changeset 2212:57dcad6543c9

mod_e2e_policy: Initial commit
author Michel Le Bihan <michel@lebihan.pl>
date Tue, 14 Jun 2016 18:03:05 +0200 (2016-06-14)
parents 9aecf7c953ba
children 1815bf8b3cf9
files mod_e2e_policy/README.markdown mod_e2e_policy/mod_e2e_policy.lua
diffstat 2 files changed, 100 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_e2e_policy/README.markdown	Tue Jun 14 18:03:05 2016 +0200
@@ -0,0 +1,46 @@
+Introduction
+============
+
+This module was written to encourage usage of End-to-end encryption for chat and MUC messages. It can be configured to warn the sender after every plaintext/unencrypted message or to block all plaintext/unencrypted messages. It also supports MUC and JID whitelisting, so administrators can for example whitelist public support MUCs ;-)
+
+Configuration
+=============
+
+Enable the module as any other:
+
+    modules_enabled = {
+      "mod_e2e_policy";
+    }
+
+You can then set some options to configure your desired policy:
+
+  Option                                Default        Description
+  -------------------------------- --------------- -------------------------------------------------------------------------------------------------------------------------------------------------
+  e2e\_policy\_chat                     `"optional"`   Policy for chat messages. Possible values: `"none"`, `"optional"` and `"required"`.
+  e2e\_policy\_muc                      `"optional"`   Policy for MUC messages. Possible values: `"none"`, `"optional"` and `"required"`.
+  e2e\_policy\_whitelist                `{ }`          Make this module ignore messages sent to and from this JIDs or MUCs.
+  e2e\_policy\_message\_optional\_chat  `""`           Set a custom warning message for chat messages.
+  e2e\_policy\_message\_required\_chat  `""`           Set a custom error message for chat messages.
+  e2e\_policy\_message\_optional\_muc   `""`           Set a custom warning message for MUC messages.
+  e2e\_policy\_message\_required\_muc   `""`           Set a custom error message for MUC messages.
+
+Some examples:
+
+    e2e_policy_chat = "optional"
+    e2e_policy_muc = "optional"
+    e2e_policy_whitelist = { "admin@example.com", "prosody@conference.prosody.im" }
+    e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server."
+    e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server."
+    e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server."
+    e2e_policy_message_required_muc = "For security reasons, OMEMO, OTR or PGP encryption is required for MUC on this server."
+
+Compatibility
+=============
+
+  ----- -------------
+  trunk Works
+  0.10  Should work
+  0.9   Should work
+  ----- -------------
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_e2e_policy/mod_e2e_policy.lua	Tue Jun 14 18:03:05 2016 +0200
@@ -0,0 +1,54 @@
+local st = require "util.stanza";
+local host = module.host;
+local e2e_policy_chat = module:get_option_string("e2e_policy_chat", "optional"); -- possible values: none, optional and required
+local e2e_policy_muc = module:get_option_string("e2e_policy_muc", "optional"); -- possible values: none, optional and required
+local e2e_policy_whitelist = module:get_option_set("e2e_policy_whitelist", {  }); -- make this module ignore messages sent to and from this JIDs or MUCs
+
+local e2e_policy_message_optional_chat = module:get_option_string("e2e_policy_message_optional_chat", "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server.");
+local e2e_policy_message_required_chat = module:get_option_string("e2e_policy_message_required_chat", "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server.");
+local e2e_policy_message_optional_muc = module:get_option_string("e2e_policy_message_optional_muc", "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server.");
+local e2e_policy_message_required_muc = module:get_option_string("e2e_policy_message_required_muc", "For security reasons, OMEMO, OTR or PGP encryption is required for MUC on this server.");
+
+function warn_on_plaintext_messages(event)
+    if e2e_policy_whitelist:contains(event.stanza.attr.from) or e2e_policy_whitelist:contains(event.stanza.attr.to) then -- check if JID is whitelisted
+        return nil;
+    end
+    local body = event.stanza:get_child_text("body");
+    -- do not warn for status messages
+    if not body then
+        return nil;
+    end
+    -- check otr
+    if body and body:sub(1,4) == "?OTR" then
+        return nil;
+    end
+    -- check omemo https://xmpp.org/extensions/inbox/omemo.html
+    if event.stanza:get_child("encrypted", "eu.siacs.conversations.axolotl") or event.stanza:get_child("encrypted", "urn:xmpp:omemo:0") then
+        return nil;
+    end
+    -- check xep27 pgp https://xmpp.org/extensions/xep-0027.html
+    if event.stanza:get_child("x", "jabber:x:encrypted") then
+        return nil;
+    end
+	-- check xep373 pgp (OX) https://xmpp.org/extensions/xep-0373.html
+    if event.stanza:get_child("openpgp", "urn:xmpp:openpgp:0") then
+        return nil;
+    end
+    -- no valid encryption found
+    if e2e_policy_chat == "optional" and event.stanza.attr.type ~= "groupchat" then
+        event.origin.send(st.message({ from = host, type = "headline" }, e2e_policy_message_optional_chat));
+    end
+    if e2e_policy_chat == "required" and event.stanza.attr.type ~= "groupchat" then
+        return event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", e2e_policy_message_required_chat));
+    end
+    if e2e_policy_muc == "optional" and event.stanza.attr.type == "groupchat" then
+        event.origin.send(st.message({ from = host, type = "headline" }, e2e_policy_message_optional_muc));
+    end
+    if e2e_policy_muc == "required" and event.stanza.attr.type == "groupchat" then
+        return event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", e2e_policy_message_required_muc));
+    end
+end
+
+module:hook("pre-message/bare", warn_on_plaintext_messages, 300);
+module:hook("pre-message/full", warn_on_plaintext_messages, 300);
+module:hook("pre-message/host", warn_on_plaintext_messages, 300);