Software / code / prosody
Annotate
core/usermanager.lua @ 11749:83d6d6a70edf
net.http: fail open if surrounding code does not configure TLS
Previously, if surrounding code was not configuring the TLS context
used default in net.http, it would not validate certificates at all.
This is not a security issue with prosody, because prosody updates the
context with `verify = "peer"` as well as paths to CA certificates in
util.startup.init_http_client.
Nevertheless... Let's not leave this pitfall out there in the open.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Sun, 29 Aug 2021 15:04:47 +0200 |
| parent | 11745:3a2d58a39872 |
| child | 11898:89aa591bb895 |
| rev | line source |
|---|---|
|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
896
diff
changeset
|
1 -- Prosody IM |
|
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
4 -- |
| 758 | 5 -- This project is MIT/X11 licensed. Please see the |
| 6 -- COPYING file in the source package for more information. | |
|
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
7 -- |
|
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
8 |
|
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
9 local modulemanager = require "core.modulemanager"; |
|
53
14ea0fe6ca86
Session destruction fixes, some debugging code while we fix the rest. Also change logger to be more useful.
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
10 local log = require "util.logger".init("usermanager"); |
|
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
11 local type = type; |
|
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
12 local it = require "util.iterators"; |
|
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
13 local jid_bare = require "util.jid".bare; |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
14 local jid_split = require "util.jid".split; |
|
4459
2ccc386b9913
usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents:
4237
diff
changeset
|
15 local jid_prep = require "util.jid".prep; |
|
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
16 local config = require "core.configmanager"; |
|
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
17 local sasl_new = require "util.sasl".new; |
|
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
18 local storagemanager = require "core.storagemanager"; |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
19 local set = require "util.set"; |
| 0 | 20 |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
21 local prosody = _G.prosody; |
|
8717
9ddd0fbbe53a
core: Use prosody.hosts instead of _G.hosts for consistency
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
22 local hosts = prosody.hosts; |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
23 |
|
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
24 local setmetatable = setmetatable; |
|
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
25 |
|
3336
3a8ce659edfc
mod_auth_internal, usermanager: Rename to mod_auth_internal_plain, and update usermanager to still use it as the default
Matthew Wild <mwild1@gmail.com>
parents:
3293
diff
changeset
|
26 local default_provider = "internal_plain"; |
|
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
27 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
28 local _ENV = nil; |
|
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8192
diff
changeset
|
29 -- luacheck: std none |
| 0 | 30 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
31 local function new_null_provider() |
|
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
32 local function dummy() return nil, "method not implemented"; end; |
|
3362
90bf162303f3
usermanager: Return a non-nil SASL handler from the null auth provider (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3336
diff
changeset
|
33 local function dummy_get_sasl_handler() return sasl_new(nil, {}); end |
|
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
34 return setmetatable({name = "null", get_sasl_handler = dummy_get_sasl_handler}, { |
|
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
6628
diff
changeset
|
35 __index = function(self, method) return dummy; end --luacheck: ignore 212 |
|
3991
2b86d7705f4e
usermanager: Change dummy provider method to return an error string also (method not implemented)
Matthew Wild <mwild1@gmail.com>
parents:
3982
diff
changeset
|
36 }); |
|
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
37 end |
|
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
38 |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
39 local global_admins_config = config.get("*", "admins"); |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
40 if type(global_admins_config) ~= "table" then |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
41 global_admins_config = nil; -- TODO: factor out moduleapi magic config handling and use it here |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
42 end |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
43 local global_admins = set.new(global_admins_config) / jid_prep; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
44 |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
45 local admin_role = { ["prosody:admin"] = true }; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
46 local global_authz_provider = { |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
47 get_user_roles = function (user) end; --luacheck: ignore 212/user |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
48 get_jid_roles = function (jid) |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
49 if global_admins:contains(jid) then |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
50 return admin_role; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
51 end |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
52 end; |
|
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
53 get_jids_with_role = function (role) |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
54 if role ~= "prosody:admin" then return {}; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
55 return it.to_array(global_admins); |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
56 end; |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
57 }; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
58 |
|
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
59 local provider_mt = { __index = new_null_provider() }; |
|
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
60 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
61 local function initialize_host(host) |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
62 local host_session = hosts[host]; |
|
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
63 |
|
10659
8f95308c3c45
usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter
Matthew Wild <mwild1@gmail.com>
parents:
10640
diff
changeset
|
64 local authz_provider_name = config.get(host, "authorization") or "internal"; |
|
10634
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
65 |
|
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
66 local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); |
|
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
67 host_session.authz = authz_mod or global_authz_provider; |
|
c9e1cb7a38b8
usermanager: Load authz providers on components also
Matthew Wild <mwild1@gmail.com>
parents:
10633
diff
changeset
|
68 |
|
3612
5547acd18a9f
usermanager: Don't load auth modules for components.
