File

core/sessionmanager.lua @ 12905:8473a516004f

core.usermanager: Add methods for enabling and disabling users Calling into the auth module, where available.
author Kim Alvefur <zash@zash.se>
date Thu, 23 Feb 2023 16:24:41 +0100
parent 12880:b56a2731bf00
child 12972:ead41e25ebc0
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- luacheck: globals prosody.full_sessions prosody.bare_sessions

local tostring, setmetatable = tostring, setmetatable;
local pairs, next= pairs, next;

local prosody, hosts = prosody, prosody.hosts;
local full_sessions = prosody.full_sessions;
local bare_sessions = prosody.bare_sessions;

local logger = require "util.logger";
local log = logger.init("sessionmanager");
local rm_load_roster = require "core.rostermanager".load_roster;
local config_get = require "core.configmanager".get;
local resourceprep = require "util.encodings".stringprep.resourceprep;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local generate_identifier = require "util.id".short;
local sessionlib = require "util.session";

local initialize_filters = require "util.filters".initialize;
local gettime = require "socket".gettime;

local _ENV = nil;
-- luacheck: std none

local function new_session(conn)
	local session = sessionlib.new("c2s");
	sessionlib.set_id(session);
	sessionlib.set_logger(session);
	sessionlib.set_conn(session, conn);

	session.conntime = gettime();
	local filter = initialize_filters(session);
	local w = conn.write;

	function session.rawsend(t)
		t = filter("bytes/out", tostring(t));
		if t then
			local ret, err = w(conn, t);
			if not ret then
				session.log("debug", "Error writing to connection: %s", err);
				return false, err;
			end
		end
		return true;
	end

	session.send = function (t)
		session.log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?"));
		if t.name then
			t = filter("stanzas/out", t);
		end
		if t then
			return session.rawsend(t);
		end
		return true;
	end
	session.ip = conn:ip();
	local conn_name = "c2s"..tostring(session):match("[a-f0-9]+$");
	session.log = logger.init(conn_name);

	return session;
end

local resting_session = { -- Resting, not dead
		destroyed = true;
		type = "c2s_destroyed";
		close = function (session)
			session.log("debug", "Attempt to close already-closed session");
		end;
		filter = function (type, data) return data; end; --luacheck: ignore 212/type
	}; resting_session.__index = resting_session;

local function retire_session(session)
	local log = session.log or log; --luacheck: ignore 431/log
	for k in pairs(session) do
		if k ~= "log" and k ~= "id" then
			session[k] = nil;
		end
	end

	function session.send(data) log("debug", "Discarding data sent to resting session: %s", data); return false; end
	function session.rawsend(data) log("debug", "Discarding data sent to resting session: %s", data); return false; end
	function session.data(data) log("debug", "Discarding data received from resting session: %s", data); end
	session.thread = { run = function (_, data) return session.data(data) end };
	return setmetatable(session, resting_session);
end

-- Update a session with a new one (transplanting connection, filters, etc.)
-- new_session should be discarded after this call returns
local function update_session(to_session, from_session)
	to_session.log("debug", "Updating with parameters from session %s", from_session.id);
	from_session.log("debug", "Session absorbed into %s", to_session.id);

	local replaced_conn = to_session.conn;
	if replaced_conn then
		to_session.log("debug", "closing a replaced connection for this session");
		replaced_conn:close();
	end

	to_session.ip = from_session.ip;
	to_session.conn = from_session.conn;
	to_session.rawsend = from_session.rawsend;
	to_session.rawsend.session = to_session;
	to_session.rawsend.conn = to_session.conn;
	to_session.send = from_session.send;
	to_session.send.session = to_session;
	to_session.close = from_session.close;
	to_session.filter = from_session.filter;
	to_session.filter.session = to_session;
	to_session.filters = from_session.filters;
	to_session.send.filter = to_session.filter;
	to_session.sasl_handler = from_session.sasl_handler;
	to_session.stream = from_session.stream;
	to_session.secure = from_session.secure;
	to_session.hibernating = nil;
	to_session.resumption_counter = (to_session.resumption_counter or 0) + 1;
	from_session.log = to_session.log;
	from_session.type = to_session.type;
	-- Inform xmppstream of the new session (passed to its callbacks)
	to_session.stream:set_session(to_session);

	-- Notify modules, allowing them to copy further fields or update state
	prosody.events.fire_event("c2s-session-updated", {
		session = to_session;
		from_session = from_session;
		replaced_conn = replaced_conn;
	});

	-- Retire the session we've pulled from, to avoid two sessions on the same connection
	retire_session(from_session);
end

local function destroy_session(session, err)
	if session.destroyed then return; end

	-- Remove session/resource from user's session list
	if session.full_jid then
		local host_session = hosts[session.host];

		-- Allow plugins to prevent session destruction
		if host_session.events.fire_event("pre-resource-unbind", {session=session, error=err}) then
			(session.log or log)("debug", "Resource unbind prevented by module");
			return;
		end

		(session.log or log)("debug", "Unbinding resource for %s (%s@%s)%s",
			session.full_jid or "(unknown)", session.username or "(unknown)",
			session.host or "(unknown)", err and (": "..err) or "");

		session.destroyed = true; -- Past this point the session is DOOMED!

