prosody
d117b92fd8e4
plugins/muc/whois.lib.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

plugins/muc/whois.lib.lua @ 11712:d117b92fd8e4 0.11 0.11.10

MUC: Fix logic for access to affiliation lists Fixes https://prosody.im/security/advisory_20210722/ Backs out 4d7b925652d9
author Kim Alvefur <zash@zash.se>
date Thu, 22 Jul 2021 17:18:39 +0200
parent 9112:e66d932eeb58
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6214
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
1 -- Prosody IM
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
4 -- Copyright (C) 2014 Daurnimator
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
5 --
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
6 -- This project is MIT/X11 licensed. Please see the
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
7 -- COPYING file in the source package for more information.
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
8 --
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
9
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
10 local valid_whois = {
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
11 moderators = true;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
12 anyone = true;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
13 };
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
14
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
15 local function get_whois(room)
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
16 return room._data.whois or "moderators";
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
17 end
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
18
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
19 local function set_whois(room, whois)
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
20 assert(valid_whois[whois], "Invalid whois value")
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
21 if get_whois(room) == whois then return false; end
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
22 room._data.whois = whois;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
23 return true;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
24 end
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
25
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
26 module:hook("muc-disco#info", function(event)
9081
ce57c69a20e2 MUC: Split long lines [luacheck strict]
Kim Alvefur <zash@zash.se>
parents: 9035
diff changeset
27 local whois = get_whois(event.room) ~= "anyone" and "muc_semianonymous" or "muc_nonanonymous";
ce57c69a20e2 MUC: Split long lines [luacheck strict]
Kim Alvefur <zash@zash.se>
parents: 9035
diff changeset
28 event.reply:tag("feature", { var = whois }):up();
6214
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
29 end);
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
30
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
31 module:hook("muc-config-form", function(event)
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
32 local whois = get_whois(event.room);
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
33 table.insert(event.form, {
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
34 name = 'muc#roomconfig_whois',
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
35 type = 'list-single',
9034
1c709e3d2e5e MUC: Improve labels of all config form items
Matthew Wild <mwild1@gmail.com>
parents: 7401
diff changeset
36 label = 'Addresses (JIDs) of room occupants may be viewed by:',
9112
e66d932eeb58 MUC: Provide options as options in config form (fixes traceback)
Kim Alvefur <zash@zash.se>
parents: 9081
diff changeset
37 options = {
9034
1c709e3d2e5e MUC: Improve labels of all config form items
Matthew Wild <mwild1@gmail.com>
parents: 7401
diff changeset
38 { value = 'moderators', label = 'Moderators only', default = whois == 'moderators' },
6214
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
39 { value = 'anyone', label = 'Anyone', default = whois == 'anyone' }
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
40 }
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
41 });
9035
173c0e16e704 MUC: Add sections in room config form
Matthew Wild <mwild1@gmail.com>
parents: 9034
diff changeset
42 end, 80-4);
6214
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
43
6991
84e01dbb739e MUC: Update all config form handlers to take advantage of the new per-option events
Matthew Wild <mwild1@gmail.com>
parents: 6214
diff changeset
44 module:hook("muc-config-submitted/muc#roomconfig_whois", function(event)
84e01dbb739e MUC: Update all config form handlers to take advantage of the new per-option events
Matthew Wild <mwild1@gmail.com>
parents: 6214
diff changeset
45 if set_whois(event.room, event.value) then
7075
47a2deb74b56 MUC: Fix global access when setting 'whois', probably resulted in wrong status code return (thanks EmilyRose)
Kim Alvefur <zash@zash.se>
parents: 6991
diff changeset
46 local code = (event.value == 'moderators') and "173" or "172";
6214
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
47 event.status_codes[code] = true;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
48 end
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
49 end);
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
50
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
51 -- Mask 'from' jid as occupant jid if room is anonymous
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
52 module:hook("muc-invite", function(event)
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
53 local room, stanza = event.room, event.stanza;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
54 if get_whois(room) == "moderators" and room:get_default_role(room:get_affiliation(stanza.attr.to)) ~= "moderator" then
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
55 local invite = stanza:get_child("x", "http://jabber.org/protocol/muc#user"):get_child("invite");
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
56 local occupant_jid = room:get_occupant_jid(invite.attr.from);
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
57 if occupant_jid ~= nil then -- FIXME: This will expose real jid if inviter is not in room
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
58 invite.attr.from = occupant_jid;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
59 end
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
60 end
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
61 end, 50);
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
62
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
63 return {
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
64 get = get_whois;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
65 set = set_whois;
9813c74ce006 plugins/muc: Move `whois` code to seperate file
daurnimator <quae@daurnimator.com>
parents:
diff changeset
66 };