Annotate

mod_flash_policy/mod_flash_policy.lua @ 5549:01a0b67a9afd

mod_http_oauth2: Add TODO about disabling password grant Per recommendation in draft-ietf-oauth-security-topics-23 it should at the very least be disabled by default. However since this is used by the Snikket web portal some care needs to be taken not to break this, unless it's already broken by other changes to this module.
author Kim Alvefur <zash@zash.se>
date Fri, 16 Jun 2023 00:06:53 +0200
parent 1343:7dbde05b48a9
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
1 local filters = require "util.filters";
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
2 local config = {}
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
3 config.file = module:get_option_string("crossdomain_file", "");
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
4 config.string = module:get_option_string("crossdomain_string", [[<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"/><allow-access-from domain="*" /></cross-domain-policy>]]);
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
5 local string = ''
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
6 if not config.file ~= '' then
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
7 local f = assert(io.open(config.file));
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
8 string = f:read("*all");
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
9 else
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
10 string = config.string
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
11 end
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
12
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
13 module:log("debug", "crossdomain string: "..string);
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
14
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
15 module:set_global();
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
16
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
17 function filter_policy(data, session)
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
18 -- Since we only want to check the first block of data, remove the filter
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
19 filters.remove_filter(session, "bytes/in", filter_policy);
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
20 if data == "<policy-file-request/>\0" then
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
21 session.send(string.."\0");
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
22 return nil; -- Drop data to prevent it reaching the XMPP parser
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
23 else
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
24 return data; -- Pass data through, it wasn't a policy request
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
25 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 395
diff changeset
26
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
27 end
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
28
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
29 function filter_session(session)
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
30 if session.type == "c2s_unauthed" then
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
31 filters.add_filter(session, "bytes/in", filter_policy, -1);
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
32 end
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
33 end
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
34
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
35 function module.load()
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
36 filters.add_filter_hook(filter_session);
394
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
37 end
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
38
4219f69be1cf Let session.send() actually send the config string
leonbogaert@gmail.com
parents: 379
diff changeset
39 function module.unload()
395
77ca0947647b Copied from bash :s
leonbogaert@gmail.com
parents: 394
diff changeset
40 filters.remove_filter_hook(filter_session);
379
eebc19c224fb Moved the file to a directory
leonbogaert
parents:
diff changeset
41 end