		host_session.sessions[session.username].sessions[session.resource] = nil;
		full_sessions[session.full_jid] = nil;

		if not next(host_session.sessions[session.username].sessions) then
			log("debug", "All resources of %s are now offline", session.username);
			host_session.sessions[session.username] = nil;
			bare_sessions[session.username..'@'..session.host] = nil;
		end

		host_session.events.fire_event("resource-unbind", {session=session, error=err});
	else
		(session.log or log)("debug", "Destroying unbound session for <%s@%s>%s",
			session.username or "(unknown)", session.host or "(unknown)",
			err and (": "..err) or "");
	end

	retire_session(session);
end

local function make_authenticated(session, username, role_name)
	username = nodeprep(username);
	if not username or #username == 0 then return nil, "Invalid username"; end
	session.username = username;
	if session.type == "c2s_unauthed" then
		session.type = "c2s_unbound";
	end

	local role;
	if role_name then
		role = hosts[session.host].authz.get_role_by_name(role_name);
	else
		role = hosts[session.host].authz.get_user_role(username);
	end
	if role then
		sessionlib.set_role(session, role);
	end
	session.log("info", "Authenticated as %s@%s [%s]", username, session.host or "(unknown)", role and role.name or "no role");
	return true;
end

-- returns true, nil on success
-- returns nil, err_type, err, err_message on failure
local function bind_resource(session, resource)
	if not session.username then return nil, "auth", "not-authorized", "Cannot bind resource before authentication"; end
	if session.resource then return nil, "cancel", "not-allowed", "Cannot bind multiple resources on a single connection"; end
	-- We don't support binding multiple resources

	local event_payload = { session = session, resource = resource };
	if hosts[session.host].events.fire_event("pre-resource-bind", event_payload) == false then
		local err = event_payload.error;
		if err then return nil, err.type, err.condition, err.text; end
		return nil, "cancel", "not-allowed";
	else
		-- In case a plugin wants to poke at it
		resource = event_payload.resource;
	end

	resource = resourceprep(resource or "", true);
	resource = resource ~= "" and resource or generate_identifier();
	--FIXME: Randomly-generated resources must be unique per-user, and never conflict with existing

	if not hosts[session.host].sessions[session.username] then
		local sessions = { sessions = {} };
		hosts[session.host].sessions[session.username] = sessions;
		bare_sessions[session.username..'@'..session.host] = sessions;
	else
		local sessions = hosts[session.host].sessions[session.username].sessions;
		if sessions[resource] then
			-- Resource conflict
			local policy = config_get(session.host, "conflict_resolve");
			local increment;
			if policy == "random" then
				resource = generate_identifier();
				increment = true;
			elseif policy == "increment" then
				increment = true; -- TODO ping old resource
			elseif policy == "kick_new" then
				return nil, "cancel", "conflict", "Resource already exists";
			else -- if policy == "kick_old" then
				sessions[resource]:close {
					condition = "conflict";
					text = "Replaced by new connection";
				};
				if not next(sessions) then
					hosts[session.host].sessions[session.username] = { sessions = sessions };
					bare_sessions[session.username.."@"..session.host] = hosts[session.host].sessions[session.username];
				end
			end
			if increment and sessions[resource] then
				local count = 1;
				while sessions[resource.."#"..count] do
					count = count + 1;
				end
				resource = resource.."#"..count;
			end
		end
	end

	session.resource = resource;
	session.full_jid = session.username .. '@' .. session.host .. '/' .. resource;
	hosts[session.host].sessions[session.username].sessions[resource] = session;
	full_sessions[session.full_jid] = session;
	if session.type == "c2s_unbound" then
		session.type = "c2s";
	end

	local err;
	session.roster, err = rm_load_roster(session.username, session.host);
	if err then
		-- FIXME: Why is all this rollback down here, instead of just doing the roster test up above?
		full_sessions[session.full_jid] = nil;
		hosts[session.host].sessions[session.username].sessions[resource] = nil;
		session.full_jid = nil;
		session.resource = nil;
		if session.type == "c2s" then
			session.type = "c2s_unbound";
		end
		if next(bare_sessions[session.username..'@'..session.host].sessions) == nil then
			bare_sessions[session.username..'@'..session.host] = nil;
			hosts[session.host].sessions[session.username] = nil;
		end
		session.log("error", "Roster loading failed: %s", err);
		return nil, "cancel", "internal-server-error", "Error loading roster";
	end

	hosts[session.host].events.fire_event("resource-bind", {session=session});

	return true;
end

local function send_to_available_resources(username, host, stanza)
	local jid = username.."@"..host;
	local count = 0;
	local user = bare_sessions[jid];
	if user then
		for _, session in pairs(user.sessions) do
			if session.presence then
				session.send(stanza);
				count = count + 1;
			end
		end
	end
	return count;
end

local function send_to_interested_resources(username, host, stanza)
	local jid = username.."@"..host;
	local count = 0;
	local user = bare_sessions[jid];
	if user then
		for _, session in pairs(user.sessions) do
			if session.interested then
				session.send(stanza);
				count = count + 1;
			end
		end
	end
	return count;
end

return {
	new_session = new_session;
	retire_session = retire_session;
	update_session = update_session;
	destroy_session = destroy_session;
	make_authenticated = make_authenticated;
	bind_resource = bind_resource;
	send_to_available_resources = send_to_available_resources;
	send_to_interested_resources = send_to_interested_resources;
};