Software /
code /
prosody-modules
Annotate
mod_sasl2_bind2/mod_sasl2_bind2.lua @ 5065:368bf9b06484
mod_block_registrations: Expand default list of blocked usernames (RFC 2142)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 13 Oct 2022 22:51:41 +0100 |
parent | 5060:bc491065c221 |
child | 5093:f2dfbcc676a6 |
rev | line source |
---|---|
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local base64 = require "util.encodings".base64; |
5047
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
2 local id = require "util.id"; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local sha1 = require "util.hashes".sha1; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local st = require "util.stanza"; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local sm_bind_resource = require "core.sessionmanager".bind_resource; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
5045
6db64f64c8c9
mod_sasl2_bind2: Update xmlns to match latest XEP proposal (thanks Andrzej)
Matthew Wild <mwild1@gmail.com>
parents:
5044
diff
changeset
|
8 local xmlns_bind2 = "urn:xmpp:bind:0"; |
5039
c0d243b27e64
mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace
Matthew Wild <mwild1@gmail.com>
parents:
5037
diff
changeset
|
9 local xmlns_sasl2 = "urn:xmpp:sasl:2"; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 -- Advertise what we can do |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
13 module:hook("advertise-sasl-features", function(event) |
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
14 local bind = st.stanza("bind", { xmlns = xmlns_bind2 }); |
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
15 local inline = st.stanza("inline"); |
5044
f64d834ba744
mod_sasl2, mod_sasl2_bind2: rename event.session -> .origin for consistency
Matthew Wild <mwild1@gmail.com>
parents:
5043
diff
changeset
|
16 module:fire_event("advertise-bind-features", { origin = event.origin, features = inline }); |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
17 bind:add_direct_child(inline); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
19 event.features:add_direct_child(bind); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end, 1); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 -- Helper to actually bind a resource to a session |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 local function do_bind(session, bind_request) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 local resource; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
5047
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
27 local client_name_tag = bind_request:get_child_text("tag"); |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
28 if client_name_tag then |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
29 local client_id = session.client_id; |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
30 local tag_suffix = client_id and base64.encode(sha1(client_id):sub(1, 9)) or id.medium(); |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
31 resource = ("%s~%s"):format(client_name_tag, tag_suffix); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local success, err_type, err, err_msg = sm_bind_resource(session, resource); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 if not success then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 session.log("debug", "Resource bind failed: %s", err_msg or err); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 return nil, { type = err_type, condition = err, text = err_msg }; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 session.log("debug", "Resource bound: %s", session.full_jid); |
5046
904dde7be981
mod_sasl2_bind2: Remove deprecated <jid> element from <bound>
Matthew Wild <mwild1@gmail.com>
parents:
5045
diff
changeset
|
41 return st.stanza("bound", { xmlns = xmlns_bind2 }); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 -- Enable inline features requested by the client |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 local function enable_features(session, bind_request, bind_result) |
5033
9afd98178011
mod_sasl2_bind2: Fix event name
Matthew Wild <mwild1@gmail.com>
parents:
5032
diff
changeset
|
47 module:fire_event("enable-bind-features", { |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 session = session; |
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5047
diff
changeset
|
49 request = bind_request; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 result = bind_result; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 }); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 -- SASL 2 integration |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 -- Cache action for future processing (after auth success) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 session.sasl2_bind_request = auth:child_with_ns(xmlns_bind2); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 end, 100); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 module:hook("sasl2/c2s/success", function (event) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 local session = event.session; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 local bind_request = session.sasl2_bind_request; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 if not bind_request then return; end -- No bind requested |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 session.sasl2_bind_request = nil; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 |
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5036
diff
changeset
|
68 local sm_success = session.sasl2_sm_success; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 if sm_success and sm_success.type == "resumed" then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 return; -- No need to bind a resource |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 local bind_result, err = do_bind(session, bind_request); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 if not bind_result then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 bind_result = st.stanza("failed", { xmlns = xmlns_bind2 }) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 :add_error(err); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 else |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 enable_features(session, bind_request, bind_result); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 event.success:add_child(bind_result); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 end, 100); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 -- Inline features |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 module:hook("advertise-bind-features", function (event) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 local features = event.features; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 features:tag("feature", { var = "urn:xmpp:carbons:2" }):up(); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 features:tag("feature", { var = "urn:xmpp:csi:0" }):up(); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 end); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 module:hook("enable-bind-features", function (event) |
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5047
diff
changeset
|
93 local session, request = event.session, event.request; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 -- Carbons |
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5047
diff
changeset
|
96 if request:get_child("enable", "urn:xmpp:carbons:2") then |
5036
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
97 session.want_carbons = true; |
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
98 event.result:tag("enabled", { xmlns = "urn:xmpp:carbons:2" }):up(); |
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
99 end |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 -- CSI |
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5047
diff
changeset
|
102 local csi_state_tag = request:child_with_ns("urn:xmpp:csi:0"); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 if csi_state_tag then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 session.state = csi_state_tag.name; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 end, 10); |