Software /
code /
prosody-modules
Annotate
mod_seclabels/mod_seclabels.lua @ 1204:fc42f8484451
mod_s2s_keysize_policy: Add note about required LuaSec patch
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 29 Sep 2013 19:11:29 +0200 |
parent | 981:020b5944a973 |
child | 1310:2df312eb816d |
rev | line source |
---|---|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
981
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
2 local xml = require "util.xml"; |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local xmlns_label = "urn:xmpp:sec-label:0"; |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
5 local xmlns_label_catalog = "urn:xmpp:sec-label:catalog:2"; |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
6 local xmlns_label_catalog_old = "urn:xmpp:sec-label:catalog:0"; -- COMPAT |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 module:add_feature(xmlns_label); |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
9 module:add_feature(xmlns_label_catalog); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
10 module:add_feature(xmlns_label_catalog_old); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
12 module:hook("account-disco-info", function(event) -- COMPAT |
266
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
13 local stanza = event.stanza; |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
14 stanza:tag('feature', {var=xmlns_label}):up(); |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
15 stanza:tag('feature', {var=xmlns_label_catalog}):up(); |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
16 end); |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
17 |
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
18 local default_labels = { |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
19 { |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
20 name = "Unclassified", |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
21 label = true, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
22 default = true, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
23 }, |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 Classified = { |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 SECRET = { color = "black", bgcolor = "aqua", label = "THISISSECRET" }; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 PUBLIC = { label = "THISISPUBLIC" }; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 }; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 }; |
937
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
29 local catalog_name = module:get_option_string("security_catalog_name", "Default"); |
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
30 local catalog_desc = module:get_option_string("security_catalog_desc", "My labels"); |
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
31 local labels = module:get_option("security_labels", default_labels); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
33 function handle_catalog_request(request) |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local catalog_request = request.stanza.tags[1]; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 local reply = st.reply(request.stanza) |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 :tag("catalog", { |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
37 xmlns = catalog_request.attr.xmlns, |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 to = catalog_request.attr.to, |
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
39 name = catalog_name, |
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
40 desc = catalog_desc |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 }); |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 local function add_labels(catalog, labels, selector) |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
44 local function add_item(item, name) |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
45 local name = name or item.name; |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
46 if item.label then |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
47 if catalog_request.attr.xmlns == xmlns_label_catalog then |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
48 catalog:tag("item", { |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
49 selector = selector..name, |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
50 default = item.default and "true" or nil, |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
51 }):tag("securitylabel", { xmlns = xmlns_label }) |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
52 else -- COMPAT |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
53 catalog:tag("securitylabel", { |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
54 xmlns = xmlns_label, |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
55 selector = selector..name, |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
56 default = item.default and "true" or nil, |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
57 }) |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
58 end |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
59 if item.display or item.color or item.bgcolor then |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
60 catalog:tag("displaymarking", { |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
61 fgcolor = item.color, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
62 bgcolor = item.bgcolor, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
63 }):text(item.display or name):up(); |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
64 end |
981
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
65 if item.label == true then |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
66 catalog:tag("label"):text(name):up(); |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
67 elseif type(item.label) == "string" then |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
68 -- TODO Do we need anything other than XML parsing? |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
69 if item.label:sub(1,1) == "<" then |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
70 catalog:tag("label"):add_child(xml.parse(item.label)):up(); |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
71 else |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
72 catalog:tag("label"):text(item.label):up(); |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
73 end |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
74 elseif type(item.label) == "table" then |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
75 catalog:tag("label"):add_child(item.label):up(); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 end |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
77 catalog:up(); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
78 if catalog_request.attr.xmlns == xmlns_label_catalog then |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
79 catalog:up(); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
80 end |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 else |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
82 add_labels(catalog, item, (selector or "")..name.."|"); |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
83 end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
84 end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
85 for i = 1,#labels do |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
86 add_item(labels[i]) |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
87 end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
88 for name, child in pairs(labels) do |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
89 if type(name) == "string" then |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
90 add_item(child, name) |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 end |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 end |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 end |
451
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
94 -- TODO query remote servers |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
95 --[[ FIXME later |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
96 labels = module:fire_event("sec-label-catalog", { |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
97 to = catalog_request.attr.to, |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
98 request = request; -- or just origin? |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
99 labels = labels; |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
100 }) or labels; |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
101 --]] |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
102 add_labels(reply, labels, ""); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 request.origin.send(reply); |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 return true; |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
105 end |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
106 module:hook("iq/host/"..xmlns_label_catalog..":catalog", handle_catalog_request); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
107 module:hook("iq/self/"..xmlns_label_catalog..":catalog", handle_catalog_request); -- COMPAT |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
108 module:hook("iq/self/"..xmlns_label_catalog_old..":catalog", handle_catalog_request); -- COMPAT |