prosody-modules: mod_privilege/mod_privilege.lua annotate

annotate mod_privilege/mod_privilege.lua @ 4340:7cd3b7ec59e9

mod_http_oauth2: Rudimentary support for scopes (but not really) We don't support limiting access, but this change will inform the client what permissions the created token has (e.g. is the user an admin or not). There is some work in progress on real scope support.

author	Matthew Wild <mwild1@gmail.com>
date	Sat, 16 Jan 2021 19:47:22 +0000
parents	7454274ead2f
children	3ddab718f717

rev	line source
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	1 -- XEP-0356 (Privileged Entity)
2068 e9226e3bdeba mod_privilege: date update Goffi <goffi@goffi.org> parents: 1990 diff changeset	2 -- Copyright (C) 2015-2016 Jérôme Poisson
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	3 --
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	4 -- This module is MIT/X11 licensed. Please see the
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	5 -- COPYING file in the source package for more information.
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	6 --
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	7 -- Some parts come from mod_remote_roster (module by Waqas Hussain and Kim Alvefur, see https://code.google.com/p/prosody-modules/)
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	8
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	9 -- TODO: manage external <presence/> (for "roster" presence permission) when the account with the roster is offline
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	10
1990 c4da3d9f212d mod_privilege: fixed imports, using "/" instead of "." was causing caching issues Goffi <goffi@goffi.org> parents: 1989 diff changeset	11 local jid = require("util.jid")
c4da3d9f212d mod_privilege: fixed imports, using "/" instead of "." was causing caching issues Goffi <goffi@goffi.org> parents: 1989 diff changeset	12 local set = require("util.set")
c4da3d9f212d mod_privilege: fixed imports, using "/" instead of "." was causing caching issues Goffi <goffi@goffi.org> parents: 1989 diff changeset	13 local st = require("util.stanza")
c4da3d9f212d mod_privilege: fixed imports, using "/" instead of "." was causing caching issues Goffi <goffi@goffi.org> parents: 1989 diff changeset	14 local roster_manager = require("core.rostermanager")
1989 2c9b227dd580 mod_privilege: fixed module import which was causing SALS issues Goffi <goffi@goffi.org> parents: 1955 diff changeset	15 local usermanager_user_exists = require "core.usermanager".user_exists;
1661 69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	16 local hosts = prosody.hosts
1665 746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	17 local full_sessions = prosody.full_sessions;
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	18
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	19 local priv_session = module:shared("/*/privilege/session")
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	20
1708 ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	21 if priv_session.connected_cb == nil then
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	22 -- set used to have connected event listeners
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	23 -- which allows a host to react on events from
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	24 -- other hosts
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	25 priv_session.connected_cb = set.new()
1663 ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	26 end
1708 ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	27 local connected_cb = priv_session.connected_cb
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	28
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	29 -- the folowing sets are used to forward presence stanza
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	30 -- the folowing sets are used to forward presence stanza
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	31 local presence_man_ent = set.new()
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	32 local presence_roster = set.new()
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	33
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	34 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'})
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	35 local _ROSTER_GET_PERM = set.new({'get', 'both'})
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	36 local _ROSTER_SET_PERM = set.new({'set', 'both'})
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	37 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'})
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	38 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'})
1665 746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	39 local _PRESENCE_MANAGED = set.new({'managed_entity', 'roster'})
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	40 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE}
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	41 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1'
1661 69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	42 local _FORWARDED_NS = 'urn:xmpp:forward:0'
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	43 local _MODULE_HOST = module:get_host()
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	44
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	45
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	46 module:log("debug", "Loading privileged entity module ");
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	47
1663 ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	48
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	49 --> Permissions management <--
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	50
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	51 local privileges = module:get_option("privileged_entities", {})
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	52
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	53 local function get_session_privileges(session, host)
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	54 if not session.privileges then return nil end
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	55 return session.privileges[host]
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	56 end
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	57
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	58
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	59 local function advertise_perm(session, to_jid, perms)
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	60 -- send <message/> stanza to advertise permissions
1665 746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	61 -- as expained in § 4.2
1708 ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	62 local message = st.message({from=module.host, to=to_jid})
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	63 :tag("privilege", {xmlns=_PRIV_ENT_NS})
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	64
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	65 for _, perm in pairs({'roster', 'message', 'presence'}) do
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	66 if perms[perm] then
