prosody-modules
1a6cd0bbb7ab
mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua @ 6110:1a6cd0bbb7ab

mod_compliance_2023: Add 2023 Version of the compliance module, basis is the 2021 Version. diff --git a/mod_compliance_2023/README.md b/mod_compliance_2023/README.md new file mode 100644 --- /dev/null +++ b/mod_compliance_2023/README.md @@ -0,0 +1,22 @@ +--- +summary: XMPP Compliance Suites 2023 self-test +labels: +- Stage-Beta +rockspec: + dependencies: + - mod_cloud_notify + +... + +Compare the list of enabled modules with +[XEP-0479: XMPP Compliance Suites 2023] and produce basic report to the +Prosody log file. + +If installed with the Prosody plugin installer then all modules needed for a green checkmark should be included. (With prosody 0.12 only [mod_cloud_notify] is not included with prosody and we need the community module) + +# Compatibility + + Prosody-Version Status + --------------- ---------------------- + trunk Works as of 2024-12-21 + 0.12 Works diff --git a/mod_compliance_2023/mod_compliance_2023.lua b/mod_compliance_2023/mod_compliance_2023.lua new file mode 100644 --- /dev/null +++ b/mod_compliance_2023/mod_compliance_2023.lua @@ -0,0 +1,79 @@ +-- Copyright (c) 2021 Kim Alvefur +-- +-- This module is MIT licensed. + +local hostmanager = require "core.hostmanager"; + +local array = require "util.array"; +local set = require "util.set"; + +local modules_enabled = module:get_option_inherited_set("modules_enabled"); + +for host in pairs(hostmanager.get_children(module.host)) do + local component = module:context(host):get_option_string("component_module"); + if component then + modules_enabled:add(component); + modules_enabled:include(module:context(host):get_option_set("modules_enabled", {})); + end +end + +local function check(suggested, alternate, ...) + if set.intersection(modules_enabled, set.new({suggested; alternate; ...})):empty() then return suggested; end + return false; +end + +local compliance = { + array {"Server"; check("tls"); check("disco")}; + + array {"Advanced Server"; check("pep", "pep_simple")}; + + array {"Web"; check("bosh"); check("websocket")}; + + -- No Server requirements for Advanced Web + + array {"IM"; check("vcard_legacy", "vcard"); check("carbons"); check("http_file_share", "http_upload")}; + + array { + "Advanced IM"; + check("vcard_legacy", "vcard"); + check("blocklist"); + check("muc"); + check("private"); + check("smacks"); + check("mam"); + check("bookmarks"); + }; + + array {"Mobile"; check("smacks"); check("csi_simple", "csi_battery_saver")}; + + array {"Advanced Mobile"; check("cloud_notify")}; + + array {"A/V Calling"; check("turn_external", "external_services", "turncredentials", "extdisco")}; + +}; + +function check_compliance() + local compliant = true; + for _, suite in ipairs(compliance) do + local section = suite:pop(1); + if module:get_option_boolean("compliance_" .. section:lower():gsub("%A", "_"), true) then + local missing = set.new(suite:filter(function(m) return type(m) == "string" end):map(function(m) return "mod_" .. m end)); + if suite[1] then + if compliant then + compliant = false; + module:log("warn", "Missing some modules for XMPP Compliance 2023"); + end + module:log("info", "%s Compliance: %s", section, missing); + end + end + end + + if compliant then module:log("info", "XMPP Compliance 2023: Compliant ✔️"); end +end + +if prosody.start_time then + check_compliance() +else + module:hook_global("server-started", check_compliance); +end +
author Menel <menel@snikket.de>
date Sun, 22 Dec 2024 16:06:28 +0100
parent 1213:544f5a4a8428
line wrap: on
line source

-- Dovecot authentication backend for Prosody
--
-- Copyright (C) 2010-2011 Waqas Hussain
-- Copyright (C) 2011 Kim Alvefur
--

local name = "Dovecot SASL";
local log = require "util.logger".init("auth_dovecot");

local socket_path = module:get_option_string("dovecot_auth_socket", "/var/run/dovecot/auth-login");
local socket_host = module:get_option_string("dovecot_auth_host", "127.0.0.1");
local socket_port = module:get_option_string("dovecot_auth_port");

local service_realm = module:get_option("realm");
local service_name = module:get_option("service_name");
local append_host = module:get_option_boolean("auth_append_host");
--assert(not append_host, "auth_append_host does not work");
local validate_domain = module:get_option_boolean("validate_append_host");
local handle_appended = module:get_option_string("handle_appended");
local util_sasl_new = require "util.sasl".new;

local new_dovecot_sasl = module:require "sasl_dovecot".new;

local new_sasl = function(realm)
	return new_dovecot_sasl(
		service_realm or realm,
		service_name or "xmpp",

		socket_port and { socket_host, socket_port } or socket_path,

		{ --config
			handle_domain = handle_appended or
				(append_host and "split" or "escape"),
			validate_domain = validate_domain,
		}
	);
end

do
	local s, err = new_sasl(module.host)
	if not s then
		log("error", "%s", tostring(err));
	end
	assert(s, "Could not create a new SASL object");
	assert(s.mechanisms, "SASL object has no mechanims method");
	local m, _m = {}, s:mechanisms();
	assert(not append_host or _m.PLAIN, "auth_append_host requires PLAIN, but it is unavailable");
	for k in pairs(_m) do
		table.insert(m, k);
	end
	log("debug", "Mechanims found: %s", table.concat(m, ", "));
end

provider = {};

function provider.test_password(username, password)
	return new_sasl(module.host):plain_test(username, password);
end

function provider.get_password(username)
	return nil, "Passwords unavailable for "..name;
end

function provider.set_password(username, password)
	return nil, "Passwords unavailable for "..name;
end

function provider.user_exists(username)
	return true -- FIXME
--[[ This, sadly, doesn't work.
	local user_test = new_sasl(module.host);
	user_test:select("PLAIN");
	user_test:process(("\0%s\0"):format(username));
	return user_test.username == username;
--]]
end

function provider.create_user(username, password)
	return nil, "Account creation/modification not available with "..name;
end

function provider.get_sasl_handler()
	return new_sasl(module.host);
end

if append_host then
	function provider.test_password(username, password)
		return new_sasl(module.host):plain_test(username .. "@".. (service_realm or module.host), password) == "success";
	end

	function provider.get_sasl_handler()
		return util_sasl_new(module.host, {
			plain_test = function(sasl, username, password, realm)
				return provider.test_password(username, password), true
			end;
		});
	end
end

module:provides("auth", provider);