aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_muc.lua10
-rw-r--r--plugins/mod_register.lua22
-rw-r--r--plugins/mod_roster.lua24
-rw-r--r--plugins/mod_saslauth.lua15
4 files changed, 47 insertions, 24 deletions
diff --git a/plugins/mod_muc.lua b/plugins/mod_muc.lua
index f4c17546..117a044b 100644
--- a/plugins/mod_muc.lua
+++ b/plugins/mod_muc.lua
@@ -369,6 +369,16 @@ function handle_to_room(origin, stanza) -- presence changes and groupchat messag
elseif type ~= "error" and type ~= "result" then
origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
end
+ elseif stanza.name == "message" and not stanza.attr.type and #stanza.tags == 1 and jid_nick:get(stanza.attr.from, stanza.attr.to)
+ and stanza.tags[1].name == "x" and stanza.tags[1].attr.xmlns == "http://jabber.org/protocol/muc#user" and #stanza.tags[1].tags == 1
+ and stanza.tags[1].tags[1].name == "invite" and stanza.tags[1].tags[1].attr.to then
+ local _from, _to = stanza.attr.from, stanza.attr.to;
+ local _invitee = stanza.tags[1].tags[1].attr.to;
+ stanza.attr.from, stanza.attr.to = _to, _invitee;
+ stanza.tags[1].tags[1].attr.from, stanza.tags[1].tags[1].attr.to = _from, nil;
+ core_route_stanza(component, stanza);
+ stanza.tags[1].tags[1].attr.from, stanza.tags[1].tags[1].attr.to = nil, _invitee;
+ stanza.attr.from, stanza.attr.to = _from, _to;
else
if type == "error" or type == "result" then return; end
origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua
index eaeb8867..c04eca0a 100644
--- a/plugins/mod_register.lua
+++ b/plugins/mod_register.lua
@@ -13,6 +13,7 @@ local usermanager_user_exists = require "core.usermanager".user_exists;
local usermanager_create_user = require "core.usermanager".create_user;
local datamanager_store = require "util.datamanager".store;
local os_time = os.time;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
module:add_feature("jabber:iq:register");
@@ -29,22 +30,23 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza)
elseif stanza.attr.type == "set" then
if query.tags[1] and query.tags[1].name == "remove" then
-- TODO delete user auth data, send iq response, kick all user resources with a <not-authorized/>, delete all user data
+ local username, host = session.username, session.host;
--session.send(st.error_reply(stanza, "cancel", "not-allowed"));
--return;
- usermanager_create_user(session.username, nil, session.host); -- Disable account
+ usermanager_create_user(username, nil, host); -- Disable account
-- FIXME the disabling currently allows a different user to recreate the account
-- we should add an in-memory account block mode when we have threading
session.send(st.reply(stanza));
local roster = session.roster;
- for _, session in pairs(hosts[session.host].sessions[session.username].sessions) do -- disconnect all resources
+ for _, session in pairs(hosts[host].sessions[username].sessions) do -- disconnect all resources
session:close({condition = "not-authorized", text = "Account deleted"});
end
-- TODO datamanager should be able to delete all user data itself
- datamanager.store(session.username, session.host, "roster", nil);
- datamanager.store(session.username, session.host, "vcard", nil);
- datamanager.store(session.username, session.host, "private", nil);
- datamanager.store(session.username, session.host, "offline", nil);
- --local bare = session.username.."@"..session.host;
+ datamanager.store(username, host, "roster", nil);
+ datamanager.store(username, host, "vcard", nil);
+ datamanager.store(username, host, "private", nil);
+ datamanager.store(username, host, "offline", nil);
+ --local bare = username.."@"..host;
for jid, item in pairs(roster) do
if jid ~= "pending" then
if item.subscription == "both" or item.subscription == "to" then
@@ -55,13 +57,13 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza)
end
end
end
- datamanager.store(session.username, session.host, "accounts", nil); -- delete accounts datastore at the end
+ datamanager.store(username, host, "accounts", nil); -- delete accounts datastore at the end
else
local username = query:child_with_name("username");
local password = query:child_with_name("password");
if username and password then
-- FIXME shouldn't use table.concat
- username = table.concat(username);
+ username = nodeprep(table.concat(username));
password = table.concat(password);
if username == session.username then
if usermanager_create_user(username, password, session.host) then -- password change -- TODO is this the right way?
