Annotate

mod_sift/mod_sift.lua @ 2782:8fd37f0e108c

mod_firewall: Don't interpret format specifiers in LOG May include untrusted input (e.g. $(stanza)), and there is no legitimate way to provide additional parameters anyway.
author Matthew Wild <mwild1@gmail.com>
date Wed, 04 Oct 2017 10:54:52 +0100
parent 1343:7dbde05b48a9
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 local st = require "util.stanza";
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3 local jid_bare = require "util.jid".bare;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5 -- advertise disco features
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 module:add_feature("urn:xmpp:sift:1");
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 -- supported features
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9 module:add_feature("urn:xmpp:sift:stanzas:iq");
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10 module:add_feature("urn:xmpp:sift:stanzas:message");
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11 module:add_feature("urn:xmpp:sift:stanzas:presence");
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12 module:add_feature("urn:xmpp:sift:recipients:all");
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13 module:add_feature("urn:xmpp:sift:senders:all");
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 -- allowed values of 'sender' and 'recipient' attributes
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16 local senders = {
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17 ["all"] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18 ["local"] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19 ["others"] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 ["remote"] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 ["self"] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 };
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 local recipients = {
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 ["all"] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 ["bare"] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 ["full"] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27 };
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 -- this function converts a <message/>, <presence/> or <iq/> element in
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30 -- the SIFT namespace into a hashtable, for easy lookup
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31 local function to_hashtable(element)
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32 if element ~= nil then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
33 local hash = {};
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
34 -- make sure the sender and recipient attributes has a valid value
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
35 hash.sender = element.attr.sender or "all";
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
36 if not senders[hash.sender] then return false; end -- bad value, returning false
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
37 hash.recipient = element.attr.recipient or "all";
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
38 if not recipients[hash.recipient] then return false; end -- bad value, returning false
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
39 -- next we loop over all <allow/> elements
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
40 for _, tag in ipairs(element) do
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
41 if tag.name == "allow" and tag.attr.xmlns == "urn:xmpp:sift:1" then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
42 -- make sure the element is valid
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43 if not tag.attr.name or not tag.attr.ns then return false; end -- missing required attributes, returning false
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 hash[tag.attr.ns.."|"..tag.attr.name] = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45 hash.allowed = true; -- just a flag indicating we have some elements allowed
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
47 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
48 return hash;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
51
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
52 local data = {}; -- table with all our data
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
53
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
54 -- handle SIFT set
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
55 module:hook("iq/self/urn:xmpp:sift:1:sift", function(event)
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
56 local origin, stanza = event.origin, event.stanza;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
57 if stanza.attr.type == "set" then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
58 local sifttag = stanza.tags[1]; -- <sift/>
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 142
diff changeset
59
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
60 -- first, get the elements we are interested in
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
61 local message = sifttag:get_child("message");
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
62 local presence = sifttag:get_child("presence");
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
63 local iq = sifttag:get_child("iq");
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 142
diff changeset
64
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
65 -- for quick lookup, convert the elements into hashtables
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
66 message = to_hashtable(message);
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
67 presence = to_hashtable(presence);
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
68 iq = to_hashtable(iq);
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 142
diff changeset
69
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
70 -- make sure elements were valid
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
71 if message == false or presence == false or iq == false then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
72 origin.send(st.error_reply(stanza, "modify", "bad-request"));
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
73 return true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
74 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 142
diff changeset
75
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
76 local existing = data[origin.full_jid] or {}; -- get existing data, if any
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
77 data[origin.full_jid] = { presence = presence, message = message, iq = iq }; -- store new data
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 142
diff changeset
78
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
79 origin.send(st.reply(stanza)); -- send back IQ result
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 142
diff changeset
80
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
81 if not existing.presence and not origin.presence and presence then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
82 -- TODO send probes
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
83 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
84 return true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
85 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
86 end);
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
87
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
88 -- handle user disconnect
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
89 module:hook("resource-unbind", function(event)
138
61e1203e9e66 mod_sift: Use event.session, and not event.origin in the resource-unbind handler.
Waqas Hussain <waqas20@gmail.com>
parents: 137
diff changeset
90 data[event.session.full_jid] = nil; -- discard data
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
91 end);
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
92
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
93 -- IQ handler
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
94 module:hook("iq/full", function(event)
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
95 local origin, stanza = event.origin, event.stanza;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
96 local siftdata = data[stanza.attr.to];
140
9a632cf13f51 mod_sift: Don't sift IQ errors and results.
Waqas Hussain <waqas20@gmail.com>
parents: 139
diff changeset
97 if stanza.attr.type == "get" or stanza.attr.type == "set" then
9a632cf13f51 mod_sift: Don't sift IQ errors and results.
Waqas Hussain <waqas20@gmail.com>
parents: 139
diff changeset
98 if siftdata and siftdata.iq then -- we seem to have an IQ filter
9a632cf13f51 mod_sift: Don't sift IQ errors and results.
Waqas Hussain <waqas20@gmail.com>
parents: 139
diff changeset
99 local tag = stanza.tags[1]; -- the IQ child
9a632cf13f51 mod_sift: Don't sift IQ errors and results.
Waqas Hussain <waqas20@gmail.com>
parents: 139
diff changeset
100 if not siftdata.iq[(tag.attr.xmlns or "jabber:client").."|"..tag.name] then
9a632cf13f51 mod_sift: Don't sift IQ errors and results.
