Software /
code /
prosody-modules
Changeset
5029:56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
This is based on an experimental in-progress derivative of the current
XEP-0386.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 02 Sep 2022 16:22:11 +0100 (2022-09-02) |
parents | 5028:1f2d2bfd29dd |
children | 5030:3e79876d135b |
files | mod_sasl2_bind2/README.md mod_sasl2_bind2/mod_sasl2_bind2.lua |
diffstat | 2 files changed, 119 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_sasl2_bind2/README.md Fri Sep 02 16:22:11 2022 +0100 @@ -0,0 +1,7 @@ +--- +labels: +- Stage-Alpha +summary: "Bind 2 integration with SASL2" +--- + +Add support for inlining Bind 2.0 into the SASL2 process. Experimental WIP.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_sasl2_bind2/mod_sasl2_bind2.lua Fri Sep 02 16:22:11 2022 +0100 @@ -0,0 +1,112 @@ +local base64 = require "util.encodings".base64; +local sha1 = require "util.hashes".sha1; +local st = require "util.stanza"; + +local sm_bind_resource = require "core.sessionmanager".bind_resource; + +local xmlns_bind2 = "urn:xmpp:bind2:1"; +local xmlns_sasl2 = "urn:xmpp:sasl2:1"; + +-- Advertise what we can do + +module:hook("stream-features", function(event) + local origin, features = event.origin, event.features; + + if origin.type ~= "c2s_unauthed" then + return; + end + + local inline = st.stanza("inline", { xmlns = xmlns_bind2 }); + module:fire_event("advertise-bind-features", { origin = origin, features = inline }); + features:add_direct_child(inline); +end, 1); + +module:hook("advertise-sasl-features", function(event) + event.features:tag("bind", { xmlns = xmlns_bind2 }):up(); +end, 1); + +-- Helper to actually bind a resource to a session + +local function do_bind(session, bind_request) + local resource; + + local client_id_tag = bind_request:get_child("client-id"); + local client_id = client_id_tag and client_id_tag:text() or session.client_id; + if client_id and client_id ~= "" then + local tag = client_id_tag and client_id_tag.attr.tag or "client"; + resource = ("%s~%s"):format(tag, base64.encode(sha1(client_id):sub(1, 9))); + end + + local success, err_type, err, err_msg = sm_bind_resource(session, resource); + if not success then + session.log("debug", "Resource bind failed: %s", err_msg or err); + return nil, { type = err_type, condition = err, text = err_msg }; + end + + session.log("debug", "Resource bound: %s", session.full_jid); + return st.stanza("bound", { xmlns = xmlns_bind2 }) + :text_tag("jid", session.full_jid) +end + +-- Enable inline features requested by the client + +local function enable_features(session, bind_request, bind_result) + local features = bind_request:get_child("features"); + if not features then return; end + module:fire_event("process-bind-features", { + session = session; + features = features; + result = bind_result; + }); +end + +-- SASL 2 integration + +module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) + -- Cache action for future processing (after auth success) + session.sasl2_bind_request = auth:child_with_ns(xmlns_bind2); +end, 100); + +module:hook("sasl2/c2s/success", function (event) + local session = event.session; + + local bind_request = session.sasl2_bind_request; + if not bind_request then return; end -- No bind requested + session.sasl2_bind_request = nil; + + local sm_success = event.sasl2_sm_success; + if sm_success and sm_success.type == "resumed" then + return; -- No need to bind a resource + end + + local bind_result, err = do_bind(session, bind_request); + if not bind_result then + bind_result = st.stanza("failed", { xmlns = xmlns_bind2 }) + :add_error(err); + else + enable_features(session, bind_request, bind_result); + end + + event.success:add_child(bind_result); +end, 100); + +-- Inline features + +module:hook("advertise-bind-features", function (event) + local features = event.features; + features:tag("feature", { var = "urn:xmpp:carbons:2" }):up(); + features:tag("feature", { var = "urn:xmpp:csi:0" }):up(); +end); + +module:hook("enable-bind-features", function (event) + local session, features = event.session, event.features; + + -- Carbons + session.want_carbons = not not features:get_child("enable", "urn:xmpp:carbons:2"); + + -- CSI + local csi_state_tag = features:child_with_ns("urn:xmpp:csi:0"); + if csi_state_tag then + session.state = csi_state_tag.name; + end +end, 10);