Software /
code /
prosody-modules
Annotate
mod_sasl2_bind2/mod_sasl2_bind2.lua @ 5160:8474a3b80200
mod_firewall: Fix 'is_admin' internal dependency rule #1797 (thanks diane)
Looks like the boolean logic was inverted here. Instead, for now,
simply check if is_admin is there. It is deprecated in trunk and was
briefly removed before being brought back with a 'deprecated' warning as
part of the new roles and permissions work. Making this dependency
conditioned on the existence of the underlying function should make it
work until it actually goes away for real.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 27 Jan 2023 23:06:25 +0100 |
parent | 5093:f2dfbcc676a6 |
child | 5180:6361afcda1a3 |
rev | line source |
---|---|
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local base64 = require "util.encodings".base64; |
5047
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
2 local id = require "util.id"; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local sha1 = require "util.hashes".sha1; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local st = require "util.stanza"; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local sm_bind_resource = require "core.sessionmanager".bind_resource; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
5045
6db64f64c8c9
mod_sasl2_bind2: Update xmlns to match latest XEP proposal (thanks Andrzej)
Matthew Wild <mwild1@gmail.com>
parents:
5044
diff
changeset
|
8 local xmlns_bind2 = "urn:xmpp:bind:0"; |
5039
c0d243b27e64
mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace
Matthew Wild <mwild1@gmail.com>
parents:
5037
diff
changeset
|
9 local xmlns_sasl2 = "urn:xmpp:sasl:2"; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
5093
f2dfbcc676a6
mod_sasl2_bind2: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5060
diff
changeset
|
11 module:depends("sasl2"); |
f2dfbcc676a6
mod_sasl2_bind2: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5060
diff
changeset
|
12 |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 -- Advertise what we can do |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
15 module:hook("advertise-sasl-features", function(event) |
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
16 local bind = st.stanza("bind", { xmlns = xmlns_bind2 }); |
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
17 local inline = st.stanza("inline"); |
5044
f64d834ba744
mod_sasl2, mod_sasl2_bind2: rename event.session -> .origin for consistency
Matthew Wild <mwild1@gmail.com>
parents:
5043
diff
changeset
|
18 module:fire_event("advertise-bind-features", { origin = event.origin, features = inline }); |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
19 bind:add_direct_child(inline); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
5043
17b87fffdb91
mod_sasl2_bind2: Move <inline> into <bind> feature element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
21 event.features:add_direct_child(bind); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 end, 1); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 -- Helper to actually bind a resource to a session |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 local function do_bind(session, bind_request) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local resource; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
5047
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
29 local client_name_tag = bind_request:get_child_text("tag"); |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
30 if client_name_tag then |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
31 local client_id = session.client_id; |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
32 local tag_suffix = client_id and base64.encode(sha1(client_id):sub(1, 9)) or id.medium(); |
023f21bfcc08
mod_sasl2_bind2: Generate resource from client tag if provided
Matthew Wild <mwild1@gmail.com>
parents:
5046
diff
changeset
|
33 resource = ("%s~%s"):format(client_name_tag, tag_suffix); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 local success, err_type, err, err_msg = sm_bind_resource(session, resource); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 if not success then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 session.log("debug", "Resource bind failed: %s", err_msg or err); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 return nil, { type = err_type, condition = err, text = err_msg }; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 session.log("debug", "Resource bound: %s", session.full_jid); |
5046
904dde7be981
mod_sasl2_bind2: Remove deprecated <jid> element from <bound>
Matthew Wild <mwild1@gmail.com>
parents:
5045
diff
changeset
|
43 return st.stanza("bound", { xmlns = xmlns_bind2 }); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 -- Enable inline features requested by the client |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 local function enable_features(session, bind_request, bind_result) |
5033
9afd98178011
mod_sasl2_bind2: Fix event name
Matthew Wild <mwild1@gmail.com>
parents:
5032
diff
changeset
|
49 module:fire_event("enable-bind-features", { |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 session = session; |
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5047
diff
changeset
|
51 request = bind_request; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 result = bind_result; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 }); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 -- SASL 2 integration |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 -- Cache action for future processing (after auth success) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 session.sasl2_bind_request = auth:child_with_ns(xmlns_bind2); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 end, 100); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 module:hook("sasl2/c2s/success", function (event) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 local session = event.session; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 local bind_request = session.sasl2_bind_request; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 if not bind_request then return; end -- No bind requested |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 session.sasl2_bind_request = nil; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 |
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5036
diff
changeset
|
70 local sm_success = session.sasl2_sm_success; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 if sm_success and sm_success.type == "resumed" then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 return; -- No need to bind a resource |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 local bind_result, err = do_bind(session, bind_request); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 if not bind_result then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 bind_result = st.stanza("failed", { xmlns = xmlns_bind2 }) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 :add_error(err); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 else |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 enable_features(session, bind_request, bind_result); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 event.success:add_child(bind_result); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 end, 100); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 -- Inline features |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 module:hook("advertise-bind-features", function (event) |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 local features = event.features; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 features:tag("feature", { var = "urn:xmpp:carbons:2" }):up(); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 features:tag("feature", { var = "urn:xmpp:csi:0" }):up(); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 end); |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 module:hook("enable-bind-features", function (event) |
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5047
diff
changeset
|
95 local session, request = event.session, event.request; |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 -- Carbons |
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5047
diff
changeset
|
98 if request:get_child("enable", "urn:xmpp:carbons:2") then |
5036
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
99 session.want_carbons = true; |
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
100 event.result:tag("enabled", { xmlns = "urn:xmpp:carbons:2" }):up(); |
9ef5625d0d39
mod_sasl2_bind2: Indicate to the client when carbons has been enabled
Matthew Wild <mwild1@gmail.com>
parents:
5033
diff
changeset
|
101 end |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 -- CSI |
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5047
diff
changeset
|
104 local csi_state_tag = request:child_with_ns("urn:xmpp:csi:0"); |
5029
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 if csi_state_tag then |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 session.state = csi_state_tag.name; |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 end |
56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 end, 10); |