Waqas Hussain <waqas20@gmail.com>
parents: 139
diff changeset
101 -- element not allowed; sending back generic error
9a632cf13f51 mod_sift: Don't sift IQ errors and results.
Waqas Hussain <waqas20@gmail.com>
parents: 139
diff changeset
102 origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
9a632cf13f51 mod_sift: Don't sift IQ errors and results.
Waqas Hussain <waqas20@gmail.com>
parents: 139
diff changeset
103 return true;
9a632cf13f51 mod_sift: Don't sift IQ errors and results.
Waqas Hussain <waqas20@gmail.com>
parents: 139
diff changeset
104 end
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
105 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
106 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
107 end, 50);
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
108
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
109 -- Message to full JID handler
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
110 module:hook("message/full", function(event)
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
111 local origin, stanza = event.origin, event.stanza;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
112 local siftdata = data[stanza.attr.to];
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
113 if siftdata and siftdata.message then -- we seem to have an message filter
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
114 local allowed = false;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
115 for _, childtag in ipairs(stanza.tags) do
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
116 if siftdata.message[(childtag.attr.xmlns or "jabber:client").."|"..childtag.name] then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
117 allowed = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
118 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
119 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
120 if not allowed then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
121 -- element not allowed; sending back generic error
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
122 origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
123 -- FIXME maybe send to offline storage
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
124 return true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
125 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
126 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
127 end, 50);
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
128
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
129 -- Message to bare JID handler
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
130 module:hook("message/bare", function(event)
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
131 local origin, stanza = event.origin, event.stanza;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
132 local user = bare_sessions[jid_bare(stanza.attr.to)];
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
133 local allowed = false;
142
f37de7e2ad14 mod_sift: Iterate on user sessions, not on the user itself, when sifting stanzas to bare JIDs.
Waqas Hussain <waqas20@gmail.com>
parents: 141
diff changeset
134 for _, session in pairs(user and user.sessions or {}) do
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
135 local siftdata = data[session.full_jid];
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
136 if siftdata and siftdata.message then -- we seem to have an message filter
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
137 for _, childtag in ipairs(stanza.tags) do
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
138 if siftdata.message[(childtag.attr.xmlns or "jabber:client").."|"..childtag.name] then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
139 allowed = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
140 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
141 end
141
b42a88eba9ba mod_sift: Don't disallow stanzas to bare JIDs when sifting is not in force for any resources.
Waqas Hussain <waqas20@gmail.com>
parents: 140
diff changeset
142 else
b42a88eba9ba mod_sift: Don't disallow stanzas to bare JIDs when sifting is not in force for any resources.
Waqas Hussain <waqas20@gmail.com>
parents: 140
diff changeset
143 allowed = true;
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
144 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
145 end
141
b42a88eba9ba mod_sift: Don't disallow stanzas to bare JIDs when sifting is not in force for any resources.
Waqas Hussain <waqas20@gmail.com>
parents: 140
diff changeset
146 if user and not allowed then
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
147 -- element not allowed; sending back generic error
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
148 origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
149 -- FIXME maybe send to offline storage
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
150 return true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
151 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
152 end, 50);
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
153
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
154 -- Presence to full JID handler
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
155 module:hook("presence/full", function(event)
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
156 local origin, stanza = event.origin, event.stanza;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
157 local siftdata = data[stanza.attr.to];
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
158 if siftdata and siftdata.presence then -- we seem to have an presence filter
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
159 local allowed = false;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
160 for _, childtag in ipairs(stanza.tags) do
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
161 if siftdata.presence[(childtag.attr.xmlns or "jabber:client").."|"..childtag.name] then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
162 allowed = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
163 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
164 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
165 if not allowed then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
166 -- element not allowed; sending back generic error
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
167 --origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
168 return true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
169 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
170 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
171 end, 50);
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
172
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
173 -- Presence to bare JID handler
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
174 module:hook("presence/bare", function(event)
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
175 local origin, stanza = event.origin, event.stanza;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
176 local user = bare_sessions[jid_bare(stanza.attr.to)];
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
177 local allowed = false;
142
f37de7e2ad14 mod_sift: Iterate on user sessions, not on the user itself, when sifting stanzas to bare JIDs.
Waqas Hussain <waqas20@gmail.com>
parents: 141
diff changeset
178 for _, session in pairs(user and user.sessions or {}) do
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
179 local siftdata = data[session.full_jid];
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
180 if siftdata and siftdata.presence then -- we seem to have an presence filter
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
181 for _, childtag in ipairs(stanza.tags) do
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
182 if siftdata.presence[(childtag.attr.xmlns or "jabber:client").."|"..childtag.name] then
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
183 allowed = true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
184 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
185 end
141
b42a88eba9ba mod_sift: Don't disallow stanzas to bare JIDs when sifting is not in force for any resources.
Waqas Hussain <waqas20@gmail.com>
parents: 140
diff changeset
186 else
b42a88eba9ba mod_sift: Don't disallow stanzas to bare JIDs when sifting is not in force for any resources.
Waqas Hussain <waqas20@gmail.com>
parents: 140
diff changeset
187 allowed = true;
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
188 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
189 end
141
b42a88eba9ba mod_sift: Don't disallow stanzas to bare JIDs when sifting is not in force for any resources.
Waqas Hussain <waqas20@gmail.com>
parents: 140
diff changeset
190 if user and not allowed then
137
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
191 -- element not allowed; sending back generic error
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
192 --origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
193 return true;
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
194 end
34a3ec3e7dc3 mod_sift: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
195 end, 50);