Annotate

core/usermanager.lua @ 10721:3a1b1d3084fb 0.11

core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513) Backport of 94e341dee51c The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now
author Kim Alvefur <zash@zash.se>
date Sun, 25 Aug 2019 20:22:35 +0200
parent 8717:9ddd0fbbe53a
child 10633:d1cc6af0fb97
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 896
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2032
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2032
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 615
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
8
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
9 local modulemanager = require "core.modulemanager";
53
14ea0fe6ca86 Session destruction fixes, some debugging code while we fix the rest. Also change logger to be more useful.
Matthew Wild <mwild1@gmail.com>
parents: 38
diff changeset
10 local log = require "util.logger".init("usermanager");
890
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
11 local type = type;
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
12 local ipairs = ipairs;
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
13 local jid_bare = require "util.jid".bare;
4459
2ccc386b9913 usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents: 4237
diff changeset
14 local jid_prep = require "util.jid".prep;
890
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
15 local config = require "core.configmanager";
3362
90bf162303f3 usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents: 3336
diff changeset
16 local sasl_new = require "util.sasl".new;
5042
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
17 local storagemanager = require "core.storagemanager";
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
18
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
19 local prosody = _G.prosody;
8717
9ddd0fbbe53a core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents: 8555
diff changeset
20 local hosts = prosody.hosts;
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
21
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
22 local setmetatable = setmetatable;
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
23
3336
3a8ce659edfc mod_auth_internal, usermanager: Rename to mod_auth_internal_plain, and update usermanager to still use it as the default
Matthew Wild <mwild1@gmail.com>
parents: 3293
diff changeset
24 local default_provider = "internal_plain";
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
25
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
26 local _ENV = nil;
8555
4f0f5b49bb03 vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents: 8192
diff changeset
27 -- luacheck: std none
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
28
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
29 local function new_null_provider()
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
30 local function dummy() return nil, "method not implemented"; end;
3362
90bf162303f3 usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents: 3336
diff changeset
31 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
32 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, {
6663
d3023dd07cb6 portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents: 6628
diff changeset
33 __index = function(self, method) return dummy; end --luacheck: ignore 212
3991
2b86d7705f4e usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents: 3982
diff changeset
34 });
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
35 end
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
36
3992
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
37 local provider_mt = { __index = new_null_provider() };
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
38
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
39 local function initialize_host(host)
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
40 local host_session = hosts[host];
3612
5547acd18a9f usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents: 3608
diff changeset
41 if host_session.type ~= "local" then return; end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5377
diff changeset
42
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
43 host_session.events.add_handler("item-added/auth-provider", function (event)
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
44 local provider = event.item;
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
45 local auth_provider = config.get(host, "authentication") or default_provider;
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
46 if config.get(host, "anonymous_login") then
4773
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
47 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead.");
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
48 auth_provider = "anonymous";
ee55956597f4 usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents: 4459
diff changeset
49 end -- COMPAT 0.7
3180
99be525bcfb4 Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents: 3177
diff changeset
50 if provider.name == auth_provider then
3992
73075b004e77 usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents: 3991
diff changeset
51 host_session.users = setmetatable(provider, provider_mt);
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
52 end
3164
db9def53fe9c Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents: 3163
diff changeset
53 if host_session.users ~= nil and host_session.users.name ~= nil then
6628
8495734da243 usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents: 5795
diff changeset
54 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name);
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
55 end
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
56 end);
3163
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
57 host_session.events.add_handler("item-removed/auth-provider", function (event)
a23168cc4af5 Working defaultauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3161
diff changeset
58 local provider = event.item;
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
59 if host_session.users == provider then
3161
73e93a48c0c1 Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents: 3160
diff changeset
60 host_session.users = new_null_provider();
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
61 end
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
62 end);
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
63 host_session.users = new_null_provider(); -- Start with the default usermanager provider
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
64 local auth_provider = config.get(host, "authentication") or default_provider;
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
65 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7
3540
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
66 if auth_provider ~= "null" then
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
67 modulemanager.load(host, "auth_"..auth_provider);
bc139431830b Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents: 3466
diff changeset
68 end
3176
f77759710324 usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents: 3167
diff changeset
69 end;
3293
4ce9d569a99c usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents: 3285
diff changeset
70 prosody.events.add_handler("host-activated", initialize_host, 100);
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
71
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
72 local function test_password(username, host, password)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
73 return hosts[host].users.test_password(username, password);
0
3e3171b59028 First commit, where do you want to go tomorrow?
