Merge

6 files changed, 115 insertions, 21 deletions

diff --git a/core/objectmanager.lua b/core/objectmanager.lua
new file mode 100644
index 00000000..b8e5eb3f
--- /dev/null
+++ b/core/objectmanager.lua
@@ -0,0 +1,60 @@
+

+local new_multitable = require "util.multitable".new;

+local t_insert = table.insert;

+local t_concat = table.concat;

+local tostring = tostring;

+local unpack = unpack;

+local pairs = pairs;

+local error = error;

+local type = type;

+local _G = _G;

+

+local data = new_multitable();

+

+module "objectmanager"

+

+function set(...)

+	return data:set(...);

+end

+function remove(...)

+	return data:remove(...);

+end

+function get(...)

+	return data:get(...);

+end

+

+local function get_path(path)

+	if type(path) == "table" then return path; end

+	local s = {};

+	for part in tostring(path):gmatch("[%w_]+") do

+		t_insert(s, part);

+	end

+	return s;

+end

+

+function get_object(path)

+	path = get_path(path)

+	return data:get(unpack(path)), path;

+end

+function set_object(path, object)

+	path = get_path(path);

+	data:set(unpack(path), object);

+end

+

+data:set("ls", function(_dir)

+	local obj, dir = get_object(_dir);

+	if not obj then error("object not found: " .. t_concat(dir, '/')); end

+	local r = {};

+	if type(obj) == "table" then

+		for key, val in pairs(obj) do

+			r[key] = type(val);

+		end

+	end

+	return r;

+end);

+data:set("get", get_object);

+data:set("set", set_object);

+data:set("echo", function(...) return {...}; end);

+data:set("_G", _G);

+

+return _M;

diff --git a/core/usermanager.lua b/core/usermanager.lua
index fd8fe739..bee1502e 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -11,8 +11,12 @@
 require "util.datamanager"
 local datamanager = datamanager;
 local log = require "util.logger".init("usermanager");
+local type = type;
 local error = error;
+local ipairs = ipairs;
 local hashes = require "util.hashes";
+local jid_bare = require "util.jid".bare;
+local config = require "core.configmanager";
 
 module "usermanager"
 
@@ -59,4 +63,15 @@ function get_supported_methods(host)
 	return methods;
 end
 
+function is_admin(jid)
+	local admins = config.get("*", "core", "admins") or {};
+	if type(admins) == "table" then
+		jid = jid_bare(jid);
+		for _,admin in ipairs(admins) do
+			if admin == jid then return true; end
+		end
+	else log("debug", "Option core.admins is not a table"); end
+	return nil;
+end
+
 return _M;
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index 8f3de58d..3e392470 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -12,6 +12,9 @@ local st = require "util.stanza";
 local t_concat = table.concat;
 
 module:add_feature("jabber:iq:auth");
+module:add_event_hook("stream-features", function (session, features)
+	if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end
+end);
 
 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", 
 		function (session, stanza)
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index ed19a150..4804607b 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -17,6 +17,7 @@ local t_concat, t_insert = table.concat, table.insert;
 local tostring = tostring;
 local jid_split = require "util.jid".split
 local md5 = require "util.hashes".md5;
+local config = require "core.configmanager";
 
 local log = require "util.logger".init("mod_saslauth");
 
@@ -106,7 +107,9 @@ module:add_event_hook("stream-features",
 				-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 					features:tag("mechanism"):text("PLAIN"):up();
 					features:tag("mechanism"):text("DIGEST-MD5"):up();
-					features:tag("mechanism"):text("ANONYMOUS"):up();
+					if config.get(session.host or "*", "core", "sasl_anonymous") then
+						features:tag("mechanism"):text("ANONYMOUS"):up();
+					end
 				features:up();
 			else
 				features:tag("bind", bind_attr):tag("required"):up():up();
diff --git a/plugins/mod_xmlrpc.lua b/plugins/mod_xmlrpc.lua
index 6fdfe8be..238ee3ea 100644
--- a/plugins/mod_xmlrpc.lua
+++ b/plugins/mod_xmlrpc.lua
@@ -14,6 +14,11 @@ local st = require "util.stanza";
 local pcall = pcall;
 local unpack = unpack;
 local tostring = tostring;
+local is_admin = require "core.usermanager".is_admin;
+local jid_split = require "util.jid".split;
+local b64_decode = require "util.encodings".base64.decode;
+local get_method = require "core.objectmanager".get_object;
+local validate_credentials = require "core.usermanager".validate_credentials;
 
 local translate_request = require "util.xmlrpc".translate_request;
 local create_response = require "util.xmlrpc".create_response;
@@ -60,12 +65,6 @@ local function parse_xml(xml)
 	return stanza.tags[1];
 end
 