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	67 message:tag("perm", {access=perm, type=perms[perm]}):up()
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	68 end
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	69 end
1662 d440a22fa0af mod_privilege: advertise_perm method now use session.send instead of module:send to avoid to go back in hook Goffi <goffi@goffi.org> parents: 1661 diff changeset	70 session.send(message)
d440a22fa0af mod_privilege: advertise_perm method now use session.send instead of module:send to avoid to go back in hook Goffi <goffi@goffi.org> parents: 1661 diff changeset	71 end
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	72
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	73 local function set_presence_perm_set(to_jid, perms)
1708 ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	74 -- fill the presence sets according to perms
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	75 if _PRESENCE_MANAGED:contains(perms.presence) then
1663 ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	76 presence_man_ent:add(to_jid)
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	77 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	78 if perms.presence == 'roster' then
1663 ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	79 presence_roster:add(to_jid)
ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	80 end
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	81 end
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	82
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	83 local function advertise_presences(session, to_jid, perms)
1665 746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	84 -- send presence status for already conencted entities
746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	85 -- as explained in § 7.1
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	86 -- people in roster are probed only for active sessions
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	87 -- TODO: manage roster load for inactive sessions
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	88 if not perms.presence then return; end
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	89 local to_probe = {}
1665 746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	90 for _, user_session in pairs(full_sessions) do
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	91 if user_session.presence and _PRESENCE_MANAGED:contains(perms.presence) then
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	92 local presence = st.clone(user_session.presence)
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	93 presence.attr.to = to_jid
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	94 module:log("debug", "sending current presence for "..tostring(user_session.full_jid))
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	95 session.send(presence)
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	96 end
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	97 if perms.presence == "roster" then
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	98 -- we reset the cache to avoid to miss a presence that just changed
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	99 priv_session.last_presence = nil
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	100
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	101 if user_session.roster then
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	102 local bare_jid = jid.bare(user_session.full_jid)
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	103 for entity, item in pairs(user_session.roster) do
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	104 if entity~=false and entity~="pending" and (item.subscription=="both" or item.subscription=="to") then
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	105 local _, host = jid.split(entity)
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	106 if not hosts[host] then -- we don't probe jid from hosts we manage
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	107 -- using a table with entity as key avoid probing several time the same one
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	108 to_probe[entity] = bare_jid
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	109 end
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	110 end
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	111 end
1665 746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	112 end
746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	113 end
746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	114 end
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	115
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	116 -- now we probe peoples for "roster" presence permission
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	117 for probe_to, probe_from in pairs(to_probe) do
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	118 module:log("debug", "probing presence for %s (on behalf of %s)", tostring(probe_to), tostring(probe_from))
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	119 local probe = st.presence({from=probe_from, to=probe_to, type="probe"})
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	120 prosody.core_route_stanza(nil, probe)
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	121 end
1665 746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	122 end
746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	123
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	124 local function on_auth(event)
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	125 -- Check if entity is privileged according to configuration,
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	126 -- and set session.privileges accordingly
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	127
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	128 local session = event.session
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	129 local bare_jid = jid.join(session.username, session.host)
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	130 if not session.privileges then
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	131 session.privileges = {}
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	132 end
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	133
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	134 local ent_priv = privileges[bare_jid]
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	135 if ent_priv ~= nil then
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	136 module:log("debug", "Entity is privileged")
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	137 for perm_type, allowed_values in pairs(_TO_CHECK) do
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	138 local value = ent_priv[perm_type]
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	139 if value ~= nil then
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	140 if not allowed_values:contains(value) then
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	141 module:log('warn', 'Invalid value for '..perm_type..' privilege: ['..value..']')
