Software /
code /
prosody-modules
Changeset
2856:08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
author | Daniel Gultsch <daniel@gultsch.de> |
---|---|
date | Fri, 29 Dec 2017 16:28:47 +0100 |
parents | 2855:7713cd4fff8f |
children | 2857:ff1666716d10 |
files | mod_omemo_all_access/README.markdown mod_omemo_all_access/mod_omemo_all_access.lua |
diffstat | 2 files changed, 82 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_omemo_all_access/README.markdown Fri Dec 29 16:28:47 2017 +0100 @@ -0,0 +1,27 @@ +--- +labels: +- 'Stage-Alpha' +summary: 'Disable access control for all OMEMO related PEP nodes' +--- + +Introduction +============ + +Traditionally OMEMO encrypted messages could only be exchanged after gaining mutual presence subscription due to the OMEMO key material being stored in PEP. + +XEP-0060 defines a method of changing the access model of a PEP node from `presence` to `open`. However Prosody does not yet support access models on PEP nodes. + +This module disables access control for all OMEMO PEP nodes (=all nodes in the namespace of `eu.siacs.conversations.axolotl.*`), giving everyone access to the OMEMO key material and allowing them to start OMEMO sessions with users on this server. + +Disco feature +============= + +This modules annouces a disco feature on the account to allow external tools such as the [Compliance Tester](https://conversations.im/compliance/) to check if this module has been installed. + + +Compatibility +============= + + ----- ----------------------------------------------------------------------------- + 0.10 Works + ----- -----------------------------------------------------------------------------
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_omemo_all_access/mod_omemo_all_access.lua Fri Dec 29 16:28:47 2017 +0100 @@ -0,0 +1,55 @@ +-- OMEMO all access module +-- Copyright (c) 2017 Daniel Gultsch +-- +-- This module is MIT/X11 licensed +-- + +local jid_bare = require "util.jid".bare; +local st = require "util.stanza" +local white_listed_namespace = "eu.siacs.conversations.axolotl." +local disco_feature_namespace = white_listed_namespace .. "whitelisted" + +local mod_pep = module:depends"pep"; +local pep_data = mod_pep.module.save().data; + +local function on_account_disco_info(event) + (event.reply or event.stanza):tag("feature", {var=disco_feature_namespace}):up(); +end + +local function on_pep_request(event) + local session, stanza = event.origin, event.stanza + local payload = stanza.tags[1]; + if stanza.attr.type == 'get' then + local node, requested_id; + payload = payload.tags[1] + if payload and payload.name == 'items' then + node = payload.attr.node + local item = payload.tags[1]; + if item and item.name == 'item' then + requested_id = item.attr.id; + end + end + if node and string.sub(node,1,string.len(white_listed_namespace)) == white_listed_namespace then + local user = stanza.attr.to and jid_bare(stanza.attr.to) or session.username..'@'..session.host; + local user_data = pep_data[user]; + if user_data and user_data[node] then + local id, item = unpack(user_data[node]); + if not requested_id or id == requested_id then + local stanza = st.reply(stanza) + :tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'}) + :tag('items', {node=node}) + :add_child(item) + :up() + :up(); + session.send(stanza); + module:log("debug","provided access to omemo node",node) + return true; + end + end + module:log("debug","requested node was white listed", node) + end + end +end + +module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", on_pep_request, 10); +module:hook("account-disco-info", on_account_disco_info);