Software / code / prosody
Annotate
net/resolvers/chain.lua @ 12659:c0eea4f6c739
usermanager: Add back temporary is_admin to warn about deprecated API usage
Goal: Introduce role-auth with minimal disruption
is_admin() is unsafe in a system with per-session permissions, so it has been
deprecated.
Roll-out approach:
1) First, log a warning when is_admin() is used. It should continue to
function normally, backed by the new role API. Nothing is really using
per-session authz yet, so there is minimal security concern.
The 'strict_deprecate_is_admin' global setting can be set to 'true' to
force a hard failure of is_admin() attempts (it will log an error and
always return false).
2) In some time (at least 1 week), but possibly longer depending on the number
of affected deployments: switch 'strict_deprecate_is_admin' to 'true' by
default. It can still be disabled for systems that need it.
3) Further in the future, before the next release, the option will be removed
and is_admin() will be permanently disabled.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 15 Aug 2022 15:25:07 +0100 |
| parent | 12204:7c397a49d163 |
| rev | line source |
|---|---|
|
12204
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local methods = {}; |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local resolver_mt = { __index = methods }; |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- Find the next target to connect to, and |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- pass it to cb() |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 function methods:next(cb) |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 if self.resolvers then |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 if not self.resolver then |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 if #self.resolvers == 0 then |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 cb(nil); |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 return; |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 end |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local next_resolver = table.remove(self.resolvers, 1); |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 self.resolver = next_resolver; |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 end |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 self.resolver:next(function (...) |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 if self.resolver then |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 self.last_error = self.resolver.last_error; |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 end |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 if ... == nil then |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 self.resolver = nil; |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 self:next(cb); |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 else |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 cb(...); |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 end |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 end); |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 return; |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 end |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 end |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 local function new(resolvers) |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 return setmetatable({ resolvers = resolvers }, resolver_mt); |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 end |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 return { |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 new = new; |
|
7c397a49d163
net.resolvers.chain: A resolver for combining other resolvers
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 }; |
