Software /
code /
prosody-modules
Annotate
mod_sasl2_bind2/mod_sasl2_bind2.lua @ 5055:3b609eaf0db5
mod_cloud_notify_encrypted: Add debug logging when successfully encrypted
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 24 Sep 2022 08:00:55 +0100 |
parent | 5047:023f21bfcc08 |
child | 5060:bc491065c221 |
rev | line source |
---|---|
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local base64 = require "util.encodings".base64; |
5047
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
2 local id = require "util.id"; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local sha1 = require "util.hashes".sha1; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local st = require "util.stanza"; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local sm_bind_resource = require "core.sessionmanager".bind_resource; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
5045
6db64f64c8c9
mod_sasl2_bind2: Update xmlns to match latest XEP proposal (thanks Andrzej)
Matthew Wild <mwild1@gmail.com>
parents:
5044
diff
changeset
|
8 local xmlns_bind2 = "urn:xmpp:bind:0"; |
5039
c0d243b27e64
mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace
Matthew Wild <mwild1@gmail.com>
parents:
5037
diff
changeset
|
9 local xmlns_sasl2 = "urn:xmpp:sasl:2"; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 -- Advertise what we can do |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
13 module:hook("advertise-sasl-features", function(event) |
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
14 local bind = st.stanza("bind", { xmlns = xmlns_bind2 }); |
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
15 local inline = st.stanza("inline"); |
5044
f64d834ba744
mod_sasl2, mod_sasl2_bind2: rename event.session -> .origin for consistency
Matthew Wild <mwild1@gmail.com>
parents:
5043
diff
changeset
|
16 module:fire_event("advertise-bind-features", { origin = event.origin, features = inline }); |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
17 bind:add_direct_child(inline); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
19 event.features:add_direct_child(bind); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end, 1); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 -- Helper to actually bind a resource to a session |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 local function do_bind(session, bind_request) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 local resource; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
5047
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
27 local client_name_tag = bind_request:get_child_text("tag"); |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
28 if client_name_tag then |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
29 local client_id = session.client_id; |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
30 local tag_suffix = client_id and base64.encode(sha1(client_id):sub(1, 9)) or id.medium(); |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
31 resource = ("%s~%s"):format(client_name_tag, tag_suffix); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local success, err_type, err, err_msg = sm_bind_resource(session, resource); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 if not success then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 session.log("debug", "Resource bind failed: %s", err_msg or err); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 return nil, { type = err_type, condition = err, text = err_msg }; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 session.log("debug", "Resource bound: %s", session.full_jid); |
5046
904dde7be981
mod_sasl2_bind2: Remove deprecated <jid> element from <bound>
Matthew Wild <mwild1@gmail.com>
parents:
5045
diff
changeset
|
41 return st.stanza("bound", { xmlns = xmlns_bind2 }); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 -- Enable inline features requested by the client |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 local function enable_features(session, bind_request, bind_result) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 local features = bind_request:get_child("features"); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 if not features then return; end |
5033
9afd98178011
mod_sasl2_bind2: Fix event name
Matthew Wild <mwild1@gmail.com>
parents:
5032
diff
changeset
|
49 module:fire_event("enable-bind-features", { |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 session = session; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 features = features; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 result = bind_result; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 }); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 -- SASL 2 integration |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 -- Cache action for future processing (after auth success) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 session.sasl2_bind_request = auth:child_with_ns(xmlns_bind2); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 end, 100); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 module:hook("sasl2/c2s/success", function (event) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 local session = event.session; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 local bind_request = session.sasl2_bind_request; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 if not bind_request then return; end -- No bind requested |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 session.sasl2_bind_request = nil; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 |
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5036
diff
changeset
|
70 local sm_success = session.sasl2_sm_success; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 if sm_success and sm_success.type == "resumed" then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 return; -- No need to bind a resource |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 local bind_result, err = do_bind(session, bind_request); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 if not bind_result then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 bind_result = st.stanza("failed", { xmlns = xmlns_bind2 }) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 :add_error(err); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 else |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 enable_features(session, bind_request, bind_result); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 event.success:add_child(bind_result); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 end, 100); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 -- Inline features |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 module:hook("advertise-bind-features", function (event) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 local features = event.features; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 features:tag("feature", { var = "urn:xmpp:carbons:2" }):up(); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 features:tag("feature", { var = "urn:xmpp:csi:0" }):up(); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 end); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 module:hook("enable-bind-features", function (event) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 local session, features = event.session, event.features; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 -- Carbons |
5036
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
98 if features:get_child("enable", "urn:xmpp:carbons:2") then |
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
99 session.want_carbons = true; |
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
100 event.result:tag("enabled", { xmlns = "urn:xmpp:carbons:2" }):up(); |
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
101 end |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 -- CSI |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 local csi_state_tag = features:child_with_ns("urn:xmpp:csi:0"); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 if csi_state_tag then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 session.state = csi_state_tag.name; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 end, 10); |