Annotate

mod_sasl2_sm/mod_sasl2_sm.lua @ 5078:36d3f11724c8

mod_sasl2_fast: Implement rotation and invalidation
author Matthew Wild <mwild1@gmail.com>
date Sat, 15 Oct 2022 21:01:04 +0100
parent 5060:bc491065c221
child 5094:c92c87daa09e
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local st = require "util.stanza";
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local mod_smacks = module:depends("smacks");
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
5039
c0d243b27e64 mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace
Matthew Wild <mwild1@gmail.com>
parents: 5037
diff changeset
5 local xmlns_sasl2 = "urn:xmpp:sasl:2";
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local xmlns_sm = "urn:xmpp:sm:3";
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
8 -- Advertise what we can do
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
9
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
10 module:hook("advertise-sasl-features", function (event)
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local features = event.features;
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
12 features:tag("sm", { xmlns = xmlns_sm }):up();
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
13 end);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
14
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
15 module:hook("advertise-bind-features", function (event)
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
16 local features = event.features;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
17 features:tag("feature", { var = xmlns_sm }):up();
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 end);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth)
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 -- Cache action for future processing (after auth success)
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
22 session.sasl2_sm_request = auth:child_with_ns(xmlns_sm);
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 end, 100);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
25 -- SASL 2 integration (for resume)
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
26
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 module:hook("sasl2/c2s/success", function (event)
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 local session = event.session;
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
29 local sm_request = session.sasl2_sm_request;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
30 if not sm_request then return; end
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
31 session.sasl2_sm_request = nil;
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 local sm_result;
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
33 if sm_request.name ~= "resume" then return; end
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
34
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
35 local resumed, err = mod_smacks.do_resume(session, sm_request);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
36 if not resumed then
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
37 local h = err.context and err.context.h;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
38 sm_result = st.stanza("failed", { xmlns = xmlns_sm, h = h and ("%d"):format(h) or nil })
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
39 :add_error(err);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
40 else
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
41 event.session = resumed.session; -- Update to resumed session
5037
8a8100fff580 mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents: 5035
diff changeset
42 event.session.sasl2_sm_success = resumed; -- To be called after sending final SASL response
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
43 sm_result = st.stanza("resumed", { xmlns = xmlns_sm,
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
44 h = ("%d"):format(event.session.handled_stanza_count);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
45 previd = resumed.id; });
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 end
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
47
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 if sm_result then
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 event.success:add_child(sm_result);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 end
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
51 end, 110);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
52
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
53 -- Bind 2 integration (for enable)
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
54
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
55 module:hook("advertise-bind-features", function (event)
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
56 event.features:tag("feature", { var = xmlns_sm }):up();
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
57 end);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
58
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
59 module:hook("enable-bind-features", function (event)
5060
bc491065c221 mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents: 5039
diff changeset
60 local sm_enable = event.request:get_child("enable", xmlns_sm);
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
61 if not sm_enable then return; end
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
62
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
63 local sm_result;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
64 local enabled, err = mod_smacks.do_enable(event.session, sm_enable);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
65 if not enabled then
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
66 sm_result = st.stanza("failed", { xmlns = xmlns_sm })
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
67 :add_error(err);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
68 else
5037
8a8100fff580 mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents: 5035
diff changeset
69 event.session.sasl2_sm_success = enabled; -- To be called after sending final SASL response
5034
f7eaf73b8f30 mod_sasl2_sm: Fix typo
Matthew Wild <mwild1@gmail.com>
parents: 5030
diff changeset
70 sm_result = st.stanza("enabled", {
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
71 xmlns = xmlns_sm;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
72 id = enabled.id;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
73 resume = enabled.id and "1" or nil;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
74 max = enabled.resume_max;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
75 });
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
76 end
5035
baebe7452903 mod_sasl2_sm: Fix event field name
Matthew Wild <mwild1@gmail.com>
parents: 5034
diff changeset
77 event.result:add_child(sm_result);
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 end, 100);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
80 -- Finish and/or clean up after SASL 2 completed
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
81
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 module:hook("sasl2/c2s/success", function (event)
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 -- The authenticate response has already been sent at this point
5037
8a8100fff580 mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents: 5035
diff changeset
84 local success = event.session.sasl2_sm_success;
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
85 if success then
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
86 success.finish(); -- Finish enable/resume and sync stanzas
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 end
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 end, -1100);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 module:hook("sasl2/c2s/failure", function (event)
5030
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents: 5027
diff changeset
91 event.session.sasl2_sm_request = nil;
5026
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 end);