Mercurial > prosody-modules
comparison mod_privilege/mod_privilege.lua @ 1657:7116bc76663b
mod_privilege: mod_privilege first draft
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 27 Mar 2015 13:26:28 +0100 |
| parents | |
| children | 1146cb4493a9 |
comparison
equal
deleted
inserted
replaced
| 1656:98a186874806 | 1657:7116bc76663b |
|---|---|
| 1 local jid = require("util/jid") | |
| 2 local set = require("util/set") | |
| 3 local st = require("util/stanza") | |
| 4 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) | |
| 5 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) | |
| 6 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) | |
| 7 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} | |
| 8 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' | |
| 9 | |
| 10 module:log("info", "Loading privileged entity module "); | |
| 11 | |
| 12 privileges = module:get_option("privileged_entities", {}) | |
| 13 | |
| 14 module:log("warn", "Connection, HOST="..tostring(module:get_host()).." ("..tostring(module:get_host_type())..")") | |
| 15 | |
| 16 function advertise_perm(to_jid, perms) | |
| 17 -- send <message/> stanza to advertise permissions | |
| 18 -- as expained in section 4.2 | |
| 19 local message = st.message({to=to_jid}) | |
| 20 :tag("privilege", {xmlns=_PRIV_ENT_NS}) | |
| 21 | |
| 22 for _, perm in pairs({'roster', 'message', 'presence'}) do | |
| 23 if perms[perm] then | |
| 24 message:tag("perm", {access=perm, type=perms[perm]}):up() | |
| 25 end | |
| 26 end | |
| 27 | |
| 28 module:send(message) | |
| 29 end | |
| 30 | |
| 31 function on_auth(event) | |
| 32 -- Check if entity is privileged according to configuration, | |
| 33 -- and set session.privileges accordingly | |
| 34 | |
| 35 local session = event.session | |
| 36 local bare_jid = jid.join(session.username, session.host) | |
| 37 module:log("info", "======>>> on_auth, type="..tostring(event.session.type)..", jid="..tostring(bare_jid)); | |
| 38 | |
| 39 local ent_priv = privileges[bare_jid] | |
| 40 if ent_priv ~= nil then | |
| 41 module:log("debug", "Entity is privileged") | |
| 42 for perm_type, allowed_values in pairs(_TO_CHECK) do | |
| 43 local value = ent_priv[perm_type] | |
| 44 if value ~= nil then | |
| 45 if not allowed_values:contains(value) then | |
| 46 module:log('warn', 'Invalid value for '..perm_type..' privilege: ['..value..']') | |
| 47 module:log('warn', 'Setting '..perm_type..' privilege to none') | |
| 48 ent_priv[perm_type] = nil | |
| 49 end | |
| 50 if value == 'none' then | |
| 51 ent_priv[perm_type] = nil | |
| 52 end | |
| 53 end | |
| 54 end | |
| 55 if session.type == "component" then | |
| 56 -- we send the message stanza only for component | |
| 57 -- it will be sent at first <presence/> for other entities | |
| 58 advertise_perm(bare_jid, ent_priv) | |
| 59 end | |
| 60 end | |
| 61 | |
| 62 session.privileges = ent_priv | |
| 63 end | |
| 64 | |
| 65 module:hook('authentication-success', on_auth) | |
| 66 module:hook('component-authenticated', on_auth) |
