Software /
code /
prosody
Annotate
core/usermanager.lua @ 10721:3a1b1d3084fb 0.11
core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513)
Backport of 94e341dee51c
The original intent of having kEDH before kEECDH was that if a `dhparam`
file was specified, this would be interpreted as a preference by the
admin for old and well-tested Diffie-Hellman key agreement over newer
elliptic curve ones. Otherwise the faster elliptic curve ciphersuites
would be preferred. This didn't really work as intended since this
affects the ClientHello on outgoing s2s connections, leading to some
servers using poorly configured kEDH.
With Debian shipping OpenSSL settings that enforce a higher security
level, this caused interoperability problems with servers that use DH
params smaller than 2048 bits. E.g. jabber.org at the time of this
writing has 1024 bit DH params.
MattJ says
> Curves have won, and OpenSSL is less weird about them now
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 25 Aug 2019 20:22:35 +0200 |
parent | 8717:9ddd0fbbe53a |
child | 10633:d1cc6af0fb97 |
rev | line source |
---|---|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
896
diff
changeset
|
1 -- Prosody IM |
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
4 -- |
758 | 5 -- This project is MIT/X11 licensed. Please see the |
6 -- COPYING file in the source package for more information. | |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
7 -- |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
8 |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
9 local modulemanager = require "core.modulemanager"; |
53
14ea0fe6ca86
Session destruction fixes, some debugging code while we fix the rest. Also change logger to be more useful.
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
10 local log = require "util.logger".init("usermanager"); |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
11 local type = type; |
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
12 local ipairs = ipairs; |
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
13 local jid_bare = require "util.jid".bare; |
4459
2ccc386b9913
usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents:
4237
diff
changeset
|
14 local jid_prep = require "util.jid".prep; |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
15 local config = require "core.configmanager"; |
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
16 local sasl_new = require "util.sasl".new; |
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
17 local storagemanager = require "core.storagemanager"; |
0 | 18 |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
19 local prosody = _G.prosody; |
8717
9ddd0fbbe53a
core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
20 local hosts = prosody.hosts; |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
21 |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
22 local setmetatable = setmetatable; |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
23 |
3336
3a8ce659edfc
mod_auth_internal, usermanager: Rename to mod_auth_internal_plain, and update usermanager to still use it as the default
Matthew Wild <mwild1@gmail.com>
parents:
3293
diff
changeset
|
24 local default_provider = "internal_plain"; |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
25 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
26 local _ENV = nil; |
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
27 -- luacheck: std none |
0 | 28 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
29 local function new_null_provider() |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
30 local function dummy() return nil, "method not implemented"; end; |
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
31 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
32 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, { |
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
6628
diff
changeset
|
33 __index = function(self, method) return dummy; end --luacheck: ignore 212 |
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
34 }); |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
35 end |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
36 |
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
37 local provider_mt = { __index = new_null_provider() }; |
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
38 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
39 local function initialize_host(host) |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
40 local host_session = hosts[host]; |
3612
5547acd18a9f
usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents:
3608
diff
changeset
|
41 if host_session.type ~= "local" then return; end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
42 |
3163 | 43 host_session.events.add_handler("item-added/auth-provider", function (event) |
44 local provider = event.item; | |
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
45 local auth_provider = config.get(host, "authentication") or default_provider; |
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
46 if config.get(host, "anonymous_login") then |
4773
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
47 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead."); |
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
48 auth_provider = "anonymous"; |
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
49 end -- COMPAT 0.7 |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
50 if provider.name == auth_provider then |
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
51 host_session.users = setmetatable(provider, provider_mt); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
52 end |
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
3163
diff
changeset
|
53 if host_session.users ~= nil and host_session.users.name ~= nil then |
6628
8495734da243
usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents:
5795
diff
changeset
|
54 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name); |
3163 | 55 end |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
56 end); |
3163 | 57 host_session.events.add_handler("item-removed/auth-provider", function (event) |
58 local provider = event.item; | |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
59 if host_session.users == provider then |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
60 host_session.users = new_null_provider(); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
61 end |
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
62 end); |
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
63 host_session.users = new_null_provider(); -- Start with the default usermanager provider |
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
64 local auth_provider = config.get(host, "authentication") or default_provider; |
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
65 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7 |
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
66 if auth_provider ~= "null" then |
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
67 modulemanager.load(host, "auth_"..auth_provider); |
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
68 end |
3176
f77759710324
usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents:
3167
diff
changeset
|
69 end; |
3293
4ce9d569a99c
usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents:
3285
diff
changeset
|
70 prosody.events.add_handler("host-activated", initialize_host, 100); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
71 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
72 local function test_password(username, host, password) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
73 return hosts[host].users.test_password(username, password); |
0 | 74 end |
38 | 75 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
76 local function get_password(username, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
77 return hosts[host].users.get_password(username); |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
78 end |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
79 |
8192
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
80 local function set_password(username, password, host, resource) |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