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	142 module:log('warn', 'Setting '..perm_type..' privilege to none')
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	143 ent_priv[perm_type] = nil
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	144 end
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	145 if value == 'none' then
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	146 ent_priv[perm_type] = nil
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	147 end
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	148 end
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	149 end
1663 ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	150 -- extra checks for presence permission
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	151 if ent_priv.presence == 'roster' and not _ROSTER_GET_PERM:contains(ent_priv.roster) then
1663 ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	152 module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege")
ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	153 module:log("warn", "Setting presence permission to none")
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	154 ent_priv.presence = nil
1663 ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	155 end
ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	156
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	157 if session.type == "component" then
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	158 -- we send the message stanza only for component
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	159 -- it will be sent at first <presence/> for other entities
1662 d440a22fa0af mod_privilege: advertise_perm method now use session.send instead of module:send to avoid to go back in hook Goffi <goffi@goffi.org> parents: 1661 diff changeset	160 advertise_perm(session, bare_jid, ent_priv)
1663 ca07a6ada631 mod_privilege: presence permission configuration check + use global set to know privileged entities to advertise Goffi <goffi@goffi.org> parents: 1662 diff changeset	161 set_presence_perm_set(bare_jid, ent_priv)
1665 746d94f37a4c mod_privilege: presence already known are advertised to privileged entity (for "maneger_entity" permission only so far) Goffi <goffi@goffi.org> parents: 1664 diff changeset	162 advertise_presences(session, bare_jid, ent_priv)
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	163 end
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	164 end
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	165
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	166 session.privileges[_MODULE_HOST] = ent_priv
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	167 end
7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	168
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	169 local function on_presence(event)
1659 495a093798eb mod_privilege: added permissions notification on initial presence for entities which are not components Goffi <goffi@goffi.org> parents: 1658 diff changeset	170 -- Permission are already checked at this point,
495a093798eb mod_privilege: added permissions notification on initial presence for entities which are not components Goffi <goffi@goffi.org> parents: 1658 diff changeset	171 -- we only advertise them to the entity
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	172 local session = event.origin
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	173 local session_privileges = get_session_privileges(session, _MODULE_HOST)
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	174 if session_privileges then
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	175 advertise_perm(session, session.full_jid, session_privileges)
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	176 set_presence_perm_set(session.full_jid, session_privileges)
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	177 advertise_presences(session, session.full_jid, session_privileges)
1659 495a093798eb mod_privilege: added permissions notification on initial presence for entities which are not components Goffi <goffi@goffi.org> parents: 1658 diff changeset	178 end
495a093798eb mod_privilege: added permissions notification on initial presence for entities which are not components Goffi <goffi@goffi.org> parents: 1658 diff changeset	179 end
495a093798eb mod_privilege: added permissions notification on initial presence for entities which are not components Goffi <goffi@goffi.org> parents: 1658 diff changeset	180
1708 ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	181 local function on_component_auth(event)
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	182 -- react to component-authenticated event from this host
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	183 -- and call the on_auth methods from all other hosts
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	184 -- needed for the component to get delegations advertising
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	185 for callback in connected_cb:items() do
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	186 callback(event)
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	187 end
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	188 end
ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	189
1775 0d78bb31348e mod_privilege: fixed bad calling of on_auth for components Goffi <goffi@goffi.org> parents: 1708 diff changeset	190 if module:get_host_type() ~= "component" then
0d78bb31348e mod_privilege: fixed bad calling of on_auth for components Goffi <goffi@goffi.org> parents: 1708 diff changeset	191 connected_cb:add(on_auth)
0d78bb31348e mod_privilege: fixed bad calling of on_auth for components Goffi <goffi@goffi.org> parents: 1708 diff changeset	192 end
1657 7116bc76663b mod_privilege: mod_privilege first draft Goffi <goffi@goffi.org> parents: diff changeset	193 module:hook('authentication-success', on_auth)
1708 ad7afcf86131 mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts Goffi <goffi@goffi.org> parents: 1707 diff changeset	194 module:hook('component-authenticated', on_component_auth)
1659 495a093798eb mod_privilege: added permissions notification on initial presence for entities which are not components Goffi <goffi@goffi.org> parents: 1658 diff changeset	195 module:hook('presence/initial', on_presence)
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	196
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	197
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	198 --> roster permission <--
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	199
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	200 -- get
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	201 module:hook("iq-get/bare/jabber:iq:roster:query", function(event)
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	202 local session, stanza = event.origin, event.stanza;
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	203 if not stanza.attr.to then
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	204 -- we don't want stanzas addressed to /self
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	205 return;
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	206 end
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	207 local node, host = jid.split(stanza.attr.to);
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	208 local session_privileges = get_session_privileges(session, host)
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	209
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	210 if session_privileges and _ROSTER_GET_PERM:contains(session_privileges.roster) then
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	211 module:log("debug", "Roster get from allowed privileged entity received")
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	212 -- following code is adapted from mod_remote_roster
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	213 local roster = roster_manager.load_roster(node, host);
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	214
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	215 local reply = st.reply(stanza):query("jabber:iq:roster");
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	216 for entity_jid, item in pairs(roster) do
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	217 if entity_jid and entity_jid ~= "pending" then
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	218 reply:tag("item", {
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	219 jid = entity_jid,
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	220 subscription = item.subscription,
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	221 ask = item.ask,
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	222 name = item.name,
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	223 });
