annotate mod_saslauth_muc/mod_saslauth_muc.lua @ 3503:882180b459a0

mod_pubsub_post: Restructure authentication and authorization (BC) This deprecates the default "superuser" actor model and makes the default equivalent to the previous "request.id". A single actor and secret per node is supported because HTTP and WebHooks don't normally include any authorization identity. Allowing authentication bypass when no secret is given should be relatively safe when the actor is unprivileged, as will be unless explicitly configured otherwise.
author Kim Alvefur <zash@zash.se>
date Sat, 30 Mar 2019 21:16:13 +0100
parents 926db29176f5
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
284
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 --
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 -- mod_saslauth_muc
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3 -- This module implements http://xmpp.org/extensions/inbox/remote-auth.html for Prosody's MUC component
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 --
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5 -- In your config:
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 -- Component "conference.example.com" "muc"
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 -- modules_enabled = { "saslauth_muc" };
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
8 --
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9 --
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
10
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11 local timeout = 60; -- SASL timeout in seconds
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13 -- various imports
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14 local new_sasl = require "util.sasl".new;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 local st = require "util.stanza";
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16 local timer = require "util.timer";
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
18 local jid_bare = require "util.jid".bare;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19 local jid_prep = require "util.jid".prep;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 local base64 = require "util.encodings".base64;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 local hosts = hosts;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 local module = module;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 local pairs, next = pairs, next;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 local os_time = os.time;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26
1426
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
27 local muc_password = module:require("muc/password");
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
28
284
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 -- SASL sessions management
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30 local _rooms = {}; -- SASL data
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31 local function get_handler_for(room, jid) return _rooms[room] and _rooms[room][jid]; end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32 local function remove_handler_for(room, jid) if _rooms[room] then _rooms[room][jid] = nil; end end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
33 local function create_handler_for(room_jid, jid)
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
34 _rooms[room_jid] = _rooms[room_jid] or {};
305
4c3abf1a9b5a mod_auth_*, mod_saslauth_muc: Update SASL callbacks to take SASL handler as first argument.
Waqas Hussain <waqas20@gmail.com>
parents: 287
diff changeset
35 _rooms[room_jid][jid] = new_sasl(module.host, { plain = function(sasl, username, realm)
284
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
36 local muc = hosts[module.host].modules.muc;
3072
926db29176f5 mod_saslauth_muc: Use correct API for getting rooms
Kim Alvefur <zash@zash.se>
parents: 1426
diff changeset
37 local room = muc and muc.get_room_from_jid(room_jid);
1426
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
38 local password = room and muc_password.get(room);
404
eb8b005d2a3d mod_saslauth_muc: Report proper SASL error on auth failure.
Waqas Hussain <waqas20@gmail.com>
parents: 305
diff changeset
39 local ret = password and true or nil;
eb8b005d2a3d mod_saslauth_muc: Report proper SASL error on auth failure.
Waqas Hussain <waqas20@gmail.com>
parents: 305
diff changeset
40 return password or "", ret;
284
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
41 end });
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
42 _rooms[room_jid][jid].timeout = os_time() + timeout;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
43 return _rooms[room_jid][jid];
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
44 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
45
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46 -- Timer to clear SASL sessions
287
6144fe6161f1 mod_saslauth_muc: Improved timer handling.
Waqas Hussain <waqas20@gmail.com>
parents: 284
diff changeset
47 timer.add_task(timeout, function(now)
284
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
48 for room, handlers in pairs(_rooms) do
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
49 for jid, handler in pairs(handlers) do
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50 if handler.timeout <= now then handlers[jid] = nil; end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
51 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
52 if next(handlers) == nil then _rooms[room] = nil; end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
53 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
54 return timeout;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
55 end);
287
6144fe6161f1 mod_saslauth_muc: Improved timer handling.
Waqas Hussain <waqas20@gmail.com>
parents: 284
diff changeset
56 function module.unload()
6144fe6161f1 mod_saslauth_muc: Improved timer handling.
Waqas Hussain <waqas20@gmail.com>
parents: 284
diff changeset
57 timeout = nil; -- stop timer on unload
6144fe6161f1 mod_saslauth_muc: Improved timer handling.
