comparison mod_privilege/mod_privilege.lua @ 4913:3ddab718f717

mod_privilege: update to v0.4: - now the namespace "urn:xmpp:privilege:2" is exclusively used - IQ permission implementation - README update roster pushes are not implemented yet
author Goffi <goffi@goffi.org>
date Wed, 11 May 2022 12:43:26 +0200
parents 7454274ead2f
children cce12a660b98
comparison
equal deleted inserted replaced
4912:b45c23ce24ba 4913:3ddab718f717
1 -- XEP-0356 (Privileged Entity) 1 -- XEP-0356 (Privileged Entity)
2 -- Copyright (C) 2015-2016 Jérôme Poisson 2 -- Copyright (C) 2015-2022 Jérôme Poisson
3 -- 3 --
4 -- This module is MIT/X11 licensed. Please see the 4 -- This module is MIT/X11 licensed. Please see the
5 -- COPYING file in the source package for more information. 5 -- COPYING file in the source package for more information.
6 -- 6 --
7 -- Some parts come from mod_remote_roster (module by Waqas Hussain and Kim Alvefur, see https://code.google.com/p/prosody-modules/) 7 -- Some parts come from mod_remote_roster (module by Waqas Hussain and Kim Alvefur, see https://code.google.com/p/prosody-modules/)
10 10
11 local jid = require("util.jid") 11 local jid = require("util.jid")
12 local set = require("util.set") 12 local set = require("util.set")
13 local st = require("util.stanza") 13 local st = require("util.stanza")
14 local roster_manager = require("core.rostermanager") 14 local roster_manager = require("core.rostermanager")
15 local usermanager_user_exists = require "core.usermanager".user_exists; 15 local usermanager_user_exists = require "core.usermanager".user_exists
16 local hosts = prosody.hosts 16 local hosts = prosody.hosts
17 local full_sessions = prosody.full_sessions; 17 local full_sessions = prosody.full_sessions
18 18
19 local priv_session = module:shared("/*/privilege/session") 19 local priv_session = module:shared("/*/privilege/session")
20 20
21 if priv_session.connected_cb == nil then 21 if priv_session.connected_cb == nil then
22 -- set used to have connected event listeners 22 -- set used to have connected event listeners
23 -- which allows a host to react on events from 23 -- which allows a host to react on events from
24 -- other hosts 24 -- other hosts
25 priv_session.connected_cb = set.new() 25 priv_session.connected_cb = set.new()
26 end 26 end
27 local connected_cb = priv_session.connected_cb 27 local connected_cb = priv_session.connected_cb
28 28
29 -- the folowing sets are used to forward presence stanza 29 -- the folowing sets are used to forward presence stanza
30 -- the folowing sets are used to forward presence stanza 30 -- the folowing sets are used to forward presence stanza
36 local _ROSTER_SET_PERM = set.new({'set', 'both'}) 36 local _ROSTER_SET_PERM = set.new({'set', 'both'})
37 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) 37 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'})
38 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'}) 38 local _ALLOWED_PRESENCE = set.new({'none', 'managed_entity', 'roster'})
39 local _PRESENCE_MANAGED = set.new({'managed_entity', 'roster'}) 39 local _PRESENCE_MANAGED = set.new({'managed_entity', 'roster'})
40 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE} 40 local _TO_CHECK = {roster=_ALLOWED_ROSTER, message=_ALLOWED_MESSAGE, presence=_ALLOWED_PRESENCE}
41 local _PRIV_ENT_NS = 'urn:xmpp:privilege:1' 41 local _PRIV_ENT_NS = 'urn:xmpp:privilege:2'
42 local _FORWARDED_NS = 'urn:xmpp:forward:0' 42 local _FORWARDED_NS = 'urn:xmpp:forward:0'
43 local _MODULE_HOST = module:get_host() 43 local _MODULE_HOST = module:get_host()
44 44
45 45
46 module:log("debug", "Loading privileged entity module "); 46 module:log("debug", "Loading privileged entity module ")
47 47
48 48
49 --> Permissions management <-- 49 --> Permissions management <--
50 50
51 local privileges = module:get_option("privileged_entities", {}) 51 local config_priv = module:get_option("privileged_entities", {})
52 52
53 local function get_session_privileges(session, host) 53 local function get_session_privileges(session, host)
54 if not session.privileges then return nil end 54 if not session.privileges then return nil end
55 return session.privileges[host] 55 return session.privileges[host]
56 end 56 end
57 57
58 58
59 local function advertise_perm(session, to_jid, perms) 59 local function advertise_perm(session, to_jid, perms)
60 -- send <message/> stanza to advertise permissions 60 -- send <message/> stanza to advertise permissions
61 -- as expained in § 4.2 61 -- as expained in § 4.2
62 local message = st.message({from=module.host, to=to_jid}) 62 local message = st.message({from=module.host, to=to_jid})
63 :tag("privilege", {xmlns=_PRIV_ENT_NS}) 63 :tag("privilege", {xmlns=_PRIV_ENT_NS})
64 64
65 for _, perm in pairs({'roster', 'message', 'presence'}) do 65 for _, perm in pairs({'roster', 'message', 'presence'}) do
66 if perms[perm] then 66 if perms[perm] then