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	224 for group in pairs(item.groups) do
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	225 reply:tag("group"):text(group):up();
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	226 end
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	227 reply:up(); -- move out from item
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	228 end
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	229 end
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	230 -- end of code adapted from mod_remote_roster
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	231 session.send(reply);
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	232 else
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	233 module:log("warn", "Entity "..tostring(session.full_jid).." try to get roster without permission")
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	234 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	235 end
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	236
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	237 return true
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	238 end);
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	239
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	240 -- set
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	241 module:hook("iq-set/bare/jabber:iq:roster:query", function(event)
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	242 local session, stanza = event.origin, event.stanza;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	243 if not stanza.attr.to then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	244 -- we don't want stanzas addressed to /self
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	245 return;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	246 end
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	247 local from_node, from_host = jid.split(stanza.attr.to);
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	248 local session_privileges = get_session_privileges(session, from_host)
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	249
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	250 if session_privileges and _ROSTER_SET_PERM:contains(session_privileges.roster) then
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	251 module:log("debug", "Roster set from allowed privileged entity received")
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	252 -- following code is adapted from mod_remote_roster
1989 2c9b227dd580 mod_privilege: fixed module import which was causing SALS issues Goffi <goffi@goffi.org> parents: 1955 diff changeset	253 if not(usermanager_user_exists(from_node, from_host)) then return; end
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	254 local roster = roster_manager.load_roster(from_node, from_host);
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	255 if not(roster) then return; end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	256
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	257 local query = stanza.tags[1];
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	258 for _, item in ipairs(query.tags) do
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	259 if item.name == "item"
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	260 and item.attr.xmlns == "jabber:iq:roster" and item.attr.jid
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	261 -- Protection against overwriting roster.pending, until we move it
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	262 and item.attr.jid ~= "pending" then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	263
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	264 local item_jid = jid.prep(item.attr.jid);
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	265 local _, host, resource = jid.split(item_jid);
1660 d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	266 if not resource then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	267 if item_jid ~= stanza.attr.to then -- not self-item_jid
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	268 if item.attr.subscription == "remove" then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	269 local r_item = roster[item_jid];
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	270 if r_item then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	271 roster[item_jid] = nil;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	272 if roster_manager.save_roster(from_node, from_host, roster) then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	273 session.send(st.reply(stanza));
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	274 roster_manager.roster_push(from_node, from_host, item_jid);
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	275 else
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	276 roster[item_jid] = item;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	277 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster"));
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	278 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	279 else
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	280 session.send(st.error_reply(stanza, "modify", "item-not-found"));
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	281 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	282 else
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	283 local subscription = item.attr.subscription;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	284 if subscription ~= "both" and subscription ~= "to" and subscription ~= "from" and subscription ~= "none" then -- TODO error on invalid
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	285 subscription = roster[item_jid] and roster[item_jid].subscription or "none";
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	286 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	287 local r_item = {name = item.attr.name, groups = {}};
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	288 if r_item.name == "" then r_item.name = nil; end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	289 r_item.subscription = subscription;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	290 if subscription ~= "both" and subscription ~= "to" then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	291 r_item.ask = roster[item_jid] and roster[item_jid].ask;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	292 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	293 for _, child in ipairs(item) do
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	294 if child.name == "group" then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	295 local text = table.concat(child);
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	296 if text and text ~= "" then
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	297 r_item.groups[text] = true;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	298 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	299 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	300 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	301 local olditem = roster[item_jid];
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	302 roster[item_jid] = r_item;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	303 if roster_manager.save_roster(from_node, from_host, roster) then -- Ok, send success
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	304 session.send(st.reply(stanza));
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	305 -- and push change to all resources
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	306 roster_manager.roster_push(from_node, from_host, item_jid);
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	307 else -- Adding to roster failed
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	308 roster[item_jid] = olditem;
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	309 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster"));
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	310 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	311 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	312 else -- Trying to add self to roster
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	313 session.send(st.error_reply(stanza, "cancel", "not-allowed"));
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	314 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	315 else -- Invalid JID added to roster
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	316 module:log("warn", "resource: %s , host: %s", tostring(resource), tostring(host))
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	317 session.send(st.error_reply(stanza, "modify", "bad-request")); -- FIXME what's the correct error?