81 local ok, err = hosts[host].users.set_password(username, password); |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
82 if ok then |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
83 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource }); |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
84 end |
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
85 return ok, err; |
2934
060bb8217fea
usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents:
2929
diff
changeset
|
86 end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
87 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
88 local function user_exists(username, host) |
7177
1295e14614f4
usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents:
6979
diff
changeset
|
89 if hosts[host].sessions[username] then return true; end |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
90 return hosts[host].users.user_exists(username); |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
91 end |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
92 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
93 local function create_user(username, password, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
94 return hosts[host].users.create_user(username, password); |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
95 end |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
96 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
97 local function delete_user(username, host) |
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
98 local ok, err = hosts[host].users.delete_user(username); |
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
99 if not ok then return nil, err; end |
5094
e646c849d72f
core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents:
5042
diff
changeset
|
100 prosody.events.fire_event("user-deleted", { username = username, host = host }); |
5129
e8253c931166
storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents:
5094
diff
changeset
|
101 return storagemanager.purge(username, host); |
3993
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
102 end |
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
103 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
104 local function users(host) |
5157
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
105 return hosts[host].users.users(); |
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
106 end |
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
107 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
108 local function get_sasl_handler(host, session) |
4943
50f63f07245f
usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
4773
diff
changeset
|
109 return hosts[host].users.get_sasl_handler(session); |
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
110 end |
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
111 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
112 local function get_provider(host) |
3167
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
113 return hosts[host].users; |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
114 end |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
115 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
116 local function is_admin(jid, host) |
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
117 if host and not hosts[host] then return false; end |
4459
2ccc386b9913
usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents:
4237
diff
changeset
|
118 if type(jid) ~= "string" then return false; end |
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
119 |
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
120 jid = jid_bare(jid); |
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
121 host = host or "*"; |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
122 |
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
123 local host_admins = config.get(host, "admins"); |
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
124 local global_admins = config.get("*", "admins"); |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
125 |
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
126 if host_admins and host_admins ~= global_admins then |
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
127 if type(host_admins) == "table" then |
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
128 for _,admin in ipairs(host_admins) do |
4459
2ccc386b9913
usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents:
4237
diff
changeset
|
129 if jid_prep(admin) == jid then |
6979
0ce2b400663b
core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
130 return true; |
3218
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
131 end |
3030
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
132 end |
3419
79e08dc3fd37
usermanager: Fix two nil global accesses
Matthew Wild <mwild1@gmail.com>
parents:
3395
diff
changeset
|
133 elseif host_admins then |
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
134 log("error", "Option 'admins' for host '%s' is not a list", host); |
3030
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
135 end |
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
136 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
137 |
6979
0ce2b400663b
core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
138 if global_admins then |
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
139 if type(global_admins) == "table" then |
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
140 for _,admin in ipairs(global_admins) do |
4459
2ccc386b9913
usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents:
4237
diff
changeset
|
141 if jid_prep(admin) == jid then |
6979
0ce2b400663b
core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
142 return true; |
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
143 end |
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
144 end |
3419
79e08dc3fd37
usermanager: Fix two nil global accesses
Matthew Wild <mwild1@gmail.com>
parents:
3395
diff
changeset
|
145 elseif global_admins then |
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
146 log("error", "Global option 'admins' is not a list"); |
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
147 end |
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
148 end |
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
149 |
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
150 -- Still not an admin, check with auth provider |
6979
0ce2b400663b
core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
151 if host ~= "*" and hosts[host].users and hosts[host].users.is_admin then |
0ce2b400663b
core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
152 return hosts[host].users.is_admin(jid); |
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
153 end |
6979
0ce2b400663b
core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
154 return false; |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
155 end |
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
156 |
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
157 return { |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
158 new_null_provider = new_null_provider; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
159 initialize_host = initialize_host; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
160 test_password = test_password; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
161 get_password = get_password; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
162 set_password = set_password; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
163 user_exists = user_exists; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
164 create_user = create_user; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
165 delete_user = delete_user; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
166 users = users; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
167 get_sasl_handler = get_sasl_handler; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
168 get_provider = get_provider; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
169 is_admin = is_admin; |
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
170 }; |