67 message:tag("perm", {access=perm, type=perms[perm]}):up() 67 message:tag("perm", {access=perm, type=perms[perm]}):up()
68 end 68 end
69 end 69 end
70 session.send(message) 70 local iq_perm = perms["iq"]
71 if iq_perm ~= nil then
72 message:tag("perm", {access="iq"})
73 for namespace, ns_perm in pairs(iq_perm) do
74 local perm_type
75 if ns_perm.set and ns_perm.get then
76 perm_type = "both"
77 elseif ns_perm.set then
78 perm_type = "set"
79 elseif ns_perm.get then
80 perm_type = "get"
81 else
82 perm_type = nil
83 end
84 message:tag("namespace", {ns=namespace, type=perm_type})
85 end
86 end
87 session.send(message)
71 end 88 end
72 89
73 local function set_presence_perm_set(to_jid, perms) 90 local function set_presence_perm_set(to_jid, perms)
74 -- fill the presence sets according to perms 91 -- fill the presence sets according to perms
75 if _PRESENCE_MANAGED:contains(perms.presence) then 92 if _PRESENCE_MANAGED:contains(perms.presence) then
76 presence_man_ent:add(to_jid) 93 presence_man_ent:add(to_jid)
77 end 94 end
78 if perms.presence == 'roster' then 95 if perms.presence == 'roster' then
79 presence_roster:add(to_jid) 96 presence_roster:add(to_jid)
80 end 97 end
81 end 98 end
82 99
83 local function advertise_presences(session, to_jid, perms) 100 local function advertise_presences(session, to_jid, perms)
84 -- send presence status for already conencted entities 101 -- send presence status for already connected entities
85 -- as explained in § 7.1 102 -- as explained in § 7.1
86 -- people in roster are probed only for active sessions 103 -- people in roster are probed only for active sessions
87 -- TODO: manage roster load for inactive sessions 104 -- TODO: manage roster load for inactive sessions
88 if not perms.presence then return; end 105 if not perms.presence then return; end
89 local to_probe = {} 106 local to_probe = {}
90 for _, user_session in pairs(full_sessions) do 107 for _, user_session in pairs(full_sessions) do
91 if user_session.presence and _PRESENCE_MANAGED:contains(perms.presence) then 108 if user_session.presence and _PRESENCE_MANAGED:contains(perms.presence) then
92 local presence = st.clone(user_session.presence) 109 local presence = st.clone(user_session.presence)
93 presence.attr.to = to_jid 110 presence.attr.to = to_jid
94 module:log("debug", "sending current presence for "..tostring(user_session.full_jid)) 111 module:log("debug", "sending current presence for "..tostring(user_session.full_jid))
95 session.send(presence) 112 session.send(presence)
96 end 113 end
97 if perms.presence == "roster" then 114 if perms.presence == "roster" then
98 -- we reset the cache to avoid to miss a presence that just changed 115 -- we reset the cache to avoid to miss a presence that just changed
99 priv_session.last_presence = nil 116 priv_session.last_presence = nil
100 117
101 if user_session.roster then 118 if user_session.roster then
102 local bare_jid = jid.bare(user_session.full_jid) 119 local bare_jid = jid.bare(user_session.full_jid)
103 for entity, item in pairs(user_session.roster) do 120 for entity, item in pairs(user_session.roster) do
104 if entity~=false and entity~="pending" and (item.subscription=="both" or item.subscription=="to") then 121 if entity~=false and entity~="pending" and (item.subscription=="both" or item.subscription=="to") then
105 local _, host = jid.split(entity) 122 local _, host = jid.split(entity)
106 if not hosts[host] then -- we don't probe jid from hosts we manage 123 if not hosts[host] then -- we don't probe jid from hosts we manage
107 -- using a table with entity as key avoid probing several time the same one 124 -- using a table with entity as key avoid probing several time the same one
108 to_probe[entity] = bare_jid 125 to_probe[entity] = bare_jid
109 end 126 end
110 end 127 end
111 end 128 end
112 end 129 end
113 end 130 end
114 end 131 end
115 132
116 -- now we probe peoples for "roster" presence permission 133 -- now we probe peoples for "roster" presence permission
117 for probe_to, probe_from in pairs(to_probe) do 134 for probe_to, probe_from in pairs(to_probe) do
118 module:log("debug", "probing presence for %s (on behalf of %s)", tostring(probe_to), tostring(probe_from)) 135 module:log("debug", "probing presence for %s (on behalf of %s)", tostring(probe_to), tostring(probe_from))
119 local probe = st.presence({from=probe_from, to=probe_to, type="probe"}) 136 local probe = st.presence({from=probe_from, to=probe_to, type="probe"})
120 prosody.core_route_stanza(nil, probe) 137 prosody.core_route_stanza(nil, probe)
121 end 138 end
122 end 139 end
140
123 141
124 local function on_auth(event) 142 local function on_auth(event)
125 -- Check if entity is privileged according to configuration, 143 -- Check if entity is privileged according to configuration,
