prosody-modules: mod_privilege/mod_privilege.lua comparison

comparison mod_privilege/mod_privilege.lua @ 1725:d85d5b0bf977

Merge with Goffi

author	Kim Alvefur <zash@zash.se>
date	Thu, 07 May 2015 23:39:54 +0200
parents	ad7afcf86131
children	0d78bb31348e

comparison

equal deleted inserted replaced

-:e4867211cddb
+:d85d5b0bf977
 local hosts = prosody.hosts
 local full_sessions = prosody.full_sessions;
 local priv_session = module:shared("/*/privilege/session")
+if priv_session.connected_cb == nil then
+	-- set used to have connected event listeners
+	-- which allows a host to react on events from
+	-- other hosts
+	priv_session.connected_cb = set.new()
+end
+local connected_cb = priv_session.connected_cb
 -- the folowing sets are used to forward presence stanza
-if not priv_session.presence_man_ent  then
+-- the folowing sets are used to forward presence stanza
-	priv_session.presence_man_ent = set.new()
+local presence_man_ent = set.new()
-end
+local presence_roster = set.new()
-local presence_man_ent = priv_session.presence_man_ent
-if not priv_session.presence_roster then
-	priv_session.presence_roster = set.new()
-end
-local presence_roster = priv_session.presence_roster
 local _ALLOWED_ROSTER = set.new({'none', 'get', 'set', 'both'})
 local _ROSTER_GET_PERM = set.new({'get', 'both'})
 local _ROSTER_SET_PERM = set.new({'set', 'both'})
 local _ALLOWED_MESSAGE = set.new({'none', 'outgoing'})
 module:log("debug", "Loading privileged entity module ");
 --> Permissions management <--
-privileges = module:get_option("privileged_entities", {})
+local privileges = module:get_option("privileged_entities", {})
-function advertise_perm(session, to_jid, perms)
+local function advertise_perm(session, to_jid, perms)
 	-- send <message/> stanza to advertise permissions
 	-- as expained in § 4.2
-	local message = st.message({to=to_jid})
+	local message = st.message({from=module.host, to=to_jid})
 					  :tag("privilege", {xmlns=_PRIV_ENT_NS})
 	for _, perm in pairs({'roster', 'message', 'presence'}) do
 		if perms[perm] then
 			message:tag("perm", {access=perm, type=perms[perm]}):up()
 		end
 	end
 	session.send(message)
 end
-function set_presence_perm_set(to_jid, perms)
+local function set_presence_perm_set(to_jid, perms)
-	-- fill the global presence sets according to perms
+	-- fill the presence sets according to perms
 	if _PRESENCE_MANAGED:contains(perms.presence) then
 		presence_man_ent:add(to_jid)
 	end
 	if perms.presence == 'roster' then
 		presence_roster:add(to_jid)
 	end
 end
-function advertise_presences(session, to_jid, perms)
+local function advertise_presences(session, to_jid, perms)
 	-- send presence status for already conencted entities
 	-- as explained in § 7.1
 	-- people in roster are probed only for active sessions
 	-- TODO: manage roster load for inactive sessions
 	if not perms.presence then return; end
 			if user_session.roster then
 				local bare_jid = jid.bare(user_session.full_jid)
 				for entity, item in pairs(user_session.roster) do
 					if entity~=false and entity~="pending" and (item.subscription=="both" or item.subscription=="to") then
-						_, host = jid.split(entity)
+						local _, host = jid.split(entity)
 						if not hosts[host] then -- we don't probe jid from hosts we manage
 							-- using a table with entity as key avoid probing several time the same one
 							to_probe[entity] = bare_jid
 						end
 					end
 			end
 		end
 	end
 	-- now we probe peoples for "roster" presence permission
-	for to_jid, from_jid in pairs(to_probe) do
+	for probe_to, probe_from in pairs(to_probe) do
-		module:log("debug", "probing presence for %s (on behalf of %s)", tostring(to_jid), tostring(from_jid))
+		module:log("debug", "probing presence for %s (on behalf of %s)", tostring(probe_to), tostring(probe_from))
-		local probe = st.presence({from=from_jid, to=to_jid, type="probe"})
+		local probe = st.presence({from=probe_from, to=probe_to, type="probe"})
 		prosody.core_route_stanza(nil, probe)
 	end
 end
-function on_auth(event)
+local function on_auth(event)
 	-- Check if entity is privileged according to configuration,
 	-- and set session.privileges accordingly
 	local session = event.session
 	local bare_jid = jid.join(session.username, session.host)
 		end
 		-- extra checks for presence permission
 		if ent_priv.permission == 'roster' and not _ROSTER_GET_PERM:contains(session.privileges.roster) then
 			module:log("warn", "Can't allow roster presence privilege without roster \"get\" privilege")
 			module:log("warn", "Setting presence permission to none")
-			end_priv.permission = nil
+			ent_priv.permission = nil
 		end
 		if session.type == "component" then
 			-- we send the message stanza only for component
 			-- it will be sent at first <presence/> for other entities
 	end
 	session.privileges = ent_priv
 end
-function on_presence(event)
+local function on_presence(event)
 	-- Permission are already checked at this point,
 	-- we only advertise them to the entity
-	local session, stanza = event.origin, event.stanza;
+	local session = event.origin
 	if session.privileges then
 		advertise_perm(session, session.full_jid, session.privileges)
 		set_presence_perm_set(session.full_jid, session.privileges)
 		advertise_presences(session, session.full_jid, session.privileges)
 	end
 end
+local function on_component_auth(event)
+	-- react to component-authenticated event from this host
+	-- and call the on_auth methods from all other hosts
