Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | mod_authz_internal: Use util.roles, some API changes and config support | Matthew Wild | 2022-07-19 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | This commit was too awkward to split (hg record didn't like it), so: - Switch to the new util.roles lib to provide a consistent representation of a role object. - Change API method from get_role_info() to get_role_by_name() (touches sessionmanager and usermanager) - Change get_roles() to get_user_roles(), take a username instead of a JID This is more consistent with all other usermanager API methods. - Support configuration of custom roles and permissions via the config file (to be documented). | ||||
* | Switch to a new role-based authorization framework, removing is_admin() | Matthew Wild | 2022-06-15 | 1 | -3/+12 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We began moving away from simple "is this user an admin?" permission checks before 0.12, with the introduction of mod_authz_internal and the ability to dynamically change the roles of individual users. The approach in 0.12 still had various limitations however, and apart from the introduction of roles other than "admin" and the ability to pull that info from storage, not much actually changed. This new framework shakes things up a lot, though aims to maintain the same functionality and behaviour on the surface for a default Prosody configuration. That is, if you don't take advantage of any of the new features, you shouldn't notice any change. The biggest change visible to developers is that usermanager.is_admin() (and the auth provider is_admin() method) have been removed. Gone. Completely. Permission checks should now be performed using a new module API method: module:may(action_name, context) This method accepts an action name, followed by either a JID (string) or (preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g. the standard object passed to most events). It will return true if the action should be permitted, or false/nil otherwise. Modules should no longer perform permission checks based on the role name. E.g. a lot of code previously checked if the user's role was prosody:admin before permitting some action. Since many roles might now exist with similar permissions, and the permissions of prosody:admin may be redefined dynamically, it is no longer suitable to use this method for permission checks. Use module:may(). If you start an action name with ':' (recommended) then the current module's name will automatically be used as a prefix. To define a new permission, use the new module API: module:default_permission(role_name, action_name) module:default_permissions(role_name, { action_name[, action_name...] }) This grants the specified role permission to execute the named action(s) by default. This may be overridden via other mechanisms external to your module. The built-in roles that developers should use are: - prosody:user (normal user) - prosody:admin (host admin) - prosody:operator (global admin) The new prosody:operator role is intended for server-wide actions (such as shutting down Prosody). Finally, all usage of is_admin() in modules has been fixed by this commit. Some of these changes were trickier than others, but no change is expected to break existing deployments. EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's very possible nobody is using this, but if someone is then we can later update it to pull roles from LDAP somehow. | ||||
* | core.sessionmanager: Add a dummy rawsend() method to resting sessions | Kim Alvefur | 2021-04-15 | 1 | -0/+1 |
| | | | | | | | Should fix a traceback on attempted use after destruction, in case where opportunistic_writes was in use. Thanks Ge0rG | ||||
* | sessionmanager: Support passing an auth scope to make_authenticated | Matthew Wild | 2020-02-05 | 1 | -1/+2 |
| | |||||
* | core.sessionmanager: Require that client-requested resources pass strict ↵ | Kim Alvefur | 2019-11-02 | 1 | -1/+1 |
| | | | | resourceprep | ||||
* | core.sessionmanager: Fix traceback from passing nil to resourceprep | Kim Alvefur | 2019-11-02 | 1 | -1/+1 |
| | |||||
* | core.sessionmanager: Remove tostring call from logging | Kim Alvefur | 2019-07-30 | 1 | -3/+3 |
| | | | | Taken care of by loggingmanager now | ||||
* | core/sessionmanager: Remove unnecessary fallback in make_authenticated | Maxime “pep” Buquet | 2019-06-01 | 1 | -1/+1 |
| | |||||
* | core.sessionmanager: Use util.session to create sessions | Kim Alvefur | 2019-03-29 | 1 | -1/+7 |
| | |||||
* | sessionmanager: Split byte-level sending into separate session.rawsend | Kim Alvefur | 2019-03-24 | 1 | -8/+14 |
| | |||||
* | sessionmanager, mod_s2s: Bring debug line for outgoing stanzas in line with ↵ | Kim Alvefur | 2018-07-24 | 1 | -1/+1 |
| | | | | that for incoming | ||||
* | sessionmanager: Log top tag of outgoing stanzas on c2s (#776) | Kim Alvefur | 2018-07-22 | 1 | -0/+1 |
| | |||||
* | sessionmanager: Generate shorter random resoures | Kim Alvefur | 2018-05-29 | 1 | -3/+3 |