126 -- and set session.privileges accordingly 144 -- and set session.privileges accordingly
127 145
128 local session = event.session 146 local session = event.session
129 local bare_jid = jid.join(session.username, session.host) 147 local bare_jid = jid.join(session.username, session.host)
130 if not session.privileges then 148 if not session.privileges then
131 session.privileges = {} 149 session.privileges = {}
132 end 150 end
133 151
134 local ent_priv = privileges[bare_jid] 152 local conf_ent_priv = config_priv[bare_jid]
135 if ent_priv ~= nil then 153 local ent_priv = {}
136 module:log("debug", "Entity is privileged") 154 if conf_ent_priv ~= nil then
137 for perm_type, allowed_values in pairs(_TO_CHECK) do 155 module:log("debug", "Entity is privileged")
138 local value = ent_priv[perm_type] 156 for perm_type, allowed_values in pairs(_TO_CHECK) do
139 if value ~= nil then 157 local value = conf_ent_priv[perm_type]
140 if not allowed_values:contains(value) then 158 if value ~= nil then
141 module:log('warn', 'Invalid value for '..perm_type..' privilege: ['..value..']') 159 if not allowed_values:contains(value) then
142 module:log('warn', 'Setting '..perm_type..' privilege to none') 160 module:log('warn', 'Invalid value for '..perm_type..' privilege: ['..value..']')
143 ent_priv[perm_type] = nil 161 module:log('warn', 'Setting '..perm_type..' privilege to none')
144 end 162 ent_priv[perm_type] = nil
145 if value == 'none' then 163 elseif value == 'none' then
146 ent_priv[perm_type] = nil 164 ent_priv[perm_type] = nil
147 end 165 else
148 end 166 ent_priv[perm_type] = value
149 end 167 end
150 -- extra checks for presence permission 168 else
151 if ent_priv.presence == 'roster' and not _ROSTER_GET_PERM:contains(ent_priv.roster) then 169 ent_priv[perm_type] = nil
152 module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege") 170 end
153 module:log("warn", "Setting presence permission to none") 171 end
154 ent_priv.presence = nil 172 -- extra checks for presence permission
155 end 173 if ent_priv.presence == 'roster' and not _ROSTER_GET_PERM:contains(ent_priv.roster) then
156 174 module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege")
157 if session.type == "component" then 175 module:log("warn", "Setting presence permission to none")
158 -- we send the message stanza only for component 176 ent_priv.presence = nil
159 -- it will be sent at first <presence/> for other entities 177 end
160 advertise_perm(session, bare_jid, ent_priv) 178 -- iq permission
161 set_presence_perm_set(bare_jid, ent_priv) 179 local iq_perm_config = conf_ent_priv["iq"]
162 advertise_presences(session, bare_jid, ent_priv) 180 if iq_perm_config ~= nil then
163 end 181 local iq_perm = {}
164 end 182 ent_priv["iq"] = iq_perm
165 183 for ns, ns_perm_config in pairs(iq_perm_config) do
166 session.privileges[_MODULE_HOST] = ent_priv 184 iq_perm[ns] = {
185 ["get"] = ns_perm_config == "get" or ns_perm_config == "both",
186 ["set"] = ns_perm_config == "set" or ns_perm_config == "both"
187 }
188 end
189 else
190 ent_priv["iq"] = nil
191 end
192
193 if session.type == "component" then
194 -- we send the message stanza only for component
195 -- it will be sent at first <presence/> for other entities
196 advertise_perm(session, bare_jid, ent_priv)
197 set_presence_perm_set(bare_jid, ent_priv)
198 advertise_presences(session, bare_jid, ent_priv)
199 end
200 end
201
202 session.privileges[_MODULE_HOST] = ent_priv
167 end 203 end
168 204
169 local function on_presence(event) 205 local function on_presence(event)
170 -- Permission are already checked at this point, 206 -- Permission are already checked at this point,
171 -- we only advertise them to the entity 207 -- we only advertise them to the entity
172 local session = event.origin 208 local session = event.origin
173 local session_privileges = get_session_privileges(session, _MODULE_HOST) 209 local session_privileges = get_session_privileges(session, _MODULE_HOST)
174 if session_privileges then 210 if session_privileges then
175 advertise_perm(session, session.full_jid, session_privileges) 211 advertise_perm(session, session.full_jid, session_privileges)
176 set_presence_perm_set(session.full_jid, session_privileges) 212 set_presence_perm_set(session.full_jid, session_privileges)
177 advertise_presences(session, session.full_jid, session_privileges) 213 advertise_presences(session, session.full_jid, session_privileges)
178 end 214 end
179 end 215 end
180 216
181 local function on_component_auth(event) 217 local function on_component_auth(event)
182 -- react to component-authenticated event from this host 218 -- react to component-authenticated event from this host
183 -- and call the on_auth methods from all other hosts 219 -- and call the on_auth methods from all other hosts
184 -- needed for the component to get delegations advertising 220 -- needed for the component to get delegations advertising
