Mercurial > prosody-modules
annotate mod_saslauth_muc/mod_saslauth_muc.lua @ 3503:882180b459a0
mod_pubsub_post: Restructure authentication and authorization (BC)
This deprecates the default "superuser" actor model and makes the
default equivalent to the previous "request.id".
A single actor and secret per node is supported because HTTP and
WebHooks don't normally include any authorization identity.
Allowing authentication bypass when no secret is given should be
relatively safe when the actor is unprivileged, as will be unless
explicitly configured otherwise.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 30 Mar 2019 21:16:13 +0100 |
parents | 926db29176f5 |
children |
rev | line source |
---|---|
284
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
1 -- |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
2 -- mod_saslauth_muc |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
3 -- This module implements http://xmpp.org/extensions/inbox/remote-auth.html for Prosody's MUC component |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
4 -- |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
5 -- In your config: |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
6 -- Component "conference.example.com" "muc" |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
7 -- modules_enabled = { "saslauth_muc" }; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
8 -- |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
9 -- |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
10 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
11 local timeout = 60; -- SASL timeout in seconds |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
12 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
13 -- various imports |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
14 local new_sasl = require "util.sasl".new; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
15 local st = require "util.stanza"; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
16 local timer = require "util.timer"; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
17 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
18 local jid_bare = require "util.jid".bare; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
19 local jid_prep = require "util.jid".prep; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
20 local base64 = require "util.encodings".base64; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
21 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
22 local hosts = hosts; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
23 local module = module; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
24 local pairs, next = pairs, next; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
25 local os_time = os.time; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
26 |
1426
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
27 local muc_password = module:require("muc/password"); |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
28 |
284
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
29 -- SASL sessions management |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
30 local _rooms = {}; -- SASL data |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
31 local function get_handler_for(room, jid) return _rooms[room] and _rooms[room][jid]; end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
32 local function remove_handler_for(room, jid) if _rooms[room] then _rooms[room][jid] = nil; end end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
33 local function create_handler_for(room_jid, jid) |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
34 _rooms[room_jid] = _rooms[room_jid] or {}; |
305
4c3abf1a9b5a
mod_auth_*, mod_saslauth_muc: Update SASL callbacks to take SASL handler as first argument.
Waqas Hussain <waqas20@gmail.com>
parents:
287
diff
changeset
|
35 _rooms[room_jid][jid] = new_sasl(module.host, { plain = function(sasl, username, realm) |
284
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
36 local muc = hosts[module.host].modules.muc; |
3072
926db29176f5
mod_saslauth_muc: Use correct API for getting rooms
Kim Alvefur <zash@zash.se>
parents:
1426
diff
changeset
|
37 local room = muc and muc.get_room_from_jid(room_jid); |
1426
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
38 local password = room and muc_password.get(room); |
404
eb8b005d2a3d
mod_saslauth_muc: Report proper SASL error on auth failure.
Waqas Hussain <waqas20@gmail.com>
parents:
305
diff
changeset
|
39 local ret = password and true or nil; |
eb8b005d2a3d
mod_saslauth_muc: Report proper SASL error on auth failure.
Waqas Hussain <waqas20@gmail.com>
parents:
305
diff
changeset
|
40 return password or "", ret; |
284
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
41 end }); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
42 _rooms[room_jid][jid].timeout = os_time() + timeout; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
43 return _rooms[room_jid][jid]; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
44 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
45 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
46 -- Timer to clear SASL sessions |
287
6144fe6161f1
mod_saslauth_muc: Improved timer handling.
Waqas Hussain <waqas20@gmail.com>
parents:
284
diff
changeset
|
47 timer.add_task(timeout, function(now) |
284
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
48 for room, handlers in pairs(_rooms) do |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
49 for jid, handler in pairs(handlers) do |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
50 if handler.timeout <= now then handlers[jid] = nil; end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
51 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
52 if next(handlers) == nil then _rooms[room] = nil; end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
53 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
54 return timeout; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
55 end); |
287
6144fe6161f1
mod_saslauth_muc: Improved timer handling.
Waqas Hussain <waqas20@gmail.com>
parents:
284
diff
changeset
|
56 function module.unload() |
6144fe6161f1
mod_saslauth_muc: Improved timer handling.
Waqas Hussain <waqas20@gmail.com>
parents:
284
diff
changeset
|
57 timeout = nil; -- stop timer on unload |
6144fe6161f1
mod_saslauth_muc: Improved timer handling.
