prosody-modules: mod_sasl2_sm/mod_sasl2

annotate mod_sasl2_sm/mod_sasl2_sm.lua @ 5406:b86d80e21c60

mod_http_oauth2: Validate consistency of response and grant types Ensure that these correlated fields make sense per RFC 7591 § 2.1, even though we currently only check the response type during authorization. This could probably all be deleted if (when!) we remove the implicit grant, since then these things don't make any sense anymore.

author	Kim Alvefur <zash@zash.se>
date	Tue, 02 May 2023 16:34:31 +0200
parents	c92c87daa09e
children	92ce3859df63

rev	line source
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 local st = require "util.stanza";
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	2
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 local mod_smacks = module:depends("smacks");
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	4
5039 c0d243b27e64 mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace Matthew Wild <mwild1@gmail.com> parents: 5037 diff changeset	5 local xmlns_sasl2 = "urn:xmpp:sasl:2";
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 local xmlns_sm = "urn:xmpp:sm:3";
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	7
5094 c92c87daa09e mod_sasl2_sm: Add explicit dependency on mod_sasl2 Kim Alvefur <zash@zash.se> parents: 5060 diff changeset	8 module:depends("sasl2");
c92c87daa09e mod_sasl2_sm: Add explicit dependency on mod_sasl2 Kim Alvefur <zash@zash.se> parents: 5060 diff changeset	9
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	10 -- Advertise what we can do
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	11
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	12 module:hook("advertise-sasl-features", function (event)
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	13 local features = event.features;
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	14 features:tag("sm", { xmlns = xmlns_sm }):up();
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	15 end);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	16
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	17 module:hook("advertise-bind-features", function (event)
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	18 local features = event.features;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	19 features:tag("feature", { var = xmlns_sm }):up();
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	20 end);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	21
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	22 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth)
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	23 -- Cache action for future processing (after auth success)
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	24 session.sasl2_sm_request = auth:child_with_ns(xmlns_sm);
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	25 end, 100);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	26
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	27 -- SASL 2 integration (for resume)
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	28
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	29 module:hook("sasl2/c2s/success", function (event)
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	30 local session = event.session;
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	31 local sm_request = session.sasl2_sm_request;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	32 if not sm_request then return; end
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	33 session.sasl2_sm_request = nil;
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	34 local sm_result;
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	35 if sm_request.name ~= "resume" then return; end
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	36
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	37 local resumed, err = mod_smacks.do_resume(session, sm_request);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	38 if not resumed then
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	39 local h = err.context and err.context.h;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	40 sm_result = st.stanza("failed", { xmlns = xmlns_sm, h = h and ("%d"):format(h) or nil })
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	41 :add_error(err);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	42 else
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	43 event.session = resumed.session; -- Update to resumed session
5037 8a8100fff580 mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session Matthew Wild <mwild1@gmail.com> parents: 5035 diff changeset	44 event.session.sasl2_sm_success = resumed; -- To be called after sending final SASL response
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	45 sm_result = st.stanza("resumed", { xmlns = xmlns_sm,
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	46 h = ("%d"):format(event.session.handled_stanza_count);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	47 previd = resumed.id; });
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	48 end
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	49
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	50 if sm_result then
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	51 event.success:add_child(sm_result);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	52 end
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	53 end, 110);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	54
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	55 -- Bind 2 integration (for enable)
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	56
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	57 module:hook("advertise-bind-features", function (event)
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	58 event.features:tag("feature", { var = xmlns_sm }):up();
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	59 end);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	60
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	61 module:hook("enable-bind-features", function (event)
5060 bc491065c221 mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element Matthew Wild <mwild1@gmail.com> parents: 5039 diff changeset	62 local sm_enable = event.request:get_child("enable", xmlns_sm);
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	63 if not sm_enable then return; end
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	64
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	65 local sm_result;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	66 local enabled, err = mod_smacks.do_enable(event.session, sm_enable);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	67 if not enabled then
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	68 sm_result = st.stanza("failed", { xmlns = xmlns_sm })
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	69 :add_error(err);
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	70 else
5037 8a8100fff580 mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session Matthew Wild <mwild1@gmail.com> parents: 5035 diff changeset	71 event.session.sasl2_sm_success = enabled; -- To be called after sending final SASL response
5034 f7eaf73b8f30 mod_sasl2_sm: Fix typo Matthew Wild <mwild1@gmail.com> parents: 5030 diff changeset	72 sm_result = st.stanza("enabled", {
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	73 xmlns = xmlns_sm;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	74 id = enabled.id;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	75 resume = enabled.id and "1" or nil;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	76 max = enabled.resume_max;
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	77 });
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	78 end
5035 baebe7452903 mod_sasl2_sm: Fix event field name Matthew Wild <mwild1@gmail.com> parents: 5034 diff changeset	79 event.result:add_child(sm_result);
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	80 end, 100);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	81
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	82 -- Finish and/or clean up after SASL 2 completed
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	83
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	84 module:hook("sasl2/c2s/success", function (event)
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	85 -- The authenticate response has already been sent at this point
5037 8a8100fff580 mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session Matthew Wild <mwild1@gmail.com> parents: 5035 diff changeset	86 local success = event.session.sasl2_sm_success;
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	87 if success then
3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	88 success.finish(); -- Finish enable/resume and sync stanzas
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	89 end
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	90 end, -1100);
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	91
e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	92 module:hook("sasl2/c2s/failure", function (event)
5030 3e79876d135b mod_sasl2_sm: Integration with mod_sasl2_bind2 Matthew Wild <mwild1@gmail.com> parents: 5027 diff changeset	93 event.session.sasl2_sm_request = nil;
5026 e3248d025d34 mod_sasl2_sm: Experimental mod_isr alternative Matthew Wild <mwild1@gmail.com> parents: diff changeset	94 end);

Mercurial > prosody-modules

annotate mod_sasl2_sm/mod_sasl2_sm.lua @ 5406:b86d80e21c60