185 for callback in connected_cb:items() do 221 for callback in connected_cb:items() do
186 callback(event) 222 callback(event)
187 end 223 end
188 end 224 end
189 225
190 if module:get_host_type() ~= "component" then 226 if module:get_host_type() ~= "component" then
191 connected_cb:add(on_auth) 227 connected_cb:add(on_auth)
192 end 228 end
197 233
198 --> roster permission <-- 234 --> roster permission <--
199 235
200 -- get 236 -- get
201 module:hook("iq-get/bare/jabber:iq:roster:query", function(event) 237 module:hook("iq-get/bare/jabber:iq:roster:query", function(event)
202 local session, stanza = event.origin, event.stanza; 238 local session, stanza = event.origin, event.stanza
203 if not stanza.attr.to then 239 if not stanza.attr.to then
204 -- we don't want stanzas addressed to /self 240 -- we don't want stanzas addressed to /self
205 return; 241 return
206 end 242 end
207 local node, host = jid.split(stanza.attr.to); 243 local node, host = jid.split(stanza.attr.to)
208 local session_privileges = get_session_privileges(session, host) 244 local session_privileges = get_session_privileges(session, host)
209 245
210 if session_privileges and _ROSTER_GET_PERM:contains(session_privileges.roster) then 246 if session_privileges and _ROSTER_GET_PERM:contains(session_privileges.roster) then
211 module:log("debug", "Roster get from allowed privileged entity received") 247 module:log("debug", "Roster get from allowed privileged entity received")
212 -- following code is adapted from mod_remote_roster 248 -- following code is adapted from mod_remote_roster
213 local roster = roster_manager.load_roster(node, host); 249 local roster = roster_manager.load_roster(node, host)
214 250
215 local reply = st.reply(stanza):query("jabber:iq:roster"); 251 local reply = st.reply(stanza):query("jabber:iq:roster")
216 for entity_jid, item in pairs(roster) do 252 for entity_jid, item in pairs(roster) do
217 if entity_jid and entity_jid ~= "pending" then 253 if entity_jid and entity_jid ~= "pending" then
218 reply:tag("item", { 254 reply:tag("item", {
219 jid = entity_jid, 255 jid = entity_jid,
220 subscription = item.subscription, 256 subscription = item.subscription,
221 ask = item.ask, 257 ask = item.ask,
222 name = item.name, 258 name = item.name,
223 }); 259 })
224 for group in pairs(item.groups) do 260 for group in pairs(item.groups) do
225 reply:tag("group"):text(group):up(); 261 reply:tag("group"):text(group):up()
226 end 262 end
227 reply:up(); -- move out from item 263 reply:up(); -- move out from item
228 end 264 end
229 end 265 end
230 -- end of code adapted from mod_remote_roster 266 -- end of code adapted from mod_remote_roster
231 session.send(reply); 267 session.send(reply)
232 else 268 else
233 module:log("warn", "Entity "..tostring(session.full_jid).." try to get roster without permission") 269 module:log("warn", "Entity "..tostring(session.full_jid).." try to get roster without permission")
234 session.send(st.error_reply(stanza, 'auth', 'forbidden')) 270 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
235 end 271 end
236 272
237 return true 273 return true
238 end); 274 end)
239 275
240 -- set 276 -- set
241 module:hook("iq-set/bare/jabber:iq:roster:query", function(event) 277 module:hook("iq-set/bare/jabber:iq:roster:query", function(event)
242 local session, stanza = event.origin, event.stanza; 278 local session, stanza = event.origin, event.stanza
243 if not stanza.attr.to then 279 if not stanza.attr.to then
244 -- we don't want stanzas addressed to /self 280 -- we don't want stanzas addressed to /self
245 return; 281 return
246 end 282 end
247 local from_node, from_host = jid.split(stanza.attr.to); 283 local from_node, from_host = jid.split(stanza.attr.to)
248 local session_privileges = get_session_privileges(session, from_host) 284 local session_privileges = get_session_privileges(session, from_host)
249 285
250 if session_privileges and _ROSTER_SET_PERM:contains(session_privileges.roster) then 286 if session_privileges and _ROSTER_SET_PERM:contains(session_privileges.roster) then
251 module:log("debug", "Roster set from allowed privileged entity received") 287 module:log("debug", "Roster set from allowed privileged entity received")
252 -- following code is adapted from mod_remote_roster 288 -- following code is adapted from mod_remote_roster
253 if not(usermanager_user_exists(from_node, from_host)) then return; end 289 if not(usermanager_user_exists(from_node, from_host)) then return; end
254 local roster = roster_manager.load_roster(from_node, from_host); 290 local roster = roster_manager.load_roster(from_node, from_host)
255 if not(roster) then return; end 291 if not(roster) then return; end
256 292
257 local query = stanza.tags[1]; 293 local query = stanza.tags[1]
258 for _, item in ipairs(query.tags) do 294 for _, item in ipairs(query.tags) do
