Annotate

mod_bind2/mod_bind2.lua @ 5771:dfbced5e54b9

mod_audit_auth: Ignore FAST authentication events by default FAST is more like a cookie that allows linking new connections to a previous (e.g. password) authentication. Since we assume that FAST tokens are secure (not user generated) and not shareable, it reduces a lot of noise by filtering out uninteresting authentication events.
author Matthew Wild <mwild1@gmail.com>
date Fri, 01 Dec 2023 11:34:52 +0000
parent 4797:1539ae696613
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4793
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local mm = require "core.modulemanager";
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 local sm = require "core.sessionmanager";
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
4795
8849b4f68534 mod_bind2: Add missing missing SASL2 namespace [luacheck]
Kim Alvefur <zash@zash.se>
parents: 4794
diff changeset
4 local xmlns_sasl2 --[[<const>]] = "urn:xmpp:sasl:1";
4793
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local xmlns_bind2 --[[<const>]] = "urn:xmpp:bind2:0";
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local xmlns_carbons --[[<const>]] = "urn:xmpp:carbons:2";
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 module:depends("sasl2");
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 module:depends("carbons");
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
4794
d17a1581ea30 mod_bind2: Advertise stream feature
Kim Alvefur <zash@zash.se>
parents: 4793
diff changeset
11 module:hook("stream-features", function(event)
d17a1581ea30 mod_bind2: Advertise stream feature
Kim Alvefur <zash@zash.se>
parents: 4793
diff changeset
12 local origin, features = event.origin, event.features;
d17a1581ea30 mod_bind2: Advertise stream feature
Kim Alvefur <zash@zash.se>
parents: 4793
diff changeset
13 if origin.type ~= "c2s_unauthed" then return end
d17a1581ea30 mod_bind2: Advertise stream feature
Kim Alvefur <zash@zash.se>
parents: 4793
diff changeset
14 features:tag("bind", xmlns_bind2):up();
d17a1581ea30 mod_bind2: Advertise stream feature
Kim Alvefur <zash@zash.se>
parents: 4793
diff changeset
15 end);
d17a1581ea30 mod_bind2: Advertise stream feature
Kim Alvefur <zash@zash.se>
parents: 4793
diff changeset
16
4793
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth)
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 session.bind2 = auth:get_child("bind", xmlns_bind2);
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 end, 1);
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 module:hook("sasl2/c2s/success", function (event)
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 local session = event.session;
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 if not session.bind2 then return end
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 -- When it receives a bind 2.0 on an authenticated not-yet-bound session, the
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 -- server MUST:
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 -- Clear the offline messages for this user, if any, without sending them (as
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 -- they will be provided by MAM).
4797
1539ae696613 mod_bind2: Silence [luacheck] warning
Kim Alvefur <zash@zash.se>
parents: 4795
diff changeset
30 if mm.is_loaded(module.host, "offline") then -- luacheck: ignore 542
4793
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 -- TODO
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 end
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 -- Perform resource binding to a random resource (see 6120)
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 if not sm.bind_resource(session, nil) then
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 -- FIXME How should this be handled even?
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 session:close("reset");
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 return true;
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 end
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 -- Work out which contacts have unread messages in the user's MAM archive,
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 -- how many, and what the id of the last read message is
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 -- XXX How do we know what the last read message was?
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 -- TODO archive:summary(session.username, { after = ??? });
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 -- Get the id of the newest stanza in the user's MAM archive
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 -- TODO archive:find(session.username, { reverse = true, limit = 1 });
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 -- Silently enable carbons for this session
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 session.carbons = xmlns_carbons;
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 -- After processing the bind stanza, as above, the server MUST respond with
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 -- an element of type 'bound' in the namespace 'urn:xmpp:bind2:0', as in the
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 -- below example
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 event.success:tag("bound", xmlns_bind2):text_tag("jid", session.full_jid):up();
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 session.bind2 = nil;
aaa6f412dce3 mod_bind2: Experimental implementation of XEP-0386: Bind 2.0
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 end);