presences from our own host, as we already have them | 487 -- we ignore directed presences from our own host, as we already have them |
| 452 local _, from_host = jid.split(stanza.attr.from) | 488 local _, from_host = jid.split(stanza.attr.from) |
| 453 if hosts[from_host] then return; end | 489 if hosts[from_host] then return; end |
| 454 | 490 |
| 455 -- we don't send several time the same presence, as recommended in §7 #2 | 491 -- we don't send several time the same presence, as recommended in §7 #2 |
| 456 if priv_session.last_presence and same_presences(priv_session.last_presence, stanza) then | 492 if priv_session.last_presence and same_presences(priv_session.last_presence, stanza) then |
| 457 return | 493 return |
| 458 end | 494 end |
| 459 | 495 |
| 460 for entity in presence_roster:items() do | 496 for entity in presence_roster:items() do |
| 461 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end | 497 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end |
| 462 end | 498 end |
| 463 end | 499 end |
| 464 end | 500 end |
| 465 end, 150) | 501 end, 150) |
| 502 | |
| 503 --> IQ permission <-- | |
| 504 | |
| 505 module:hook("iq/bare/".._PRIV_ENT_NS..":privileged_iq", function(event) | |
| 506 local session, stanza = event.origin, event.stanza | |
| 507 if not stanza.attr.to then | |
| 508 -- we don't want stanzas addressed to /self | |
| 509 return | |
| 510 end | |
| 511 local from_node, from_host, from_resource = jid.split(stanza.attr.to) | |
| 512 | |
| 513 if from_resource ~= nil or not usermanager_user_exists(from_node, from_host) then | |
| 514 session.send( | |
| 515 st.error_reply( | |
| 516 stanza, | |
| 517 "auth", | |
| 518 "forbidden", | |
| 519 "wrapping <IQ> stanza recipient must be a bare JID of a local user" | |
| 520 ) | |
| 521 ) | |
| 522 return true | |
| 523 end | |
| 524 | |
| 525 local session_privileges = get_session_privileges(session, from_host) | |
| 526 | |
| 527 if session_privileges == nil then | |
| 528 session.send( | |
| 529 st.error_reply( | |
| 530 stanza, | |
| 531 "auth", | |
| 532 "forbidden", | |
| 533 "no privilege granted" | |
| 534 ) | |
| 535 ) | |
| 536 return true | |
| 537 end | |
| 538 | |
| 539 local iq_privileges = session_privileges["iq"] | |
| 540 if iq_privileges == nil then | |
| 541 session.send( | |
| 542 session.send(st.error_reply(stanza, "auth", "forbidden", "you are not allowed to send privileged <IQ> stanzas")) | |
| 543 ) | |
| 544 return true | |
| 545 end | |
| 546 | |
| 547 local privileged_iq = stanza:get_child("privileged_iq", _PRIV_ENT_NS) | |
| 548 | |
| 549 local wrapped_iq = privileged_iq.tags[1] | |
| 550 if wrapped_iq == nil then | |
| 551 session.send( | |
| 552 st.error_reply(stanza, "auth", "forbidden", "missing <IQ> stanza to send") | |
| 553 ) | |
| 554 return true | |
| 555 end | |
| 556 | |
| 557 if wrapped_iq.attr.xmlns ~= "jabber:client" then | |
| 558 session.send( | |
| 559 st.error_reply( | |
| 560 stanza, | |
| 561 "auth", | |
| 562 "forbidden", | |
| 563 'wrapped <IQ> must have a xmlns of "jabber:client"' | |
| 564 ) | |
| 565 ) | |
| 566 return true | |
| 567 end | |