259 if item.name == "item" 295 if item.name == "item"
260 and item.attr.xmlns == "jabber:iq:roster" and item.attr.jid 296 and item.attr.xmlns == "jabber:iq:roster" and item.attr.jid
261 -- Protection against overwriting roster.pending, until we move it 297 -- Protection against overwriting roster.pending, until we move it
262 and item.attr.jid ~= "pending" then 298 and item.attr.jid ~= "pending" then
263 299
264 local item_jid = jid.prep(item.attr.jid); 300 local item_jid = jid.prep(item.attr.jid)
265 local _, host, resource = jid.split(item_jid); 301 local _, host, resource = jid.split(item_jid)
266 if not resource then 302 if not resource then
267 if item_jid ~= stanza.attr.to then -- not self-item_jid 303 if item_jid ~= stanza.attr.to then -- not self-item_jid
268 if item.attr.subscription == "remove" then 304 if item.attr.subscription == "remove" then
269 local r_item = roster[item_jid]; 305 local r_item = roster[item_jid]
270 if r_item then 306 if r_item then
271 roster[item_jid] = nil; 307 roster[item_jid] = nil
272 if roster_manager.save_roster(from_node, from_host, roster) then 308 if roster_manager.save_roster(from_node, from_host, roster) then
273 session.send(st.reply(stanza)); 309 session.send(st.reply(stanza))
274 roster_manager.roster_push(from_node, from_host, item_jid); 310 roster_manager.roster_push(from_node, from_host, item_jid)
275 else 311 else
276 roster[item_jid] = item; 312 roster[item_jid] = item
277 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster")); 313 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster"))
278 end 314 end
279 else 315 else
280 session.send(st.error_reply(stanza, "modify", "item-not-found")); 316 session.send(st.error_reply(stanza, "modify", "item-not-found"))
281 end 317 end
282 else 318 else
283 local subscription = item.attr.subscription; 319 local subscription = item.attr.subscription
284 if subscription ~= "both" and subscription ~= "to" and subscription ~= "from" and subscription ~= "none" then -- TODO error on invalid 320 if subscription ~= "both" and subscription ~= "to" and subscription ~= "from" and subscription ~= "none" then -- TODO error on invalid
285 subscription = roster[item_jid] and roster[item_jid].subscription or "none"; 321 subscription = roster[item_jid] and roster[item_jid].subscription or "none"
286 end 322 end
287 local r_item = {name = item.attr.name, groups = {}}; 323 local r_item = {name = item.attr.name, groups = {}}
288 if r_item.name == "" then r_item.name = nil; end 324 if r_item.name == "" then r_item.name = nil; end
289 r_item.subscription = subscription; 325 r_item.subscription = subscription
290 if subscription ~= "both" and subscription ~= "to" then 326 if subscription ~= "both" and subscription ~= "to" then
291 r_item.ask = roster[item_jid] and roster[item_jid].ask; 327 r_item.ask = roster[item_jid] and roster[item_jid].ask
292 end 328 end
293 for _, child in ipairs(item) do 329 for _, child in ipairs(item) do
294 if child.name == "group" then 330 if child.name == "group" then
295 local text = table.concat(child); 331 local text = table.concat(child)
296 if text and text ~= "" then 332 if text and text ~= "" then
297 r_item.groups[text] = true; 333 r_item.groups[text] = true
298 end 334 end
299 end 335 end
300 end 336 end
301 local olditem = roster[item_jid]; 337 local olditem = roster[item_jid]
302 roster[item_jid] = r_item; 338 roster[item_jid] = r_item
303 if roster_manager.save_roster(from_node, from_host, roster) then -- Ok, send success 339 if roster_manager.save_roster(from_node, from_host, roster) then -- Ok, send success
304 session.send(st.reply(stanza)); 340 session.send(st.reply(stanza))
305 -- and push change to all resources 341 -- and push change to all resources
306 roster_manager.roster_push(from_node, from_host, item_jid); 342 roster_manager.roster_push(from_node, from_host, item_jid)
307 else -- Adding to roster failed 343 else -- Adding to roster failed
308 roster[item_jid] = olditem; 344 roster[item_jid] = olditem
309 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster")); 345 session.send(st.error_reply(stanza, "wait", "internal-server-error", "Unable to save roster"))
310 end 346 end
311 end 347 end
312 else -- Trying to add self to roster 348 else -- Trying to add self to roster
313 session.send(st.error_reply(stanza, "cancel", "not-allowed")); 349 session.send(st.error_reply(stanza, "cancel", "not-allowed"))
314 end 350 end
315 else -- Invalid JID added to roster 351 else -- Invalid JID added to roster
316 module:log("warn", "resource: %s , host: %s", tostring(resource), tostring(host)) 352 module:log("warn", "resource: %s , host: %s", tostring(resource), tostring(host))
317 session.send(st.error_reply(stanza, "modify", "bad-request")); -- FIXME what's the correct error? 353 session.send(st.error_reply(stanza, "modify", "bad-request")); -- FIXME what's the correct error?
