aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2009-03-14 16:05:22 +0000
committerMatthew Wild <mwild1@gmail.com>2009-03-14 16:05:22 +0000
commitbcd9d386bf3d145872796dd6bb183a34bf64b2f8 (patch)
tree3191e9e9af444ce237f12aa322c891fea9aefc17 /plugins
parent94692c20efb3c0edc09710f509c0c310e5c9d0c1 (diff)
parentd2ebe25dc579fb0ab21e411518c50eee1fae0f99 (diff)
downloadprosody-bcd9d386bf3d145872796dd6bb183a34bf64b2f8.tar.gz
prosody-bcd9d386bf3d145872796dd6bb183a34bf64b2f8.zip
Merge
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_legacyauth.lua3
-rw-r--r--plugins/mod_saslauth.lua5
-rw-r--r--plugins/mod_xmlrpc.lua47
3 files changed, 34 insertions, 21 deletions
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index 8f3de58d..3e392470 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -12,6 +12,9 @@ local st = require "util.stanza";
local t_concat = table.concat;
module:add_feature("jabber:iq:auth");
+module:add_event_hook("stream-features", function (session, features)
+ if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end
+end);
module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
function (session, stanza)
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index ed19a150..4804607b 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -17,6 +17,7 @@ local t_concat, t_insert = table.concat, table.insert;
local tostring = tostring;
local jid_split = require "util.jid".split
local md5 = require "util.hashes".md5;
+local config = require "core.configmanager";
local log = require "util.logger".init("mod_saslauth");
@@ -106,7 +107,9 @@ module:add_event_hook("stream-features",
-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
features:tag("mechanism"):text("PLAIN"):up();
features:tag("mechanism"):text("DIGEST-MD5"):up();
- features:tag("mechanism"):text("ANONYMOUS"):up();
+ if config.get(session.host or "*", "core", "sasl_anonymous") then
+ features:tag("mechanism"):text("ANONYMOUS"):up();
+ end
features:up();
else
features:tag("bind", bind_attr):tag("required"):up():up();
diff --git a/plugins/mod_xmlrpc.lua b/plugins/mod_xmlrpc.lua
index 6fdfe8be..238ee3ea 100644
--- a/plugins/mod_xmlrpc.lua
+++ b/plugins/mod_xmlrpc.lua
@@ -14,6 +14,11 @@ local st = require "util.stanza";
local pcall = pcall;
local unpack = unpack;
local tostring = tostring;
+local is_admin = require "core.usermanager".is_admin;
+local jid_split = require "util.jid".split;
+local b64_decode = require "util.encodings".base64.decode;
+local get_method = require "core.objectmanager".get_object;
+local validate_credentials = require "core.usermanager".validate_credentials;
local translate_request = require "util.xmlrpc".translate_request;
local create_response = require "util.xmlrpc".create_response;
@@ -60,12 +65,6 @@ local function parse_xml(xml)
return stanza.tags[1];
end
-local function get_method(method)
- return function(...)
- return {method = method; args = {...}};
- end
-end
-
local function handle_xmlrpc_request(method, args)
method = get_method(method);
if not method then return create_error_response(404, "method not found"); end
@@ -85,29 +84,37 @@ local function handle_xmpp_request(origin, stanza)
local query = stanza.tags[1];
if query.name == "query" then
if #query.tags == 1 then
- local success, method, args = pcall(translate_request, query.tags[1]);
- if success then
- local result = handle_xmlrpc_request(method, args);
- origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result));
- else
- origin.send(st.error_reply(stanza, "modify", "bad-request", method));
- end
- else
- origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request"));
- end
- else
- origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
- end
+ if is_admin(stanza.attr.from) then
+ local success, method, args = pcall(translate_request, query.tags[1]);
+ if success then
+ local result = handle_xmlrpc_request(method, args);
+ origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result));
+ else
+ origin.send(st.error_reply(stanza, "modify", "bad-request", method));
+ end
+ else origin.send(st.error_reply(stanza, "auth", "forbidden", "No content in XML-RPC request")); end
+ else origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request")); end
+ else origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); end
end
module:add_iq_handler({"c2s", "s2sin"}, "jabber:iq:rpc", handle_xmpp_request);
module:add_feature("jabber:iq:rpc");
+-- TODO add <identity category='automation' type='rpc'/> to disco replies
-local default_headers = { ["Content-Type"] = "text/xml" };
+local default_headers = { ['Content-Type'] = 'text/xml' };
+local unauthorized_response = { status = '401 UNAUTHORIZED', headers = {['Content-Type']='text/html', ['WWW-Authenticate']='Basic realm="WallyWorld"'}; body = "<html><body>Authentication required</body></html>"; };
local function handle_http_request(method, body, request)
+ -- authenticate user
+ local username, password = b64_decode(request['authorization'] or ''):gmatch('([^:]*):(.*)')(); -- TODO digest auth
+ local node, host = jid_split(username);
+ if not validate_credentials(host, node, password) and is_admin(username) then
+ return unauthorized_response;
+ end
+ -- parse request
local stanza = body and parse_xml(body);
if (not stanza) or request.method ~= "POST" then
return "<html><body>You really don't look like an XML-RPC client to me... what do you want?</body></html>";
end
+ -- execute request
local success, method, args = pcall(translate_request, stanza);
if success then
return { headers = default_headers; body = tostring(handle_xmlrpc_request(method, args)) };