Mercurial > prosody-modules
annotate mod_seclabels/mod_seclabels.lua @ 1268:854a3933cfcd
mod_muc_log_http: URL-encode room names. This allows special characters in room names to work. Ideally this escaping shouldn’t be done in the user visible content, but the module’s template system doesn’t currently allow that.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Sat, 04 Jan 2014 16:50:57 -0500 |
| parents | 020b5944a973 |
| children | 2df312eb816d |
| rev | line source |
|---|---|
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
|
981
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
2 local xml = require "util.xml"; |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local xmlns_label = "urn:xmpp:sec-label:0"; |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
5 local xmlns_label_catalog = "urn:xmpp:sec-label:catalog:2"; |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
6 local xmlns_label_catalog_old = "urn:xmpp:sec-label:catalog:0"; -- COMPAT |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 module:add_feature(xmlns_label); |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
9 module:add_feature(xmlns_label_catalog); |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
10 module:add_feature(xmlns_label_catalog_old); |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
12 module:hook("account-disco-info", function(event) -- COMPAT |
|
266
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
13 local stanza = event.stanza; |
|
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
14 stanza:tag('feature', {var=xmlns_label}):up(); |
|
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
15 stanza:tag('feature', {var=xmlns_label_catalog}):up(); |
|
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
16 end); |
|
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
17 |
|
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
18 local default_labels = { |
|
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
19 { |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
20 name = "Unclassified", |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
21 label = true, |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
22 default = true, |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
23 }, |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 Classified = { |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 SECRET = { color = "black", bgcolor = "aqua", label = "THISISSECRET" }; |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 PUBLIC = { label = "THISISPUBLIC" }; |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 }; |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 }; |
|
937
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
29 local catalog_name = module:get_option_string("security_catalog_name", "Default"); |
|
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
30 local catalog_desc = module:get_option_string("security_catalog_desc", "My labels"); |
|
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
31 local labels = module:get_option("security_labels", default_labels); |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
33 function handle_catalog_request(request) |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local catalog_request = request.stanza.tags[1]; |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 local reply = st.reply(request.stanza) |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 :tag("catalog", { |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
37 xmlns = catalog_request.attr.xmlns, |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 to = catalog_request.attr.to, |
|
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
39 name = catalog_name, |
|
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
40 desc = catalog_desc |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 }); |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 local function add_labels(catalog, labels, selector) |
|
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
44 local function add_item(item, name) |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
45 local name = name or item.name; |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
46 if item.label then |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
47 if catalog_request.attr.xmlns == xmlns_label_catalog then |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
48 catalog:tag("item", { |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
49 selector = selector..name, |
|
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
50 default = item.default and "true" or nil, |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
51 }):tag("securitylabel", { xmlns = xmlns_label }) |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
52 else -- COMPAT |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
53 catalog:tag("securitylabel", { |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
54 xmlns = xmlns_label, |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
55 selector = selector..name, |
|
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
56 default = item.default and "true" or nil, |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
57 }) |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
58 end |
|
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
59 if item.display or item.color or item.bgcolor then |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
60 catalog:tag("displaymarking", { |
|
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
61 fgcolor = item.color, |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
62 bgcolor = item.bgcolor, |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
63 }):text(item.display or name):up(); |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
64 end |
|
981
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
65 if item.label == true then |
|
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
66 catalog:tag("label"):text(name):up(); |
|
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
67 elseif type(item.label) == "string" then |
|
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
68 -- TODO Do we need anything other than XML parsing? |
|
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
69 if item.label:sub(1,1) == "<" then |
|
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
70 catalog:tag("label"):add_child(xml.parse(item.label)):up(); |
|
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
71 else |
|
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
72 catalog:tag("label"):text(item.label):up(); |
|
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
73 end |
|
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
74 elseif type(item.label) == "table" then |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
75 catalog:tag("label"):add_child(item.label):up(); |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 end |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
77 catalog:up(); |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
78 if catalog_request.attr.xmlns == xmlns_label_catalog then |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
79 catalog:up(); |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
80 end |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 else |
|
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
82 add_labels(catalog, item, (selector or "")..name.."|"); |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
83 end |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
84 end |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
85 for i = 1,#labels do |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
86 add_item(labels[i]) |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
87 end |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
88 for name, child in pairs(labels) do |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
89 if type(name) == "string" then |
|
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
90 add_item(child, name) |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 end |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 end |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 end |
|
451
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
94 -- TODO query remote servers |
|
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
95 --[[ FIXME later |
|
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
96 labels = module:fire_event("sec-label-catalog", { |
|
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
97 to = catalog_request.attr.to, |
|
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
98 request = request; -- or just origin? |
|
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
99 labels = labels; |
|
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
100 }) or labels; |
|
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
101 --]] |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
102 add_labels(reply, labels, ""); |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 request.origin.send(reply); |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 return true; |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
105 end |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
106 module:hook("iq/host/"..xmlns_label_catalog..":catalog", handle_catalog_request); |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
107 module:hook("iq/self/"..xmlns_label_catalog..":catalog", handle_catalog_request); -- COMPAT |
|
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
108 module:hook("iq/self/"..xmlns_label_catalog_old..":catalog", handle_catalog_request); -- COMPAT |