Mercurial > prosody-modules

comparison mod_privilege/mod_privilege.lua @ 1708:ad7afcf86131

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_privilege: fixed bad handling of presence permissions / component authentication between different hosts
author Goffi <goffi@goffi.org>
date Fri, 17 Apr 2015 21:00:34 +0200
parents 64b3d1eb0cfe
children 0d78bb31348e
comparison
equal deleted inserted replaced
1707:64b3d1eb0cfe 1708:ad7afcf86131
16 local hosts = prosody.hosts 16 local hosts = prosody.hosts
17 local full_sessions = prosody.full_sessions; 17 local full_sessions = prosody.full_sessions;
18 18
19 local priv_session = module:shared("/*/privilege/session") 19 local priv_session = module:shared("/*/privilege/session")
20 20
21 if priv_session.connected_cb == nil then
22 -- set used to have connected event listeners
23 -- which allows a host to react on events from
24 -- other hosts
25 priv_session.connected_cb = set.new()
26 end
27 local connected_cb = priv_session.connected_cb
28
21 -- the folowing sets are used to forward presence stanza 29 -- the folowing sets are used to forward presence stanza
22 if not priv_session.presence_man_ent then 30 -- the folowing sets are used to forward presence stanza
23 priv_session.presence_man_ent = set.new() 31 local presence_man_ent = set.new()
24 end 32 local presence_roster = set.new()
25 local presence_man_ent = priv_session.presence_man_ent
26 if not priv_session.presence_roster then
27 priv_session.presence_roster = set.new()
28 end
29 local presence_roster = priv_session.presence_roster
30 33
31 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'}) 34 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'})
32 local _ROSTER_GET_PERM = set.new({'get', 'both'}) 35 local _ROSTER_GET_PERM = set.new({'get', 'both'})
33 local _ROSTER_SET_PERM = set.new({'set', 'both'}) 36 local _ROSTER_SET_PERM = set.new({'set', 'both'})
34 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'}) 37 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'})
47 local privileges = module:get_option("privileged_entities", {}) 50 local privileges = module:get_option("privileged_entities", {})
48 51
49 local function advertise_perm(session, to_jid, perms) 52 local function advertise_perm(session, to_jid, perms)
50 -- send <message/> stanza to advertise permissions 53 -- send <message/> stanza to advertise permissions
51 -- as expained in § 4.2 54 -- as expained in § 4.2
52 local message = st.message({to=to_jid}) 55 local message = st.message({from=module.host, to=to_jid})
53 :tag("privilege", {xmlns=_PRIV_ENT_NS}) 56 :tag("privilege", {xmlns=_PRIV_ENT_NS})
54 57
55 for _, perm in pairs({'roster', 'message', 'presence'}) do 58 for _, perm in pairs({'roster', 'message', 'presence'}) do
56 if perms[perm] then 59 if perms[perm] then
57 message:tag("perm", {access=perm, type=perms[perm]}):up() 60 message:tag("perm", {access=perm, type=perms[perm]}):up()
59 end 62 end
60 session.send(message) 63 session.send(message)
61 end 64 end
62 65
63 local function set_presence_perm_set(to_jid, perms) 66 local function set_presence_perm_set(to_jid, perms)
64 -- fill the global presence sets according to perms 67 -- fill the presence sets according to perms
65 if _PRESENCE_MANAGED:contains(perms.presence) then 68 if _PRESENCE_MANAGED:contains(perms.presence) then
66 presence_man_ent:add(to_jid) 69 presence_man_ent:add(to_jid)
67 end 70 end
68 if perms.presence == 'roster' then 71 if perms.presence == 'roster' then
69 presence_roster:add(to_jid) 72 presence_roster:add(to_jid)
162 set_presence_perm_set(session.full_jid, session.privileges) 165 set_presence_perm_set(session.full_jid, session.privileges)
163 advertise_presences(session, session.full_jid, session.privileges) 166 advertise_presences(session, session.full_jid, session.privileges)
164 end 167 end
165 end 168 end
166 169
170 local function on_component_auth(event)
171 -- react to component-authenticated event from this host
172 -- and call the on_auth methods from all other hosts
173 -- needed for the component to get delegations advertising
174 for callback in connected_cb:items() do
175 callback(event)
176 end
177 end
178
179 connected_cb:add(on_auth)
167 module:hook('authentication-success', on_auth) 180 module:hook('authentication-success', on_auth)
168 module:hook('component-authenticated', on_auth) 181 module:hook('component-authenticated', on_component_auth)
169 module:hook('presence/initial', on_presence) 182 module:hook('presence/initial', on_presence)
170 183
171 184
172 --> roster permission <-- 185 --> roster permission <--
173 186