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	318 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	319 else -- Roster set didn't include a single item, or its name wasn't 'item'
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	320 session.send(st.error_reply(stanza, "modify", "bad-request"));
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	321 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	322 end -- for loop end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	323 -- end of code adapted from mod_remote_roster
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	324 else -- The permission is not granted
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	325 module:log("warn", "Entity "..tostring(session.full_jid).." try to set roster without permission")
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	326 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	327 end
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	328
d1072db4db44 mod_privilege: implemented roster set privilege Goffi <goffi@goffi.org> parents: 1659 diff changeset	329 return true
1658 1146cb4493a9 mod_privilege: roster get permission implemented Goffi <goffi@goffi.org> parents: 1657 diff changeset	330 end);
1661 69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	331
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	332
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	333 --> message permission <--
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	334
3388 7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	335 local function clean_xmlns(node)
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	336 -- Recursively remove "jabber:client" attribute from node.
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	337 -- In Prosody internal routing, xmlns should not be set.
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	338 -- Keeping xmlns would lead to issues like mod_smacks ignoring the outgoing stanza,
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	339 -- so we remove all xmlns attributes with a value of "jabber:client"
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	340 if node.attr.xmlns == 'jabber:client' then
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	341 for childnode in node:childtags() do
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	342 clean_xmlns(childnode);
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	343 end
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	344 node.attr.xmlns = nil;
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	345 end
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	346 end
7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	347
1661 69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	348 module:hook("message/host", function(event)
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	349 local session, stanza = event.origin, event.stanza;
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	350 local privilege_elt = stanza:get_child('privilege', _PRIV_ENT_NS)
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	351 if privilege_elt==nil then return; end
1955 f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	352 local _, to_host = jid.split(stanza.attr.to)
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	353 local session_privileges = get_session_privileges(session, to_host)
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	354
f719d5e6c627 mod_privilege: fixed session.privilege overwritting when multiple hosts are activated + fixed roster permission check on presence permission. Goffi <goffi@goffi.org> parents: 1775 diff changeset	355 if session_privileges and session_privileges.message=="outgoing" then
1661 69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	356 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded"
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	357 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	358 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client')
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	359 if message_elt ~= nil then
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	360 local _, from_host, from_resource = jid.split(message_elt.attr.from)
1661 69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	361 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts
3388 7454274ead2f mod_privilege: fixed routing issue with message permission: Goffi <goffi@goffi.org> parents: 2068 diff changeset	362 clean_xmlns(message_elt); -- needed do to proper routing
1661 69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	363 -- at this point everything should be alright, we can send the message
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	364 prosody.core_route_stanza(nil, message_elt)
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	365 else -- trying to send a message from a forbidden entity
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	366 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from))
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	367 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	368 end
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	369 else -- incorrect message child
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	370 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid forwarded <message/> element"));
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	371 end
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	372 else -- incorrect forwarded child
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	373 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid <forwarded/> element"));
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	374 end;
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	375 else -- The permission is not granted
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	376 module:log("warn", "Entity "..tostring(session.full_jid).." try to send message without permission")
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	377 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	378 end
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	379
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	380 return true
69aa2b54ba8a mod_privilege: implemented message privilege Goffi <goffi@goffi.org> parents: 1660 diff changeset	381 end);
1664 6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	382
6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	383
6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	384 --> presence permission <--
6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	385
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	386 local function same_tags(tag1, tag2)
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	387 -- check if two tags are equivalent
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	388
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	389 if tag1.name ~= tag2.name then return false; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	390