Waqas Hussain <waqas20@gmail.com>
parents:
3608
diff
changeset
|
69 if host_session.type ~= "local" then return; end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
70 |
| 3163 | 71 host_session.events.add_handler("item-added/auth-provider", function (event) |
| 72 local provider = event.item; | |
|
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
73 local auth_provider = config.get(host, "authentication") or default_provider; |
|
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
74 if config.get(host, "anonymous_login") then |
|
4773
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
75 log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead."); |
|
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
76 auth_provider = "anonymous"; |
|
ee55956597f4
usermanager: Add log error for use of COMPAT config option 'anonymous_login'. To be removed in next version.
Matthew Wild <mwild1@gmail.com>
parents:
4459
diff
changeset
|
77 end -- COMPAT 0.7 |
|
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
78 if provider.name == auth_provider then |
|
3992
73075b004e77
usermanager: Have methods not implemented in the active provider fall back to the null provider (later we can add support for chains of providers)
Matthew Wild <mwild1@gmail.com>
parents:
3991
diff
changeset
|
79 host_session.users = setmetatable(provider, provider_mt); |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
80 end |
|
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
3163
diff
changeset
|
81 if host_session.users ~= nil and host_session.users.name ~= nil then |
|
6628
8495734da243
usermanager: Capitalize log message
Kim Alvefur <zash@zash.se>
parents:
5795
diff
changeset
|
82 log("debug", "Host '%s' now set to use user provider '%s'", host, host_session.users.name); |
| 3163 | 83 end |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
84 end); |
| 3163 | 85 host_session.events.add_handler("item-removed/auth-provider", function (event) |
| 86 local provider = event.item; | |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
87 if host_session.users == provider then |
|
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
88 host_session.users = new_null_provider(); |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
89 end |
|
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
90 end); |
|
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
91 host_session.users = new_null_provider(); -- Start with the default usermanager provider |
|
5377
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
92 local auth_provider = config.get(host, "authentication") or default_provider; |
|
898454038524
core.*: Complete removal of all traces of the "core" section and section-related code.
Kim Alvefur <zash@zash.se>
parents:
5157
diff
changeset
|
93 if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7 |
|
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
94 if auth_provider ~= "null" then |
|
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
95 modulemanager.load(host, "auth_"..auth_provider); |
|
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3466
diff
changeset
|
96 end |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
97 |
|
3176
f77759710324
usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents:
3167
diff
changeset
|
98 end; |
|
3293
4ce9d569a99c
usermanager: Expose host_handler() as initialize_host()
Matthew Wild <mwild1@gmail.com>
parents:
3285
diff
changeset
|
99 prosody.events.add_handler("host-activated", initialize_host, 100); |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
100 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
101 local function test_password(username, host, password) |
|
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
102 return hosts[host].users.test_password(username, password); |
| 0 | 103 end |
| 38 | 104 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
105 local function get_password(username, host) |
|
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
106 return hosts[host].users.get_password(username); |
|
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
107 end |
|
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
108 |
|
8192
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
109 local function set_password(username, password, host, resource) |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
110 local ok, err = hosts[host].users.set_password(username, password); |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
111 if ok then |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
112 prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource }); |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
113 end |
|
4354f556c5db
core.usermanager, various modules: Disconnect other resources on password change (thanks waqas) (fixes #512)
Kim Alvefur <zash@zash.se>
parents:
7177
diff
changeset
|
114 return ok, err; |
|
2934
060bb8217fea
usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents:
2929
diff
changeset
|
115 end |
|
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
116 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
117 local function user_exists(username, host) |
|
7177
1295e14614f4
usermanager: Shortcircuit user existence check if they have existing sessions
Kim Alvefur <zash@zash.se>
parents:
6979
diff
changeset
|
118 if hosts[host].sessions[username] then return true; end |
|
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
119 return hosts[host].users.user_exists(username); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
120 end |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
121 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
122 local function create_user(username, password, host) |
|
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
123 return hosts[host].users.create_user(username, password); |
|
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
124 end |
|
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
125 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
126 local function delete_user(username, host) |
|
5042
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
127 local ok, err = hosts[host].users.delete_user(username); |
|
ce823b32225e
usermanager: Add method for deleting a user
Kim Alvefur <zash@zash.se>
parents:
4943
diff
changeset
|
128 if not ok then return nil, err; end |
|
5094
e646c849d72f
core.usermanager: Don't close sessions ourselves when deleting users. Instead, fire an event that modules can hook.