Waqas Hussain <waqas20@gmail.com>
parents:
284
diff
changeset
|
58 end |
284
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
59 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
60 -- Stanza handlers |
1426
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
61 -- Don't allow anyone to join room unless they provide the password |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
62 module:hook("muc-occupant-pre-join", function(event) |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
63 local room, stanza = event.room, event.stanza; |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
64 local room_password = muc_password.get(room); |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
65 if room_password then -- room has a password |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
66 local x = stanza:get_child("x", "http://jabber.org/protocol/muc"); |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
67 local password = x and x:get_child_text("password", "http://jabber.org/protocol/muc"); |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
68 if not password then -- no password sent |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
69 local sasl_handler = get_handler_for(jid_bare(stanza.attr.to), stanza.attr.from); |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
70 if x and sasl_handler and sasl_handler.authorized then -- if already passed SASL |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
71 x:reset():tag("password", { xmlns = "http://jabber.org/protocol/muc" }):text(room_password); |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
72 else |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
73 event.origin.send(st.error_reply(stanza, "auth", "not-authorized") |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
74 :tag("sasl-required", { xmlns = "urn:xmpp:errors" })); |
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
75 return true; |
284
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
76 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
77 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
78 end |
1426
249c5447fed1
mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents:
1343
diff
changeset
|
79 end, -18); |
284
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
80 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
81 module:hook("iq-get/bare/urn:ietf:params:xml:ns:xmpp-sasl:mechanisms", function(event) |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
82 local origin, stanza = event.origin, event.stanza; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
83 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
84 local reply = st.reply(stanza):tag("mechanisms", { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
85 for mechanism in pairs(create_handler_for(stanza.attr.to, true):mechanisms()) do |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
86 reply:tag("mechanism"):text(mechanism):up(); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
87 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
88 origin.send(reply:up()); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
89 return true; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
90 end); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
91 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
92 local function build_reply(stanza, status, ret, err_msg) |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
93 local reply = st.stanza(status, {xmlns = "urn:ietf:params:xml:ns:xmpp-sasl"}); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
94 if status == "challenge" then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
95 reply:text(base64.encode(ret or "")); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
96 elseif status == "failure" then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
97 reply:tag(ret):up(); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
98 if err_msg then reply:tag("text"):text(err_msg); end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
99 elseif status == "success" then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
100 reply:text(base64.encode(ret or "")); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
101 else |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
102 module:log("error", "Unknown sasl status: %s", status); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
103 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
104 return st.reply(stanza):add_child(reply); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
105 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
106 local function handle_status(stanza, status) |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
107 if status == "failure" then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
108 remove_handler_for(stanza.attr.to, stanza.attr.from); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
109 elseif status == "success" then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
110 get_handler_for(stanza.attr.to, stanza.attr.from).authorized = true; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
111 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
112 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
113 local function sasl_process_cdata(session, stanza) |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
114 local text = stanza.tags[1][1]; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
115 if text then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
116 text = base64.decode(text); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
117 if not text then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
118 remove_handler_for(stanza.attr.to, stanza.attr.from); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
119 session.send(build_reply(stanza, "failure", "incorrect-encoding")); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
120 return true; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
121 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
122 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
123 local status, ret, err_msg = get_handler_for(stanza.attr.to, stanza.attr.from):process(text); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
124 handle_status(stanza, status); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
125 local s = build_reply(stanza, status, ret, err_msg); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
126 session.send(s); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
127 return true; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
128 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
129 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
130 module:hook("iq-set/bare/urn:ietf:params:xml:ns:xmpp-sasl:auth", function(event) |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
131 local session, stanza = event.origin, event.stanza; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
132 |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
133 if not create_handler_for(stanza.attr.to, stanza.attr.from):select(stanza.tags[1].attr.mechanism) then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
134 remove_handler_for(stanza.attr.to, stanza.attr.from); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
135 session.send(build_reply(stanza, "failure", "invalid-mechanism")); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
136 return true; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
137 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
138 return sasl_process_cdata(session, stanza); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
139 end); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
140 module:hook("iq-set/bare/urn:ietf:params:xml:ns:xmpp-sasl:response", function(event) |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
141 local session, stanza = event.origin, event.stanza; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
142 if not get_handler_for(stanza.attr.to, stanza.attr.from) then |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
143 session.send(build_reply(stanza, "failure", "not-authorized", "Out of order SASL element")); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
144 return true; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
145 end |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
146 return sasl_process_cdata(session, event.stanza); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
147 end); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
148 module:hook("iq-set/bare/urn:ietf:params:xml:ns:xmpp-sasl:abort", function(event) |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
149 local session, stanza = event.origin, event.stanza; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
150 remove_handler_for(stanza.attr.to, stanza.attr.from); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
151 session.send(build_reply(stanza, "failure", "aborted")); |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
152 return true; |
3b96bba9f7e5
mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff
changeset
|
153 end); |