Comparison

mod_privilege/mod_privilege.lua @ 1663:ca07a6ada631

mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise
author Goffi <goffi@goffi.org>
date Tue, 07 Apr 2015 12:46:34 +0200
parent 1662:d440a22fa0af
child 1664:6bdcb1418029
comparison
equal deleted inserted replaced
1662:d440a22fa0af 1663:ca07a6ada631
11 local set = require("util/set") 11 local set = require("util/set")
12 local st = require("util/stanza") 12 local st = require("util/stanza")
13 local roster_manager = require("core/rostermanager") 13 local roster_manager = require("core/rostermanager")
14 local user_manager = require("core/usermanager") 14 local user_manager = require("core/usermanager")
15 local hosts = prosody.hosts 15 local hosts = prosody.hosts
16 -- the folowing sets are used to forward presence stanza
17 if not prosody._privilege_presence_man_ent then
18 prosody._privilege_presence_man_ent = set.new()
19 end
20 local presence_man_ent = prosody._privilege_presence_man_ent
21 if not prosody._privilege_presence_roster then
22 prosody._privilege_presence_roster = set.new()
23 end
24 local presence_roster = prosody._privilege_presence_roster
16 25
17 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) 26 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'})
18 local _ROSTER_GET_PERM = set.new({'get', 'both'}) 27 local _ROSTER_GET_PERM = set.new({'get', 'both'})
19 local _ROSTER_SET_PERM = set.new({'set', 'both'}) 28 local _ROSTER_SET_PERM = set.new({'set', 'both'})
20 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) 29 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'})
24 local _FORWARDED_NS = 'urn:xmpp:forward:0' 33 local _FORWARDED_NS = 'urn:xmpp:forward:0'
25 34
26 35
27 module:log("debug", "Loading privileged entity module "); 36 module:log("debug", "Loading privileged entity module ");
28 37
38
29 --> Permissions management <-- 39 --> Permissions management <--
30 40
31 privileges = module:get_option("privileged_entities", {}) 41 privileges = module:get_option("privileged_entities", {})
32 42
33 function advertise_perm(session, to_jid, perms) 43 function advertise_perm(session, to_jid, perms)
42 end 52 end
43 end 53 end
44 session.send(message) 54 session.send(message)
45 end 55 end
46 56
57 function set_presence_perm_set(to_jid, perms)
58 -- fill the global presence sets according to perms
59 if perms.presence == 'managed_entity' then
60 presence_man_ent:add(to_jid)
61 elseif perms.presence == 'roster' then
62 presence_man_ent:add(to_jid) -- roster imply managed_entity
63 presence_roster:add(to_jid)
64 end
47 end 65 end
48 66
49 function on_auth(event) 67 function on_auth(event)
50 -- Check if entity is privileged according to configuration, 68 -- Check if entity is privileged according to configuration,
51 -- and set session.privileges accordingly 69 -- and set session.privileges accordingly
67 if value == 'none' then 85 if value == 'none' then
68 ent_priv[perm_type] = nil 86 ent_priv[perm_type] = nil
69 end 87 end
70 end 88 end
71 end 89 end
90 -- extra checks for presence permission
91 if ent_priv.permission == 'roster' and not _ROSTER_GET_PERM:contains(session.privileges.roster) then
92 module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege")
93 module:log("warn", "Setting presence permission to none")
94 end_priv.permission = nil
95 end
96
72 if session.type == "component" then 97 if session.type == "component" then
73 -- we send the message stanza only for component 98 -- we send the message stanza only for component
74 -- it will be sent at first <presence/> for other entities 99 -- it will be sent at first <presence/> for other entities
75 advertise_perm(session, bare_jid, ent_priv) 100 advertise_perm(session, bare_jid, ent_priv)
101 set_presence_perm_set(bare_jid, ent_priv)
76 end 102 end
77 end 103 end
78 104
79 session.privileges = ent_priv 105 session.privileges = ent_priv
80 end 106 end
83 -- Permission are already checked at this point, 109 -- Permission are already checked at this point,
84 -- we only advertise them to the entity 110 -- we only advertise them to the entity
85 local session, stanza = event.origin, event.stanza; 111 local session, stanza = event.origin, event.stanza;
86 if session.privileges then 112 if session.privileges then
87 advertise_perm(session, session.full_jid, session.privileges) 113 advertise_perm(session, session.full_jid, session.privileges)
114 set_presence_perm_set(session.full_jid, session.privileges)
88 end 115 end
89 end 116 end
90 117
91 module:hook('authentication-success', on_auth) 118 module:hook('authentication-success', on_auth)
92 module:hook('component-authenticated', on_auth) 119 module:hook('component-authenticated', on_auth)