318 end 354 end
319 else -- Roster set didn't include a single item, or its name wasn't 'item' 355 else -- Roster set didn't include a single item, or its name wasn't 'item'
320 session.send(st.error_reply(stanza, "modify", "bad-request")); 356 session.send(st.error_reply(stanza, "modify", "bad-request"))
321 end 357 end
322 end -- for loop end 358 end -- for loop end
323 -- end of code adapted from mod_remote_roster 359 -- end of code adapted from mod_remote_roster
324 else -- The permission is not granted 360 else -- The permission is not granted
325 module:log("warn", "Entity "..tostring(session.full_jid).." try to set roster without permission") 361 module:log("warn", "Entity "..tostring(session.full_jid).." try to set roster without permission")
326 session.send(st.error_reply(stanza, 'auth', 'forbidden')) 362 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
327 end 363 end
328 364
329 return true 365 return true
330 end); 366 end)
331 367
332 368
333 --> message permission <-- 369 --> message permission <--
334 370
335 local function clean_xmlns(node) 371 local function clean_xmlns(node)
336 -- Recursively remove "jabber:client" attribute from node. 372 -- Recursively remove "jabber:client" attribute from node.
337 -- In Prosody internal routing, xmlns should not be set. 373 -- In Prosody internal routing, xmlns should not be set.
338 -- Keeping xmlns would lead to issues like mod_smacks ignoring the outgoing stanza, 374 -- Keeping xmlns would lead to issues like mod_smacks ignoring the outgoing stanza,
339 -- so we remove all xmlns attributes with a value of "jabber:client" 375 -- so we remove all xmlns attributes with a value of "jabber:client"
340 if node.attr.xmlns == 'jabber:client' then 376 if node.attr.xmlns == 'jabber:client' then
341 for childnode in node:childtags() do 377 for childnode in node:childtags() do
342 clean_xmlns(childnode); 378 clean_xmlns(childnode)
343 end 379 end
344 node.attr.xmlns = nil; 380 node.attr.xmlns = nil
345 end 381 end
346 end 382 end
347 383
348 module:hook("message/host", function(event) 384 module:hook("message/host", function(event)
349 local session, stanza = event.origin, event.stanza; 385 local session, stanza = event.origin, event.stanza
350 local privilege_elt = stanza:get_child('privilege', _PRIV_ENT_NS) 386 local privilege_elt = stanza:get_child('privilege', _PRIV_ENT_NS)
351 if privilege_elt==nil then return; end 387 if privilege_elt==nil then return; end
352 local _, to_host = jid.split(stanza.attr.to) 388 local _, to_host = jid.split(stanza.attr.to)
353 local session_privileges = get_session_privileges(session, to_host) 389 local session_privileges = get_session_privileges(session, to_host)
354 390
355 if session_privileges and session_privileges.message=="outgoing" then 391 if session_privileges and session_privileges.message=="outgoing" then
356 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded" 392 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded"
357 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then 393 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then
358 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client') 394 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client')
359 if message_elt ~= nil then 395 if message_elt ~= nil then
360 local _, from_host, from_resource = jid.split(message_elt.attr.from) 396 local _, from_host, from_resource = jid.split(message_elt.attr.from)
361 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts 397 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts
362 clean_xmlns(message_elt); -- needed do to proper routing 398 clean_xmlns(message_elt); -- needed do to proper routing
363 -- at this point everything should be alright, we can send the message 399 -- at this point everything should be alright, we can send the message
364 prosody.core_route_stanza(nil, message_elt) 400 prosody.core_route_stanza(nil, message_elt)
365 else -- trying to send a message from a forbidden entity 401 else -- trying to send a message from a forbidden entity
366 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from)) 402 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from))
367 session.send(st.error_reply(stanza, 'auth', 'forbidden')) 403 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
368 end 404 end
369 else -- incorrect message child 405 else -- incorrect message child
370 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid forwarded <message/> element")); 406 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid forwarded <message/> element"))
371 end 407 end
372 else -- incorrect forwarded child 408 else -- incorrect forwarded child
373 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid <forwarded/> element")); 409 session.send(st.error_reply(stanza, "modify", "bad-request", "invalid <forwarded/> element"))
374 end; 410 end
375 else -- The permission is not granted 411 else -- The permission is not granted