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	391 if #tag1 ~= #tag2 then return false; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	392
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	393 for name, value in pairs(tag1.attr) do
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	394 if tag2.attr[name] ~= value then return false; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	395 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	396
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	397 for i=1,#tag1 do
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	398 if type(tag1[i]) == "string" then
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	399 if tag1[i] ~= tag2[i] then return false; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	400 else
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	401 if not same_tags(tag1[i], tag2[i]) then return false; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	402 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	403 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	404
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	405 return true
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	406 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	407
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	408 local function same_presences(presence1, presence2)
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	409 -- check that 2 <presence/> stanzas are equivalent (except for "to" attribute)
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	410 -- /!\ if the id change but everything else is equivalent, this method return false
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	411 -- this behaviour may change in the future
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	412 if presence1.attr.from ~= presence2.attr.from or presence1.attr.id ~= presence2.attr.id
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	413 or presence1.attr.type ~= presence2.attr.type then
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	414 return false
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	415 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	416
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	417 if presence1.attr.id and presence1.attr.id == presence2.attr.id then return true; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	418
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	419 if #presence1 ~= #presence2 then return false; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	420
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	421 for i=1,#presence1 do
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	422 if type(presence1[i]) == "string" then
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	423 if presence1[i] ~= presence2[i] then return false; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	424 else
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	425 if not same_tags(presence1[i], presence2[i]) then return false; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	426 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	427 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	428
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	429 return true
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	430 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	431
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	432 local function forward_presence(presence, to_jid)
64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	433 local presence_fwd = st.clone(presence)
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	434 presence_fwd.attr.to = to_jid
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	435 module:log("debug", "presence forwarded to "..to_jid..": "..tostring(presence_fwd))
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	436 module:send(presence_fwd)
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	437 -- cache used to avoid to send several times the same stanza
c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	438 priv_session.last_presence = presence
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	439 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	440
1664 6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	441 module:hook("presence/bare", function(event)
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	442 if presence_man_ent:empty() and presence_roster:empty() then return; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	443
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	444 local stanza = event.stanza
1664 6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	445 if stanza.attr.type == nil or stanza.attr.type == "unavailable" then
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	446 if not stanza.attr.to then
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	447 for entity in presence_man_ent:items() do
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	448 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	449 end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	450 else -- directed presence
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	451 -- we ignore directed presences from our own host, as we already have them
1707 64b3d1eb0cfe mod_privilege: fixed various issues reported by luacheck Goffi <goffi@goffi.org> parents: 1667 diff changeset	452 local _, from_host = jid.split(stanza.attr.from)
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	453 if hosts[from_host] then return; end
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	454
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	455 -- we don't send several time the same presence, as recommended in §7 #2
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	456 if priv_session.last_presence and same_presences(priv_session.last_presence, stanza) then
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	457 return
1667 c81a981479d4 mod_privilege: implemented probing of rosters items (for existing sessions only) on connection + use a globally shared table for priv_session (and fixed last_presence) Goffi <goffi@goffi.org> parents: 1666 diff changeset	458 end
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	459
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	460 for entity in presence_roster:items() do
0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	461 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end
1664 6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	462 end
6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	463 end
6bdcb1418029 mod_privilege: implemented "managed_entity" presence Goffi <goffi@goffi.org> parents: 1663 diff changeset	464 end
1666 0b1b4b7d5fe0 mod_privilege: implemented "roster" presence permission Goffi <goffi@goffi.org> parents: 1665 diff changeset	465 end, 150)

Mercurial > prosody-modules

annotate mod_privilege/mod_privilege.lua @ 4340:7cd3b7ec59e9