comparison mod_privilege/mod_privilege.lua @ 4994:cce12a660b98

mod_privilege: process entity IQs (credit to adx) and messages with a constructed entity session
author Nicoco <nicoco@nicoco.fr>
date Tue, 16 Aug 2022 13:10:39 +0200
parents 3ddab718f717
children a88c43de648c
comparison
equal deleted inserted replaced
4993:f36d15107c15 4994:cce12a660b98
391 if session_privileges and session_privileges.message=="outgoing" then 391 if session_privileges and session_privileges.message=="outgoing" then
392 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded" 392 if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded"
393 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then 393 and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then
394 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client') 394 local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client')
395 if message_elt ~= nil then 395 if message_elt ~= nil then
396 local _, from_host, from_resource = jid.split(message_elt.attr.from) 396 local username, from_host, from_resource = jid.split(message_elt.attr.from)
397 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts 397 if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts
398 clean_xmlns(message_elt); -- needed do to proper routing 398 clean_xmlns(message_elt); -- needed do to proper routing
399 local session = {
400 username = username;
401 host = from_host;
402 type = "c2s";
403 log = module._log;
404 }
399 -- at this point everything should be alright, we can send the message 405 -- at this point everything should be alright, we can send the message
400 prosody.core_route_stanza(nil, message_elt) 406 prosody.core_post_stanza(session, message_elt, true)
401 else -- trying to send a message from a forbidden entity 407 else -- trying to send a message from a forbidden entity
402 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from)) 408 module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from))
403 session.send(st.error_reply(stanza, 'auth', 'forbidden')) 409 session.send(st.error_reply(stanza, 'auth', 'forbidden'))
404 end 410 end
405 else -- incorrect message child 411 else -- incorrect message child
616 return true 622 return true
617 end 623 end
618 624
619 wrapped_iq.attr.from = stanza.attr.to 625 wrapped_iq.attr.from = stanza.attr.to
620 626
621 if wrapped_iq.attr.to == nil then
622 session.send(
623 st.error_reply(
624 stanza,
625 "auth",
626 "forbidden",
627 'wrapped <IQ> "to" attribute is missing'
628 )
629 )
630 return true
631 end
632 627
633 if wrapped_iq.attr.type ~= iq_type then 628 if wrapped_iq.attr.type ~= iq_type then
634 session.send( 629 session.send(
635 st.error_reply( 630 st.error_reply(
636 stanza, 631 stanza,
653 ) 648 )
654 return true 649 return true
655 end 650 end
656 651
657 -- at this point, wrapped_iq is considered valid, and privileged entity is allowed to send it 652 -- at this point, wrapped_iq is considered valid, and privileged entity is allowed to send it
658 653 local username, from_host, _ = jid.split(wrapped_iq.attr.from)
659 module:send_iq(wrapped_iq) 654 local newsession = {
655 username = username;
656 host = from_host;
657 full_jid = stanza.attr.to;
658 type = "c2s";
659 log = module._log;
660 }
661
662 module:send_iq(wrapped_iq,newsession)
660 :next(function (response) 663 :next(function (response)
661 local reply = st.reply(stanza); 664 local reply = st.reply(stanza);
662 response.stanza.attr.xmlns = 'jabber:client' 665 response.stanza.attr.xmlns = 'jabber:client'
663 reply:tag("privilege", {xmlns = _PRIV_ENT_NS}) 666 reply:tag("privilege", {xmlns = _PRIV_ENT_NS})
664 :tag("forwarded", {xmlns = _FORWARDED_NS}) 667 :tag("forwarded", {xmlns = _FORWARDED_NS})