376 module:log("warn", "Entity "..tostring(session.full_jid).." try to send message without permission") 412 module:log("warn", "Entity "..tostring(session.full_jid).." try to send message without permission")
377 session.send(st.error_reply(stanza, 'auth', 'forbidden')) 413 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
378 end 414 end
379 415
380 return true 416 return true
381 end); 417 end)
382 418
383 419
384 --> presence permission <-- 420 --> presence permission <--
385 421
386 local function same_tags(tag1, tag2) 422 local function same_tags(tag1, tag2)
387 -- check if two tags are equivalent 423 -- check if two tags are equivalent
388 424
389 if tag1.name ~= tag2.name then return false; end 425 if tag1.name ~= tag2.name then return false; end
390 426
391 if #tag1 ~= #tag2 then return false; end 427 if #tag1 ~= #tag2 then return false; end
392 428
393 for name, value in pairs(tag1.attr) do 429 for name, value in pairs(tag1.attr) do
394 if tag2.attr[name] ~= value then return false; end 430 if tag2.attr[name] ~= value then return false; end
395 end 431 end
396 432
397 for i=1,#tag1 do 433 for i=1,#tag1 do
398 if type(tag1[i]) == "string" then 434 if type(tag1[i]) == "string" then
399 if tag1[i] ~= tag2[i] then return false; end 435 if tag1[i] ~= tag2[i] then return false; end
400 else 436 else
401 if not same_tags(tag1[i], tag2[i]) then return false; end 437 if not same_tags(tag1[i], tag2[i]) then return false; end
402 end 438 end
403 end 439 end
404 440
405 return true 441 return true
406 end 442 end
407 443
408 local function same_presences(presence1, presence2) 444 local function same_presences(presence1, presence2)
409 -- check that 2 <presence/> stanzas are equivalent (except for "to" attribute) 445 -- check that 2 <presence/> stanzas are equivalent (except for "to" attribute)
410 -- /!\ if the id change but everything else is equivalent, this method return false 446 -- /!\ if the id change but everything else is equivalent, this method return false
411 -- this behaviour may change in the future 447 -- this behaviour may change in the future
412 if presence1.attr.from ~= presence2.attr.from or presence1.attr.id ~= presence2.attr.id 448 if presence1.attr.from ~= presence2.attr.from or presence1.attr.id ~= presence2.attr.id
413 or presence1.attr.type ~= presence2.attr.type then 449 or presence1.attr.type ~= presence2.attr.type then
414 return false 450 return false
415 end 451 end
416 452
417 if presence1.attr.id and presence1.attr.id == presence2.attr.id then return true; end 453 if presence1.attr.id and presence1.attr.id == presence2.attr.id then return true; end
418 454
419 if #presence1 ~= #presence2 then return false; end 455 if #presence1 ~= #presence2 then return false; end
420 456
421 for i=1,#presence1 do 457 for i=1,#presence1 do
422 if type(presence1[i]) == "string" then 458 if type(presence1[i]) == "string" then
423 if presence1[i] ~= presence2[i] then return false; end 459 if presence1[i] ~= presence2[i] then return false; end
424 else 460 else
425 if not same_tags(presence1[i], presence2[i]) then return false; end 461 if not same_tags(presence1[i], presence2[i]) then return false; end
426 end 462 end
427 end 463 end
428 464
429 return true 465 return true
430 end 466 end
431 467
432 local function forward_presence(presence, to_jid) 468 local function forward_presence(presence, to_jid)
433 local presence_fwd = st.clone(presence) 469 local presence_fwd = st.clone(presence)
434 presence_fwd.attr.to = to_jid 470 presence_fwd.attr.to = to_jid
435 module:log("debug", "presence forwarded to "..to_jid..": "..tostring(presence_fwd)) 471 module:log("debug", "presence forwarded to "..to_jid..": "..tostring(presence_fwd))
436 module:send(presence_fwd) 472 module:send(presence_fwd)
437 -- cache used to avoid to send several times the same stanza 473 -- cache used to avoid to send several times the same stanza
438 priv_session.last_presence = presence 474 priv_session.last_presence = presence
439 end 475 end
440 476
441 module:hook("presence/bare", function(event) 477 module:hook("presence/bare", function(event)
442 if presence_man_ent:empty() and presence_roster:empty() then return; end 478 if presence_man_ent:empty() and presence_roster:empty() then return; end
443 479
444 local stanza = event.stanza 480 local stanza = event.stanza
445 if stanza.attr.type == nil or stanza.attr.type == "unavailable" then 481 if stanza.attr.type == nil or stanza.attr.type == "unavailable" then
446 if not stanza.attr.to then 482 if not stanza.attr.to then
447 for entity in presence_man_ent:items() do 483 for entity in presence_man_ent:items() do
448 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end 484 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end
449 end 485 end
450 else -- directed presence 486 else -- directed presence
451 -- we ignore directed presences from our own host, as we already have them 487 -- we ignore directed presences from our own host, as we already have them