| | |||||
* | core: Use prosody.hosts instead of _G.hosts for consistency | Kim Alvefur | 2018-03-29 | 1 | -1/+1 |
| | |||||
* | vairious: Add annotation when an empty environment is set [luacheck] | Kim Alvefur | 2018-02-28 | 1 | -0/+1 |
| | |||||
* | Merge 0.10 -> trunk | Matthew Wild | 2017-07-28 | 1 | -0/+4 |
|\ | |||||
| * | sessionmanager: Revert session.type if binding fails due to roster load error | Matthew Wild | 2017-07-28 | 1 | -0/+4 |
| | | |||||
* | | Merge 0.10->trunk | Kim Alvefur | 2017-03-06 | 1 | -1/+5 |
|\| | |||||
| * | core: Allow select core modules to mutate some globals (needs luacheck 1.19) | Kim Alvefur | 2017-03-04 | 1 | -0/+1 |
| | | |||||
| * | core: Split some very long lines [luacheck] | Kim Alvefur | 2017-03-04 | 1 | -1/+4 |
| | | |||||
* | | Merge 0.10->trunk | Kim Alvefur | 2016-12-14 | 1 | -1/+4 |
|\| | |||||
| * | core.sessionmanager, mod_saslauth: Introduce intermediate session type for ↵ | Kim Alvefur | 2016-12-13 | 1 | -1/+4 |
| | | | | | | | | authenticated but unbound sessions so that resource binding is not treated as a normal stanza | ||||
| * | mod_c2s: Remove use of util.async | Kim Alvefur | 2016-03-17 | 1 | -1/+0 |
|/ | |||||
* | sessionmanager: Demote write error to debug message | Kim Alvefur | 2015-11-05 | 1 | -1/+1 |
| | |||||
* | sessionmanager: Clarify log message when failing to write data to connection | Kim Alvefur | 2015-11-04 | 1 | -3/+2 |
| | |||||
* | sessionmanager: Make session.send() return true unless there really is an error | Kim Alvefur | 2015-09-21 | 1 | -1/+7 |
| | |||||
* | core.*: Remove use of module() function | Kim Alvefur | 2015-02-21 | 1 | -9/+17 |
| | |||||
* | sessionmanager: Rename argument to avoid name clash with local variable ↵ | Matthew Wild | 2015-05-06 | 1 | -2/+2 |
| | | | | [luacheck] | ||||
* | sessionmanager: Rename unused loop variables to '_' [luacheck] | Matthew Wild | 2015-05-06 | 1 | -2/+2 |
| | |||||
* | portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, ↵ | Matthew Wild | 2015-05-06 | 1 | -2/+2 |
| | | | | usermanager, util.xml: Add luacheck annotations | ||||
* | sessionmanager: Rename parameter to avoid varible name conflict | Matthew Wild | 2015-04-03 | 1 | -2/+2 |
| | |||||
* | Merge 0.9->0.10 (third time lucky) | Matthew Wild | 2015-03-27 | 1 | -1/+1 |
|\ | |||||
| * | sessionmanager: Return 'not-allowed' error instead of the non-existent ↵ | Matthew Wild | 2015-03-24 | 1 | -1/+1 |
| | | | | | | | | 'already-bound' error when client tries to bind a resource twice on the same stream (thanks Flow) fixes issue #484. | ||||
* | | sessionmanager: Add pre-resource-bind event that would let plugins have a ↵ | Kim Alvefur | 2015-01-30 | 1 | -0/+10 |
| | | | | | | | | say in resource binding | ||||
* | | sessionmanager: Access bare_session and full_sessions through 'prosody' | Matthew Wild | 2015-01-20 | 1 | -2/+2 |
| | | |||||
* | | core.sessionmanager: Set a fake thread on destroyed sessions, fixes ↵ | Kim Alvefur | 2014-09-11 | 1 | -0/+1 |
| | | | | | | | | traceback if stanzas are emitted after a session is destroyed (thanks Sven Blumenstein) | ||||
* | | Remove all trailing whitespace | Florian Zeitz | 2013-08-09 | 1 | -12/+12 |
|/ | |||||
* | sessionmanager, s2smanager: Remove unused imports | Matthew Wild | 2013-04-11 | 1 | -3/+0 |
| | |||||
* | sessionmanager, s2smanager: Remove open_session tracing | Matthew Wild | 2013-04-08 | 1 | -10/+1 |
| | |||||
* | core.*: Complete removal of all traces of the "core" section and ↵ | Kim Alvefur | 2013-03-23 | 1 | -1/+1 |
| | | | | section-related code. | ||||
* | s2smanager: Generate session names used for logging the same way everywhere | Kim Alvefur | 2013-01-24 | 1 | -1/+1 |
| | |||||
* | sessionmanager: Log the actual error message when roster loading fails. | Waqas Hussain | 2012-11-30 | 1 | -0/+1 |
| | |||||
* | sessionmanager: Lower 'destroying session' message to 'debug' level (from ↵ | Matthew Wild | 2012-07-23 | 1 | -1/+1 |
| | | | | 'info') | ||||
* | Hopefully inert commit to clean up logging across a number of modules, ↵ | Matthew Wild | 2012-07-23 | 1 | -1/+1 |
| | | | | removing all cases of concatenation when building log messages | ||||
* | sessionmanager: Clean up some unused variables and imports | Matthew Wild | 2012-07-22 | 1 | -7/+2 |
| | |||||
* | sessionmanager: Have session.send() of a retired session return false to ↵ | Matthew Wild | 2012-07-22 | 1 | -1/+1 |
| | | | | indicate failure | ||||
* | sessionmanager: Remove max_resources config option and check, incorrect ↵ | Matthew Wild | 2012-05-03 | 1 | -4/+0 |
| | | | | anyway (thanks Zash) | ||||
* | sessionmanager: Require uuid_generate() | Matthew Wild | 2012-01-23 | 1 | -0/+1 |
| | |||||
* | sessionmanager, mod_c2s: Move timeout logic to mod_c2s | Matthew Wild | 2012-01-23 | 1 | -10/+0 |
| | |||||
* | mod_c2s, sessionmanager, xmppclient_listener: Move all c2s network and ↵ | Matthew Wild | 2012-01-22 | 1 | -49/+0 |
| | | | | stream logic into a new module, mod_c2s |