matthew
parents:
diff changeset
74 end
38
Matthew Wild <mwild1@gmail.com>
parents: 0
diff changeset
75
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
76 local function get_password(username, host)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
77 return hosts[host].users.get_password(username);
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
78 end
2987
0acfae4da199 usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents: 2934
diff changeset
79
8192
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
80 local function set_password(username, password, host, resource)
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
81 local ok, err = hosts[host].users.set_password(username, password);
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
82 if ok then
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
83 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource });
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
84 end
4354f556c5db core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents: 7177
diff changeset
85 return ok, err;
2934
060bb8217fea usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents: 2929
diff changeset
86 end
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1523
diff changeset
87
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
88 local function user_exists(username, host)
7177
1295e14614f4 usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents: 6979
diff changeset
89 if hosts[host].sessions[username] then return true; end
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
90 return hosts[host].users.user_exists(username);
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
91 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
92
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
93 local function create_user(username, password, host)
3158
3d42e0092888 Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents: 3053
diff changeset
94 return hosts[host].users.create_user(username, password);
60
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
95 end
44800be871f5 User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents: 53
diff changeset
96
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
97 local function delete_user(username, host)
5042
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
98 local ok, err = hosts[host].users.delete_user(username);
ce823b32225e usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents: 4943
diff changeset
99 if not ok then return nil, err; end
5094
e646c849d72f core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents: 5042
diff changeset
100 prosody.events.fire_event("user-deleted", { username = username, host = host });
5129
e8253c931166 storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents: 5094
diff changeset
101 return storagemanager.purge(username, host);
3993
b71e5ecc694b usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3992
diff changeset
102 end
b71e5ecc694b usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents: 3992
diff changeset
103
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
104 local function users(host)
5157
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
105 return hosts[host].users.users();
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
106 end
0e1686f334b8 usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents: 5129
diff changeset
107
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
108 local function get_sasl_handler(host, session)
4943
50f63f07245f usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents: 4773
diff changeset
109 return hosts[host].users.get_sasl_handler(session);
228
875842235836 Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents: 60
diff changeset
110 end
875842235836 Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents: 60
diff changeset
111
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
112 local function get_provider(host)
3167
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
113 return hosts[host].users;
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
114 end
546695e80e0a Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents: 3166
diff changeset
115
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
116 local function is_admin(jid, host)
4237
6b0d7d94eb7f usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents: 3993
diff changeset
117 if host and not hosts[host] then return false; end
4459
2ccc386b9913 usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents: 4237
diff changeset
118 if type(jid) ~= "string" then return false; end
4237
6b0d7d94eb7f usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents: 3993
diff changeset
119
3285
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
120 jid = jid_bare(jid);
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
121 host = host or "*";
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5377
diff changeset
122
5377
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
123 local host_admins = config.get(host, "admins");
898454038524 core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents: 5157
diff changeset
124 local global_admins = config.get("*", "admins");
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5377
diff changeset
125
3285
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
126 if host_admins and host_admins ~= global_admins then
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
127 if type(host_admins) == "table" then
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
128 for _,admin in ipairs(host_admins) do
4459
2ccc386b9913 usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents: 4237
diff changeset
129 if jid_prep(admin) == jid then
6979
0ce2b400663b core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
130 return true;
3218
032b81731f0f usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents: 3185
diff changeset
131 end
3030
2be7801474fb usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents: 2999
diff changeset
132 end
3419
79e08dc3fd37 usermanager: Fix two nil global accesses
Matthew Wild <mwild1@gmail.com>
parents: 3395
diff changeset
133 elseif host_admins then
3285
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
134 log("error", "Option 'admins' for host '%s' is not a list", host);
3030
2be7801474fb usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents: 2999
diff changeset
135 end
2be7801474fb usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents: 2999
diff changeset
136 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5377
diff changeset
137
6979
0ce2b400663b core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
138 if global_admins then
3285
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
139 if type(global_admins) == "table" then
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
140 for _,admin in ipairs(global_admins) do
4459
2ccc386b9913 usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents: 4237
diff changeset
141 if jid_prep(admin) == jid then
6979
0ce2b400663b core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
142 return true;
3285
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
143 end
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
144 end
3419
79e08dc3fd37 usermanager: Fix two nil global accesses
Matthew Wild <mwild1@gmail.com>
parents: 3395
diff changeset
145 elseif global_admins then
3285
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
146 log("error", "Global option 'admins' is not a list");
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
147 end
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
148 end
5776
bd0ff8ae98a8 Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 5377
diff changeset
149
3285
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
150 -- Still not an admin, check with auth provider
6979
0ce2b400663b core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
151 if host ~= "*" and hosts[host].users and hosts[host].users.is_admin then
0ce2b400663b core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
152 return hosts[host].users.is_admin(jid);
3285
c116c4b2db5a usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents: 3218
diff changeset
153 end
6979
0ce2b400663b core.usermanager: Return as soon as possible once admin status is known
Kim Alvefur <zash@zash.se>
parents: 6779
diff changeset
154 return false;
890
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
155 end
5b8da51b0843 usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents: 760
diff changeset
156
6779
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
157 return {
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
158 new_null_provider = new_null_provider;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
159 initialize_host = initialize_host;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
160 test_password = test_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
161 get_password = get_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
162 set_password = set_password;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
163 user_exists = user_exists;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
164 create_user = create_user;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
165 delete_user = delete_user;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
166 users = users;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
167 get_sasl_handler = get_sasl_handler;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
168 get_provider = get_provider;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
169 is_admin = is_admin;
6236668da30a core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents: 6663
diff changeset
170 };