| 568 | |
| 569 clean_xmlns(wrapped_iq) | |
| 570 | |
| 571 if #wrapped_iq.tags ~= 1 then | |
| 572 session.send( | |
| 573 st.error_reply( | |
| 574 stanza, | |
| 575 "auth", | |
| 576 "forbidden", | |
| 577 'invalid payload in wrapped <IQ>' | |
| 578 ) | |
| 579 ) | |
| 580 return true | |
| 581 end | |
| 582 | |
| 583 local payload = wrapped_iq.tags[1] | |
| 584 | |
| 585 local priv_ns = payload.attr.xmlns | |
| 586 if priv_ns == nil then | |
| 587 session.send( | |
| 588 st.error_reply(stanza, "auth", "forbidden", "xmlns not set in privileged <IQ>") | |
| 589 ) | |
| 590 return true | |
| 591 end | |
| 592 | |
| 593 local ns_perms = iq_privileges[priv_ns] | |
| 594 local iq_type = stanza.attr.type | |
| 595 if ns_perms == nil or iq_type == nil or not ns_perms[iq_type] then | |
| 596 session.send( | |
| 597 session.send(st.error_reply( | |
| 598 stanza, | |
| 599 "auth", | |
| 600 "forbidden", | |
| 601 "you are not allowed to send privileged <IQ> stanzas of this type and namespace") | |
| 602 ) | |
| 603 ) | |
| 604 return true | |
| 605 end | |
| 606 | |
| 607 if wrapped_iq.attr.from ~= nil and wrapped_iq.attr.from ~= stanza.attr.to then | |
| 608 session.send( | |
| 609 st.error_reply( | |
| 610 stanza, | |
| 611 "auth", | |
| 612 "forbidden", | |
| 613 'wrapped <IQ> "from" attribute is inconsistent with main <IQ> "to" attribute' | |
| 614 ) | |
| 615 ) | |
| 616 return true | |
| 617 end | |
| 618 | |
| 619 wrapped_iq.attr.from = stanza.attr.to | |
| 620 | |
| 621 if wrapped_iq.attr.to == nil then | |
| 622 session.send( | |
| 623 st.error_reply( | |
| 624 stanza, | |
| 625 "auth", | |
| 626 "forbidden", | |
| 627 'wrapped <IQ> "to" attribute is missing' | |
| 628 ) | |
| 629 ) | |
| 630 return true | |
| 631 end | |
| 632 | |
| 633 if wrapped_iq.attr.type ~= iq_type then | |
| 634 session.send( | |
| 635 st.error_reply( | |
| 636 stanza, | |
| 637 "auth", | |
| 638 "forbidden", | |
| 639 'invalid wrapped <IQ>: type mismatch' | |
| 640 ) | |
| 641 ) | |
| 642 return true | |
| 643 end | |
| 644 | |
| 645 if wrapped_iq.attr.id == nil then | |
| 646 session.send( | |
| 647 st.error_reply( | |
| 648 stanza, | |
| 649 "auth", | |
| 650 "forbidden", | |
| 651 'invalid wrapped <IQ>: missing "id" attribute' | |
| 652 ) | |
| 653 ) | |
| 654 return true | |
| 655 end | |
| 656 | |
| 657 -- at this point, wrapped_iq is considered valid, and privileged entity is allowed to send it | |
| 658 | |
| 659 module:send_iq(wrapped_iq) | |
| 660 :next(function (response) | |
| 661 local reply = st.reply(stanza); | |
| 662 response.stanza.attr.xmlns = 'jabber:client' | |
| 663 reply:tag("privilege", {xmlns = _PRIV_ENT_NS}) | |
| 664 :tag("forwarded", {xmlns = _FORWARDED_NS}) | |
| 665 :add_child(response.stanza) | |
| 666 session.send(reply) | |
| 667 end, | |
| 668 function(response) | |
| 669 module:log("error", "Error while sending privileged <IQ>: %s", response); | |
| 670 session.send( | |
| 671 st.error_reply( | |
| 672 stanza, | |
| 673 "cancel", | |
| 674 "internal-server-error" | |
| 675 ) | |
| 676 ) | |
| 677 end) | |
| 678 | |
| 679 return true | |
| 680 end) |
