annotate mod_omemo_all_access/mod_omemo_all_access.lua @ 5298:12f7d8b901e0

mod_audit: Support for adding location (GeoIP) to audit events This can be more privacy-friendly than logging full IP addresses, and also more informative to a user - IP addresses don't mean much to the average person, however if they see activity from outside their expected country, they can immediately identify suspicious activity. As with IPs, this field is configurable for deployments that would like to disable it. Location is also not logged when the geoip library is not available.
author Matthew Wild <mwild1@gmail.com>
date Sat, 01 Apr 2023 13:11:53 +0100
parents 9505282ad24f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2856
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
1 -- OMEMO all access module
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
2 -- Copyright (c) 2017 Daniel Gultsch
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
3 --
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
4 -- This module is MIT/X11 licensed
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
5 --
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
6
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
7 local jid_bare = require "util.jid".bare;
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
8 local st = require "util.stanza"
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
9 local white_listed_namespace = "eu.siacs.conversations.axolotl."
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
10 local disco_feature_namespace = white_listed_namespace .. "whitelisted"
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
11
3210
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
12 local mm = require "core.modulemanager";
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
13
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
14
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
15 -- COMPAT w/trunk
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
16 local pep_module_name = "pep";
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
17 if mm.get_modules_for_host then
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
18 if mm.get_modules_for_host(module.host):contains("pep_simple") then
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
19 pep_module_name = "pep_simple";
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
20 end
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
21 end
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
22
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
23 local mod_pep = module:depends(pep_module_name);
2856
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
24 local pep_data = mod_pep.module.save().data;
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
25
3209
5b02241a254e mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents: 2858
diff changeset
26 if not pep_data then
5b02241a254e mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents: 2858
diff changeset
27 module:log("error", "This module is not compatible with your version of mod_pep");
3210
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
28 if mm.get_modules_for_host then
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
29 module:log("error", "Please use mod_pep_simple instead of mod_pep to continue using this module");
9505282ad24f mod_omemo_all_access: Add compatibility with mod_pep_simple
Matthew Wild <mwild1@gmail.com>
parents: 3209
diff changeset
30 end
3209
5b02241a254e mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents: 2858
diff changeset
31 return false;
5b02241a254e mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents: 2858
diff changeset
32 end
5b02241a254e mod_omemo_all_access: Log error when used with incompatible mod_pep
Matthew Wild <mwild1@gmail.com>
parents: 2858
diff changeset
33
2856
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
34 local function on_account_disco_info(event)
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
35 (event.reply or event.stanza):tag("feature", {var=disco_feature_namespace}):up();
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
36 end
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
37
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
38 local function on_pep_request(event)
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
39 local session, stanza = event.origin, event.stanza
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
40 local payload = stanza.tags[1];
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
41 if stanza.attr.type == 'get' then
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
42 local node, requested_id;
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
43 payload = payload.tags[1]
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
44 if payload and payload.name == 'items' then
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
45 node = payload.attr.node
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
46 local item = payload.tags[1];
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
47 if item and item.name == 'item' then
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
48 requested_id = item.attr.id;
2858
150a7bd59043 mod_omemo_all_access: fixed some linter warnings
Daniel Gultsch <daniel@gultsch.de>
parents: 2856
diff changeset
49 end
2856
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
50 end
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
51 if node and string.sub(node,1,string.len(white_listed_namespace)) == white_listed_namespace then
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
52 local user = stanza.attr.to and jid_bare(stanza.attr.to) or session.username..'@'..session.host;
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
53 local user_data = pep_data[user];
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
54 if user_data and user_data[node] then
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
55 local id, item = unpack(user_data[node]);
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
56 if not requested_id or id == requested_id then
2858
150a7bd59043 mod_omemo_all_access: fixed some linter warnings
Daniel Gultsch <daniel@gultsch.de>
parents: 2856
diff changeset
57 local reply_stanza = st.reply(stanza)
2856
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
58 :tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'})
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
59 :tag('items', {node=node})
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
60 :add_child(item)
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
61 :up()
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
62 :up();
2858
150a7bd59043 mod_omemo_all_access: fixed some linter warnings
Daniel Gultsch <daniel@gultsch.de>
parents: 2856
diff changeset
63 session.send(reply_stanza);
2856
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
64 module:log("debug","provided access to omemo node",node)
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
65 return true;
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
66 end
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
67 end
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
68 module:log("debug","requested node was white listed", node)
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
69 end
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
70 end
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
71 end
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
72
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
73 module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", on_pep_request, 10);
08f6b9d37a49 mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff changeset
74 module:hook("account-disco-info", on_account_disco_info);