452 local _, from_host = jid.split(stanza.attr.from) 488 local _, from_host = jid.split(stanza.attr.from)
453 if hosts[from_host] then return; end 489 if hosts[from_host] then return; end
454 490
455 -- we don't send several time the same presence, as recommended in §7 #2 491 -- we don't send several time the same presence, as recommended in §7 #2
456 if priv_session.last_presence and same_presences(priv_session.last_presence, stanza) then 492 if priv_session.last_presence and same_presences(priv_session.last_presence, stanza) then
457 return 493 return
458 end 494 end
459 495
460 for entity in presence_roster:items() do 496 for entity in presence_roster:items() do
461 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end 497 if stanza.attr.from ~= entity then forward_presence(stanza, entity); end
462 end 498 end
463 end 499 end
464 end 500 end
465 end, 150) 501 end, 150)
502
503 --> IQ permission <--
504
505 module:hook("iq/bare/".._PRIV_ENT_NS..":privileged_iq", function(event)
506 local session, stanza = event.origin, event.stanza
507 if not stanza.attr.to then
508 -- we don't want stanzas addressed to /self
509 return
510 end
511 local from_node, from_host, from_resource = jid.split(stanza.attr.to)
512
513 if from_resource ~= nil or not usermanager_user_exists(from_node, from_host) then
514 session.send(
515 st.error_reply(
516 stanza,
517 "auth",
518 "forbidden",
519 "wrapping <IQ> stanza recipient must be a bare JID of a local user"
520 )
521 )
522 return true
523 end
524
525 local session_privileges = get_session_privileges(session, from_host)
526
527 if session_privileges == nil then
528 session.send(
529 st.error_reply(
530 stanza,
531 "auth",
532 "forbidden",
533 "no privilege granted"
534 )
535 )
536 return true
537 end
538
539 local iq_privileges = session_privileges["iq"]
540 if iq_privileges == nil then
541 session.send(
542 session.send(st.error_reply(stanza, "auth", "forbidden", "you are not allowed to send privileged <IQ> stanzas"))
543 )
544 return true
545 end
546
547 local privileged_iq = stanza:get_child("privileged_iq", _PRIV_ENT_NS)
548
549 local wrapped_iq = privileged_iq.tags[1]
550 if wrapped_iq == nil then
551 session.send(
552 st.error_reply(stanza, "auth", "forbidden", "missing <IQ> stanza to send")
553 )
554 return true
555 end
556
557 if wrapped_iq.attr.xmlns ~= "jabber:client" then
558 session.send(
559 st.error_reply(
560 stanza,
561 "auth",
562 "forbidden",
563 'wrapped <IQ> must have a xmlns of "jabber:client"'
564 )
565 )
566 return true
567 end
568
569 clean_xmlns(wrapped_iq)
570
571 if #wrapped_iq.tags ~= 1 then
572 session.send(
573 st.error_reply(
574 stanza,
575 "auth",
576 "forbidden",
577 'invalid payload in wrapped <IQ>'
578 )
579 )
580 return true
581 end
582
583 local payload = wrapped_iq.tags[1]
584
585 local priv_ns = payload.attr.xmlns
586 if priv_ns == nil then
587 session.send(
588 st.error_reply(stanza, "auth", "forbidden", "xmlns not set in privileged <IQ>")
589 )
590 return true
591 end
592
593 local ns_perms = iq_privileges[priv_ns]
594 local iq_type = stanza.attr.type
595 if ns_perms == nil or iq_type == nil or not ns_perms[iq_type] then
596 session.send(
597 session.send(st.error_reply(
598 stanza,
599 "auth",
600 "forbidden",
601 "you are not allowed to send privileged <IQ> stanzas of this type and namespace")
602 )
603 )
604 return true
605 end
606
607 if wrapped_iq.attr.from ~= nil and wrapped_iq.attr.from ~= stanza.attr.to then
608 session.send(
609 st.error_reply(
610 stanza,
611 "auth",
612 "forbidden",
613 'wrapped <IQ> "from" attribute is inconsistent with main <IQ> "to" attribute'
614 )
615 )
616 return true
617 end
618
619 wrapped_iq.attr.from = stanza.attr.to
620
621 if wrapped_iq.attr.to == nil then
622 session.send(
623 st.error_reply(
624 stanza,
625 "auth",
626 "forbidden",
627 'wrapped <IQ> "to" attribute is missing'
628 )
629 )
630 return true
631 end
632
633 if wrapped_iq.attr.type ~= iq_type then
634 session.send(
635 st.error_reply(
636 stanza,
637 "auth",
638 "forbidden",
639 'invalid wrapped <IQ>: type mismatch'
640 )
641 )
642 return true
643 end
644
645 if wrapped_iq.attr.id == nil then
646 session.send(
647 st.error_reply(
648 stanza,
649 "auth",
650 "forbidden",
651 'invalid wrapped <IQ>: missing "id" attribute'
652 )
653 )
654 return true
655 end
656
657 -- at this point, wrapped_iq is considered valid, and privileged entity is allowed to send it
658
659 module:send_iq(wrapped_iq)
660 :next(function (response)
661 local reply = st.reply(stanza);
662 response.stanza.attr.xmlns = 'jabber:client'
663 reply:tag("privilege", {xmlns = _PRIV_ENT_NS})
664 :tag("forwarded", {xmlns = _FORWARDED_NS})
665 :add_child(response.stanza)
666 session.send(reply)
667 end,
668 function(response)
669 module:log("error", "Error while sending privileged <IQ>: %s", response);
670 session.send(
671 st.error_reply(
672 stanza,
673 "cancel",
674 "internal-server-error"
675 )
676 )
677 end)
678
679 return true
680 end)