Software / code / prosody
Annotate
plugins/mod_vcard4.lua @ 13289:38c95544b7ee
mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by default
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 26 Oct 2023 15:14:39 +0100 |
| parent | 12977:74b9e05af71e |
| rev | line source |
|---|---|
|
12977
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
10707
diff
changeset
|
1 local st = require "prosody.util.stanza" |
|
74b9e05af71e
plugins: Prefix module imports with prosody namespace
Kim Alvefur <zash@zash.se>
parents:
10707
diff
changeset
|
2 local jid_split = require "prosody.util.jid".split; |
|
9261
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local mod_pep = module:depends("pep"); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
9283
e977b64ebd81
mod_vcard4: Advertise feature on account instead of host
Kim Alvefur <zash@zash.se>
parents:
9261
diff
changeset
|
6 module:hook("account-disco-info", function (event) |
|
e977b64ebd81
mod_vcard4: Advertise feature on account instead of host
Kim Alvefur <zash@zash.se>
parents:
9261
diff
changeset
|
7 event.reply:tag("feature", { var = "urn:ietf:params:xml:ns:vcard-4.0" }):up(); |
|
e977b64ebd81
mod_vcard4: Advertise feature on account instead of host
Kim Alvefur <zash@zash.se>
parents:
9261
diff
changeset
|
8 end); |
|
9261
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 module:hook("iq-get/bare/urn:ietf:params:xml:ns:vcard-4.0:vcard", function (event) |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local origin, stanza = event.origin, event.stanza; |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local pep_service = mod_pep.get_pep_service(jid_split(stanza.attr.to) or origin.username); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local ok, id, item = pep_service:get_last_item("urn:xmpp:vcard4", stanza.attr.from); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 if ok and item then |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 origin.send(st.reply(stanza):add_child(item.tags[1])); |
|
10707
c4b49939b471
mod_vcard4: Report correct error condition (fixes #1521)
Kim Alvefur <zash@zash.se>
parents:
9283
diff
changeset
|
17 elseif id == "item-not-found" or not id then |
|
9261
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 origin.send(st.error_reply(stanza, "cancel", "item-not-found")); |
|
10707
c4b49939b471
mod_vcard4: Report correct error condition (fixes #1521)
Kim Alvefur <zash@zash.se>
parents:
9283
diff
changeset
|
19 elseif id == "forbidden" then |
|
9261
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 origin.send(st.error_reply(stanza, "auth", "forbidden")); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 else |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 origin.send(st.error_reply(stanza, "modify", "undefined-condition")); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 end |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 return true; |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 end); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 module:hook("iq-set/self/urn:ietf:params:xml:ns:vcard-4.0:vcard", function (event) |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 local origin, stanza = event.origin, event.stanza; |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 local vcard4 = st.stanza("item", { xmlns = "http://jabber.org/protocol/pubsub", id = "current" }) |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 :add_child(stanza.tags[1]); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 local pep_service = mod_pep.get_pep_service(origin.username); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local ok, err = pep_service:publish("urn:xmpp:vcard4", origin.full_jid, "current", vcard4); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 if ok then |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 origin.send(st.reply(stanza)); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 elseif err == "forbidden" then |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 origin.send(st.error_reply(stanza, "auth", "forbidden")); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 else |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 origin.send(st.error_reply(stanza, "modify", "undefined-condition", err)); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 end |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 return true; |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 end); |
|
9db9e37610b7
mod_vcard4: Allow access to the vcard4 PEP node via iq syntax
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