Waqas Hussain <waqas20@gmail.com>
parents: 284
diff changeset
58 end
284
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
59
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
60 -- Stanza handlers
1426
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
61 -- Don't allow anyone to join room unless they provide the password
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
62 module:hook("muc-occupant-pre-join", function(event)
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
63 local room, stanza = event.room, event.stanza;
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
64 local room_password = muc_password.get(room);
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
65 if room_password then -- room has a password
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
66 local x = stanza:get_child("x", "http://jabber.org/protocol/muc");
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
67 local password = x and x:get_child_text("password", "http://jabber.org/protocol/muc");
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
68 if not password then -- no password sent
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
69 local sasl_handler = get_handler_for(jid_bare(stanza.attr.to), stanza.attr.from);
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
70 if x and sasl_handler and sasl_handler.authorized then -- if already passed SASL
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
71 x:reset():tag("password", { xmlns = "http://jabber.org/protocol/muc" }):text(room_password);
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
72 else
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
73 event.origin.send(st.error_reply(stanza, "auth", "not-authorized")
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
74 :tag("sasl-required", { xmlns = "urn:xmpp:errors" }));
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
75 return true;
284
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
76 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
77 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
78 end
1426
249c5447fed1 mod_saslauth_muc: Update to use new MUC API.
Waqas Hussain <waqas20@gmail.com>
parents: 1343
diff changeset
79 end, -18);
284
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
80
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
81 module:hook("iq-get/bare/urn:ietf:params:xml:ns:xmpp-sasl:mechanisms", function(event)
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
82 local origin, stanza = event.origin, event.stanza;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
83
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
84 local reply = st.reply(stanza):tag("mechanisms", { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' });
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
85 for mechanism in pairs(create_handler_for(stanza.attr.to, true):mechanisms()) do
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
86 reply:tag("mechanism"):text(mechanism):up();
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
87 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
88 origin.send(reply:up());
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
89 return true;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
90 end);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
91
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
92 local function build_reply(stanza, status, ret, err_msg)
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
93 local reply = st.stanza(status, {xmlns = "urn:ietf:params:xml:ns:xmpp-sasl"});
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
94 if status == "challenge" then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
95 reply:text(base64.encode(ret or ""));
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
96 elseif status == "failure" then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
97 reply:tag(ret):up();
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
98 if err_msg then reply:tag("text"):text(err_msg); end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
99 elseif status == "success" then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
100 reply:text(base64.encode(ret or ""));
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
101 else
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
102 module:log("error", "Unknown sasl status: %s", status);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
103 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
104 return st.reply(stanza):add_child(reply);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
105 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
106 local function handle_status(stanza, status)
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
107 if status == "failure" then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
108 remove_handler_for(stanza.attr.to, stanza.attr.from);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
109 elseif status == "success" then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
110 get_handler_for(stanza.attr.to, stanza.attr.from).authorized = true;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
111 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
112 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
113 local function sasl_process_cdata(session, stanza)
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
114 local text = stanza.tags[1][1];
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
115 if text then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
116 text = base64.decode(text);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
117 if not text then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
118 remove_handler_for(stanza.attr.to, stanza.attr.from);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
119 session.send(build_reply(stanza, "failure", "incorrect-encoding"));
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
120 return true;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
121 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
122 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
123 local status, ret, err_msg = get_handler_for(stanza.attr.to, stanza.attr.from):process(text);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
124 handle_status(stanza, status);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
125 local s = build_reply(stanza, status, ret, err_msg);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
126 session.send(s);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
127 return true;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
128 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
129
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
130 module:hook("iq-set/bare/urn:ietf:params:xml:ns:xmpp-sasl:auth", function(event)
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
131 local session, stanza = event.origin, event.stanza;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
132
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
133 if not create_handler_for(stanza.attr.to, stanza.attr.from):select(stanza.tags[1].attr.mechanism) then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
134 remove_handler_for(stanza.attr.to, stanza.attr.from);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
135 session.send(build_reply(stanza, "failure", "invalid-mechanism"));
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
136 return true;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
137 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
138 return sasl_process_cdata(session, stanza);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
139 end);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
140 module:hook("iq-set/bare/urn:ietf:params:xml:ns:xmpp-sasl:response", function(event)
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
141 local session, stanza = event.origin, event.stanza;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
142 if not get_handler_for(stanza.attr.to, stanza.attr.from) then
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
143 session.send(build_reply(stanza, "failure", "not-authorized", "Out of order SASL element"));
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
144 return true;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
145 end
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
146 return sasl_process_cdata(session, event.stanza);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
147 end);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
148 module:hook("iq-set/bare/urn:ietf:params:xml:ns:xmpp-sasl:abort", function(event)
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
149 local session, stanza = event.origin, event.stanza;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
150 remove_handler_for(stanza.attr.to, stanza.attr.from);
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
151 session.send(build_reply(stanza, "failure", "aborted"));
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
152 return true;
3b96bba9f7e5 mod_saslauth_muc: Initial commit. Implements SASL auth for MUC rooms <http://xmpp.org/extensions/inbox/remote-auth.html>.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
153 end);