Kim Alvefur <zash@zash.se>
parents:
5042
diff
changeset
|
129 prosody.events.fire_event("user-deleted", { username = username, host = host }); |
|
5129
e8253c931166
storagemanager: Add purge() for purging user data from all backends in use
Kim Alvefur <zash@zash.se>
parents:
5094
diff
changeset
|
130 return storagemanager.purge(username, host); |
|
3993
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
131 end |
|
b71e5ecc694b
usermanager: Add delete_user method
Matthew Wild <mwild1@gmail.com>
parents:
3992
diff
changeset
|
132 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
133 local function users(host) |
|
5157
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
134 return hosts[host].users.users(); |
|
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
135 end |
|
0e1686f334b8
usermanager: Add support for iterating over accounts
Kim Alvefur <zash@zash.se>
parents:
5129
diff
changeset
|
136 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
137 local function get_sasl_handler(host, session) |
|
4943
50f63f07245f
usermanager: Pass session on to auth provider (missing half of commit 0545a574667b) (thanks Zash)
Matthew Wild <mwild1@gmail.com>
parents:
4773
diff
changeset
|
138 return hosts[host].users.get_sasl_handler(session); |
|
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
139 end |
|
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
140 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
141 local function get_provider(host) |
|
3167
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
142 return hosts[host].users; |
|
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
143 end |
|
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
144 |
|
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
145 local function get_roles(jid, host) |
|
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
146 if host and not hosts[host] then return false; end |
|
4459
2ccc386b9913
usermanager: Prep admin JIDs (fixes issue#276).
Waqas Hussain <waqas20@gmail.com>
parents:
4237
diff
changeset
|
147 if type(jid) ~= "string" then return false; end |
|
4237
6b0d7d94eb7f
usermanager: Check host exists before trying to look up admins for it
Matthew Wild <mwild1@gmail.com>
parents:
3993
diff
changeset
|
148 |
|
3285
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
149 jid = jid_bare(jid); |
|
c116c4b2db5a
usermanager: is_admin: Resume the old role of determining precisely whether a user is an admin for a given host (or a global admin) - auth providers checked for JIDs not listed in the config if they support it
Matthew Wild <mwild1@gmail.com>
parents:
3218
diff
changeset
|
150 host = host or "*"; |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
151 |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
152 local actor_user, actor_host = jid_split(jid); |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
153 local roles; |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
154 |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
155 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
156 |
|
10695
52886aad9ee1
usermanager: Fix traceback when checking admin status of host-only JIDs (fixes #1508)
Matthew Wild <mwild1@gmail.com>
parents:
10659
diff
changeset
|
157 if actor_user and actor_host == host then -- Local user |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
158 roles = authz_provider.get_user_roles(actor_user); |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
159 else -- Remote user/JID |
|
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
160 roles = authz_provider.get_jid_roles(jid); |
|
3030
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
161 end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5377
diff
changeset
|
162 |
|
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
163 return roles; |
|
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
164 end |
|
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
165 |
|
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
166 local function set_roles(jid, host, roles) |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
167 if host and not hosts[host] then return false; end |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
168 if type(jid) ~= "string" then return false; end |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
169 |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
170 jid = jid_bare(jid); |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
171 host = host or "*"; |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
172 |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
173 local actor_user, actor_host = jid_split(jid); |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
174 |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
175 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
176 if actor_user and actor_host == host then -- Local user |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
177 return authz_provider.set_user_roles(actor_user, roles) |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
178 else -- Remote entity |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
179 return authz_provider.set_jid_roles(jid, roles) |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
180 end |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
181 end |
|
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
182 |
|
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
183 local function is_admin(jid, host) |
|
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
184 local roles = get_roles(jid, host); |
|
10633
d1cc6af0fb97
usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish).
Matthew Wild <mwild1@gmail.com>
parents:
8717
diff
changeset
|
185 return roles and roles["prosody:admin"]; |
|
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
186 end |
|
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
187 |
|
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
188 local function get_users_with_role(role, host) |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
189 if not hosts[host] then return false; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
190 if type(role) ~= "string" then return false; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
191 |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
192 return hosts[host].authz.get_users_with_role(role); |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
193 end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
194 |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
195 local function get_jids_with_role(role, host) |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
196 if host and not hosts[host] then return false; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
197 if type(role) ~= "string" then return false; end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
198 |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
199 host = host or "*"; |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
200 |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
201 local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
202 return authz_provider.get_jids_with_role(role); |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
203 end |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
204 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
205 return { |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
206 new_null_provider = new_null_provider; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
207 initialize_host = initialize_host; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
208 test_password = test_password; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
209 get_password = get_password; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
210 set_password = set_password; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
211 user_exists = user_exists; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
212 create_user = create_user; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
213 delete_user = delete_user; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
214 users = users; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
215 get_sasl_handler = get_sasl_handler; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
216 get_provider = get_provider; |
|
10640
5622eda7c5c5
usermanager: Add get_roles() function
Matthew Wild <mwild1@gmail.com>
parents:
10635
diff
changeset
|
217 get_roles = get_roles; |
|
11473
afe80b64e209
usermanager: expose set_roles through API
Jonas Schäfer <jonas@wielicki.name>
parents:
10695
diff
changeset
|
218 set_roles = set_roles; |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
219 is_admin = is_admin; |
|
11745
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
220 get_users_with_role = get_users_with_role; |
|
3a2d58a39872
usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given role
Matthew Wild <mwild1@gmail.com>
parents:
11473
diff
changeset
|
221 get_jids_with_role = get_jids_with_role; |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6663
diff
changeset
|
222 }; |