@@ -132,7 +134,7 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s
end
end
-- FIXME shouldn't use table.concat
- username = table.concat(username);
+ username = nodeprep(table.concat(username));
password = table.concat(password);
if usermanager_user_exists(username, session.host) then
session.send(st.error_reply(stanza, "cancel", "conflict"));
diff --git a/plugins/mod_roster.lua b/plugins/mod_roster.lua
index da375e5d..e30bc1f9 100644
--- a/plugins/mod_roster.lua
+++ b/plugins/mod_roster.lua
@@ -11,6 +11,7 @@
local st = require "util.stanza"
local jid_split = require "util.jid".split;
+local jid_prep = require "util.jid".prep;
local t_concat = table.concat;
local tostring = tostring;
@@ -61,17 +62,18 @@ module:add_iq_handler("c2s", "jabber:iq:roster",
local item = query.tags[1];
local from_node, from_host = jid_split(stanza.attr.from);
local from_bare = from_node and (from_node.."@"..from_host) or from_host; -- bare JID
- local node, host, resource = jid_split(item.attr.jid);
- local to_bare = node and (node.."@"..host) or host; -- bare JID
+ local jid = jid_prep(item.attr.jid);
+ local node, host, resource = jid_split(jid);
if not resource and host then
- if item.attr.jid ~= from_node.."@"..from_host then
+ if jid ~= from_node.."@"..from_host then
if item.attr.subscription == "remove" then
- local r_item = session.roster[item.attr.jid];
+ local r_item = session.roster[jid];
if r_item then
- local success, err_type, err_cond, err_msg = rm_remove_from_roster(session, item.attr.jid);
+ local success, err_type, err_cond, err_msg = rm_remove_from_roster(session, jid);
if success then
session.send(st.reply(stanza));
- rm_roster_push(from_node, from_host, item.attr.jid);
+ rm_roster_push(from_node, from_host, jid);
+ local to_bare = node and (node.."@"..host) or host; -- bare JID
if r_item.subscription == "both" or r_item.subscription == "from" then
handle_presence(session, st.presence({type="unsubscribed"}), from_bare, to_bare,
core_route_stanza, false);
@@ -88,9 +90,9 @@ module:add_iq_handler("c2s", "jabber:iq:roster",
else
local r_item = {name = item.attr.name, groups = {}};
if r_item.name == "" then r_item.name = nil; end
- if session.roster[item.attr.jid] then
- r_item.subscription = session.roster[item.attr.jid].subscription;
- r_item.ask = session.roster[item.attr.jid].ask;
+ if session.roster[jid] then
+ r_item.subscription = session.roster[jid].subscription;
+ r_item.ask = session.roster[jid].ask;
else
r_item.subscription = "none";
end
@@ -102,10 +104,10 @@ module:add_iq_handler("c2s", "jabber:iq:roster",
end
end
end
- local success, err_type, err_cond, err_msg = rm_add_to_roster(session, item.attr.jid, r_item);
+ local success, err_type, err_cond, err_msg = rm_add_to_roster(session, jid, r_item);
if success then
session.send(st.reply(stanza));
- rm_roster_push(from_node, from_host, item.attr.jid);
+ rm_roster_push(from_node, from_host, jid);
else
session.send(st.error_reply(stanza, err_type, err_cond, err_msg));
end
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index d3f32be3..31d62325 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -72,7 +72,15 @@ end
local function sasl_handler(session, stanza)
if stanza.name == "auth" then
-- FIXME ignoring duplicates because ejabberd does
+ if config.get(session.host or "*", "core", "anonymous_login") and stanza.attr.mechanism ~= "ANONYMOUS" then
+ return session.send(build_reply("failure", "invalid-mechanism"));
+ elseif stanza.attr.mechanism == "ANONYMOUS" then
+ return session.send(build_reply("failure", "mechanism-too-weak"));
+ end
session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback);
+ if not session.sasl_handler then
+ return session.send(build_reply("failure", "invalid-mechanism"));
+ end
elseif not session.sasl_handler then
return; -- FIXME ignoring out of order stanzas because ejabberd does
end
@@ -105,10 +113,11 @@ module:add_event_hook("stream-features",
if not session.username then
features:tag("mechanisms", mechanisms_attr);
-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
- features:tag("mechanism"):text("PLAIN"):up();
- features:tag("mechanism"):text("DIGEST-MD5"):up();
- if config.get(session.host or "*", "core", "sasl_anonymous") then
+ if config.get(session.host or "*", "core", "anonymous_login") then
features:tag("mechanism"):text("ANONYMOUS"):up();
+ else
+ features:tag("mechanism"):text("DIGEST-MD5"):up();
+ features:tag("mechanism"):text("PLAIN"):up();
end
features:up();
else
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 06:58:06 +0000