Software /
code /
prosody
File
util/random.lua @ 12658:7ca5645f46cd
usermanager: Remove concept of global authz provider
Rationale:
- Removes a bunch of code!
- We don't have many cases where an actor is not bound to one of our hosts
- A notable exception is the admin shell, but if we ever attempt to lock those
sessions down, there is a load of other work that also has to be done. And
it's not clear if we would need a global authz provider for that anyway.
- Removes an extra edge case from the necessary mental model for operators
- Sessions that aren't bound to a host generally are anonymous or have an
alternative auth model (such as by IP addres).
- With the encapsulation now provided by util.roles, ad-hoc "detached roles"
can still be created anyway by code that needs them.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 12 Aug 2022 16:21:57 +0100 |
parent | 12446:e54b8a5e35ad |
child | 12975:d10957394a3c |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2014 Matthew Wild -- Copyright (C) 2008-2014 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- local ok, crand = pcall(require, "util.crand"); if ok and pcall(crand.bytes, 1) then return crand; end local urandom, urandom_err = io.open("/dev/urandom", "r"); local function bytes(n) local data, err = urandom:read(n); if not data then if err then error("Unable to retrieve data from secure random number generator (/dev/urandom): "..tostring(err)); else error("Secure random number generator (/dev/urandom) returned an end-of-file condition"); end end return data; end if not urandom then function bytes() error("Unable to obtain a secure random number generator, please see https://prosody.im/doc/random ("..urandom_err..")"); end end return { bytes = bytes; _source = "/dev/urandom"; };