+	-- needed for the component to get delegations advertising
+	for callback in connected_cb:items() do
+		callback(event)
+	end
+end
+connected_cb:add(on_auth)
 module:hook('authentication-success', on_auth)
-module:hook('component-authenticated', on_auth)
+module:hook('component-authenticated', on_component_auth)
 module:hook('presence/initial', on_presence)
 --> roster permission <--
 		local roster = roster_manager.load_roster(node, host);
 		local reply = st.reply(stanza):query("jabber:iq:roster");
 		for entity_jid, item in pairs(roster) do
 			if entity_jid and entity_jid ~= "pending" then
-				local node, host = jid.split(entity_jid);
+				reply:tag("item", {
-					reply:tag("item", {
+					jid = entity_jid,
-						jid = entity_jid,
+					subscription = item.subscription,
-						subscription = item.subscription,
+					ask = item.ask,
-						ask = item.ask,
+					name = item.name,
-						name = item.name,
+				});
-					});
+				for group in pairs(item.groups) do
-					for group in pairs(item.groups) do
+					reply:tag("group"):text(group):up();
-						reply:tag("group"):text(group):up();
+				end
-					end
+				reply:up(); -- move out from item
-					reply:up(); -- move out from item
 			end
 		end
 		-- end of code adapted from mod_remote_roster
 		session.send(reply);
 	else
 		if not(user_manager.user_exists(from_node, from_host)) then return; end
 		local roster = roster_manager.load_roster(from_node, from_host);
 		if not(roster) then return; end
 		local query = stanza.tags[1];
-		for i_, item in ipairs(query.tags) do
+		for _, item in ipairs(query.tags) do
 			if item.name == "item"
 				and item.attr.xmlns == "jabber:iq:roster" and item.attr.jid
 					-- Protection against overwriting roster.pending, until we move it
 				and item.attr.jid ~= "pending" then
 				local item_jid = jid.prep(item.attr.jid);
-				local node, host, resource = jid.split(item_jid);
+				local _, host, resource = jid.split(item_jid);
 				if not resource then
 					if item_jid ~= stanza.attr.to then -- not self-item_jid
 						if item.attr.subscription == "remove" then
 							local r_item = roster[item_jid];
 							if r_item then
-								local to_bare = node and (node.."@"..host) or host; -- bare jid
 								roster[item_jid] = nil;
 								if roster_manager.save_roster(from_node, from_host, roster) then
 									session.send(st.reply(stanza));
 									roster_manager.roster_push(from_node, from_host, item_jid);
 								else
 	if session.privileges and session.privileges.message=="outgoing" then
 		if #privilege_elt.tags==1 and privilege_elt.tags[1].name == "forwarded"
 			and privilege_elt.tags[1].attr.xmlns==_FORWARDED_NS then
 			local message_elt = privilege_elt.tags[1]:get_child('message', 'jabber:client')
 			if message_elt ~= nil then
-				local from_node, from_host, from_resource = jid.split(message_elt.attr.from)
+				local _, from_host, from_resource = jid.split(message_elt.attr.from)
 				if from_resource == nil and hosts[from_host] then -- we only accept bare jids from one of the server hosts
 					-- at this point everything should be alright, we can send the message
 					prosody.core_route_stanza(nil, message_elt)
 				else -- trying to send a message from a forbidden entity
 	    			module:log("warn", "Entity "..tostring(session.full_jid).." try to send a message from "..tostring(message_elt.attr.from))
 end);
 --> presence permission <--
-function same_tags(tag1, tag2)
+local function same_tags(tag1, tag2)
 	-- check if two tags are equivalent
 if tag1.name ~= tag2.name then return false; end
 	if #tag1 ~= #tag2 then return false; end
 	end
 	return true
 end
-function same_presences(presence1, presence2)
+local function same_presences(presence1, presence2)
 	-- check that 2 <presence/> stanzas are equivalent (except for "to" attribute)
 	-- /!\ if the id change but everything else is equivalent, this method return false
 	-- this behaviour may change in the future
 	if presence1.attr.from ~= presence2.attr.from or presence1.attr.id ~= presence2.attr.id
 		or presence1.attr.type ~= presence2.attr.type then
 	end
 	return true
 end
-function forward_presence(presence, to_jid)
+local function forward_presence(presence, to_jid)
-	presence_fwd = st.clone(presence)
+	local presence_fwd = st.clone(presence)
 	presence_fwd.attr.to = to_jid
 	module:log("debug", "presence forwarded to "..to_jid..": "..tostring(presence_fwd))
 	module:send(presence_fwd)
 	-- cache used to avoid to send several times the same stanza
 	priv_session.last_presence = presence
 end
 module:hook("presence/bare", function(event)
 	if presence_man_ent:empty() and presence_roster:empty() then return; end
-	local session, stanza = event.origin, event.stanza;
+	local stanza = event.stanza
 	if stanza.attr.type == nil or stanza.attr.type == "unavailable" then
 		if not stanza.attr.to then
 			for entity in presence_man_ent:items() do
 				if stanza.attr.from ~= entity then forward_presence(stanza, entity); end
 			end
 		else -- directed presence
 			-- we ignore directed presences from our own host, as we already have them
-			_, from_host = jid.split(stanza.attr.from)
+			local _, from_host = jid.split(stanza.attr.from)
 			if hosts[from_host] then return; end
 			-- we don't send several time the same presence, as recommended in §7 #2
 			if priv_session.last_presence and same_presences(priv_session.last_presence, stanza) then
 			   return

Mercurial > prosody-modules

comparison mod_privilege/mod_privilege.lua @ 1725:d85d5b0bf977