prosody-modules
56b9f0b1409f
mod_sasl2_bind2/mod_sasl2_bind2.lua
Software / code / prosody-modules
Comparison
mod_sasl2_bind2/mod_sasl2_bind2.lua @ 5029:56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
This is based on an experimental in-progress derivative of the current
XEP-0386.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 02 Sep 2022 16:22:11 +0100 |
| child | 5031:62cdd8170563 |
comparison
equal
deleted
inserted
replaced
| 5028:1f2d2bfd29dd | 5029:56b9f0b1409f |
|---|---|
| 1 local base64 = require "util.encodings".base64; | |
| 2 local sha1 = require "util.hashes".sha1; | |
| 3 local st = require "util.stanza"; | |
| 4 | |
| 5 local sm_bind_resource = require "core.sessionmanager".bind_resource; | |
| 6 | |
| 7 local xmlns_bind2 = "urn:xmpp:bind2:1"; | |
| 8 local xmlns_sasl2 = "urn:xmpp:sasl2:1"; | |
| 9 | |
| 10 -- Advertise what we can do | |
| 11 | |
| 12 module:hook("stream-features", function(event) | |
| 13 local origin, features = event.origin, event.features; | |
| 14 | |
| 15 if origin.type ~= "c2s_unauthed" then | |
| 16 return; | |
| 17 end | |
| 18 | |
| 19 local inline = st.stanza("inline", { xmlns = xmlns_bind2 }); | |
| 20 module:fire_event("advertise-bind-features", { origin = origin, features = inline }); | |
| 21 features:add_direct_child(inline); | |
| 22 end, 1); | |
| 23 | |
| 24 module:hook("advertise-sasl-features", function(event) | |
| 25 event.features:tag("bind", { xmlns = xmlns_bind2 }):up(); | |
| 26 end, 1); | |
| 27 | |
| 28 -- Helper to actually bind a resource to a session | |
| 29 | |
| 30 local function do_bind(session, bind_request) | |
| 31 local resource; | |
| 32 | |
| 33 local client_id_tag = bind_request:get_child("client-id"); | |
| 34 local client_id = client_id_tag and client_id_tag:text() or session.client_id; | |
| 35 if client_id and client_id ~= "" then | |
| 36 local tag = client_id_tag and client_id_tag.attr.tag or "client"; | |
| 37 resource = ("%s~%s"):format(tag, base64.encode(sha1(client_id):sub(1, 9))); | |
| 38 end | |
| 39 | |
| 40 local success, err_type, err, err_msg = sm_bind_resource(session, resource); | |
| 41 if not success then | |
| 42 session.log("debug", "Resource bind failed: %s", err_msg or err); | |
| 43 return nil, { type = err_type, condition = err, text = err_msg }; | |
| 44 end | |
| 45 | |
| 46 session.log("debug", "Resource bound: %s", session.full_jid); | |
| 47 return st.stanza("bound", { xmlns = xmlns_bind2 }) | |
| 48 :text_tag("jid", session.full_jid) | |
| 49 end | |
| 50 | |
| 51 -- Enable inline features requested by the client | |
| 52 | |
| 53 local function enable_features(session, bind_request, bind_result) | |
| 54 local features = bind_request:get_child("features"); | |
| 55 if not features then return; end | |
| 56 module:fire_event("process-bind-features", { | |
| 57 session = session; | |
| 58 features = features; | |
| 59 result = bind_result; | |
| 60 }); | |
| 61 end | |
| 62 | |
| 63 -- SASL 2 integration | |
| 64 | |
| 65 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) | |
| 66 -- Cache action for future processing (after auth success) | |
| 67 session.sasl2_bind_request = auth:child_with_ns(xmlns_bind2); | |
| 68 end, 100); | |
| 69 | |
| 70 module:hook("sasl2/c2s/success", function (event) | |
| 71 local session = event.session; | |
| 72 | |
| 73 local bind_request = session.sasl2_bind_request; | |
| 74 if not bind_request then return; end -- No bind requested | |
| 75 session.sasl2_bind_request = nil; | |
| 76 | |
| 77 local sm_success = event.sasl2_sm_success; | |
| 78 if sm_success and sm_success.type == "resumed" then | |
| 79 return; -- No need to bind a resource | |
| 80 end | |
| 81 | |
| 82 local bind_result, err = do_bind(session, bind_request); | |
| 83 if not bind_result then | |
| 84 bind_result = st.stanza("failed", { xmlns = xmlns_bind2 }) | |
| 85 :add_error(err); | |
| 86 else | |
| 87 enable_features(session, bind_request, bind_result); | |
| 88 end | |
| 89 | |
| 90 event.success:add_child(bind_result); | |
| 91 end, 100); | |
| 92 | |
| 93 -- Inline features | |
| 94 | |
| 95 module:hook("advertise-bind-features", function (event) | |
| 96 local features = event.features; | |
| 97 features:tag("feature", { var = "urn:xmpp:carbons:2" }):up(); | |
| 98 features:tag("feature", { var = "urn:xmpp:csi:0" }):up(); | |
| 99 end); | |
| 100 | |
| 101 module:hook("enable-bind-features", function (event) | |
| 102 local session, features = event.session, event.features; | |
| 103 | |
| 104 -- Carbons | |
| 105 session.want_carbons = not not features:get_child("enable", "urn:xmpp:carbons:2"); | |
| 106 | |
| 107 -- CSI | |
| 108 local csi_state_tag = features:child_with_ns("urn:xmpp:csi:0"); | |
| 109 if csi_state_tag then | |
| 110 session.state = csi_state_tag.name; | |
| 111 end | |
| 112 end, 10); |