-local function get_method(method)
-	return function(...)
-		return {method = method; args = {...}};
-	end
-end
-
 local function handle_xmlrpc_request(method, args)
 	method = get_method(method);
 	if not method then return create_error_response(404, "method not found"); end
@@ -85,29 +84,37 @@ local function handle_xmpp_request(origin, stanza)
 	local query = stanza.tags[1];
 	if query.name == "query" then
 		if #query.tags == 1 then
-			local success, method, args = pcall(translate_request, query.tags[1]);
-			if success then
-				local result = handle_xmlrpc_request(method, args);
-				origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result));
-			else
-				origin.send(st.error_reply(stanza, "modify", "bad-request", method));
-			end
-		else
-			origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request"));
-		end
-	else
-		origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
-	end
+			if is_admin(stanza.attr.from) then
+				local success, method, args = pcall(translate_request, query.tags[1]);
+				if success then
+					local result = handle_xmlrpc_request(method, args);
+					origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result));
+				else
+					origin.send(st.error_reply(stanza, "modify", "bad-request", method));
+				end
+			else origin.send(st.error_reply(stanza, "auth", "forbidden", "No content in XML-RPC request")); end
+		else origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request")); end
+	else origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); end
 end
 module:add_iq_handler({"c2s", "s2sin"}, "jabber:iq:rpc", handle_xmpp_request);
 module:add_feature("jabber:iq:rpc");
+-- TODO add <identity category='automation' type='rpc'/> to disco replies
 
-local default_headers = { ["Content-Type"] = "text/xml" };
+local default_headers = { ['Content-Type'] = 'text/xml' };
+local unauthorized_response = { status = '401 UNAUTHORIZED', headers = {['Content-Type']='text/html', ['WWW-Authenticate']='Basic realm="WallyWorld"'}; body = "<html><body>Authentication required</body></html>"; };
 local function handle_http_request(method, body, request)
+	-- authenticate user
+	local username, password = b64_decode(request['authorization'] or ''):gmatch('([^:]*):(.*)')(); -- TODO digest auth
+	local node, host = jid_split(username);
+	if not validate_credentials(host, node, password) and is_admin(username) then
+		return unauthorized_response;
+	end
+	-- parse request
 	local stanza = body and parse_xml(body);
 	if (not stanza) or request.method ~= "POST" then
 		return "<html><body>You really don't look like an XML-RPC client to me... what do you want?</body></html>";
 	end
+	-- execute request
 	local success, method, args = pcall(translate_request, stanza);
 	if success then
 		return { headers = default_headers; body = tostring(handle_xmlrpc_request(method, args)) };
diff --git a/util/xmlrpc.lua b/util/xmlrpc.lua
index 5a391754..8b1d56cf 100644
--- a/util/xmlrpc.lua
+++ b/util/xmlrpc.lua
@@ -41,6 +41,9 @@ local map = {
 	number=function(stanza, object)
 		stanza:tag("int"):text(tostring(object)):up();
 	end;
+	["nil"]=function(stanza, object) -- nil extension
+		stanza:tag("nil"):up();
+	end;
 };
 _lua_to_xmlrpc = function(stanza, object)
 	local h = map[type(object)];
@@ -146,6 +149,9 @@ local rmap = {
 		if tostring(tonumber(n)) == n then n = tonumber(n); end
 		return n;
 	end;
+	["nil"]=function(stanza) -- nil extension
+		return nil;
+	end;
 }
 _xmlrpc_to_lua = function(stanza)
 	local h = rmap[stanza.name];