From b2b9301c9ecdf9903c85a3e686ca186ecd73113c Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 8 Mar 2009 01:06:37 +0500 Subject: util/xmlrpc: Added extension to RPC functions (allowing nil parameters and return values) --- util/xmlrpc.lua | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/util/xmlrpc.lua b/util/xmlrpc.lua index 5a391754..8b1d56cf 100644 --- a/util/xmlrpc.lua +++ b/util/xmlrpc.lua @@ -41,6 +41,9 @@ local map = { number=function(stanza, object) stanza:tag("int"):text(tostring(object)):up(); end; + ["nil"]=function(stanza, object) -- nil extension + stanza:tag("nil"):up(); + end; }; _lua_to_xmlrpc = function(stanza, object) local h = map[type(object)]; @@ -146,6 +149,9 @@ local rmap = { if tostring(tonumber(n)) == n then n = tonumber(n); end return n; end; + ["nil"]=function(stanza) -- nil extension + return nil; + end; } _xmlrpc_to_lua = function(stanza) local h = rmap[stanza.name]; -- cgit v1.2.3 From 4f4129d52df7ae37f4e65c3dfae7d08728d3e741 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 8 Mar 2009 01:07:29 +0500 Subject: Added core.objectmanager --- core/objectmanager.lua | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++ plugins/mod_xmlrpc.lua | 5 +++-- 2 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 core/objectmanager.lua diff --git a/core/objectmanager.lua b/core/objectmanager.lua new file mode 100644 index 00000000..b8e5eb3f --- /dev/null +++ b/core/objectmanager.lua @@ -0,0 +1,60 @@ + +local new_multitable = require "util.multitable".new; +local t_insert = table.insert; +local t_concat = table.concat; +local tostring = tostring; +local unpack = unpack; +local pairs = pairs; +local error = error; +local type = type; +local _G = _G; + +local data = new_multitable(); + +module "objectmanager" + +function set(...) + return data:set(...); +end +function remove(...) + return data:remove(...); +end +function get(...) + return data:get(...); +end + +local function get_path(path) + if type(path) == "table" then return path; end + local s = {}; + for part in tostring(path):gmatch("[%w_]+") do + t_insert(s, part); + end + return s; +end + +function get_object(path) + path = get_path(path) + return data:get(unpack(path)), path; +end +function set_object(path, object) + path = get_path(path); + data:set(unpack(path), object); +end + +data:set("ls", function(_dir) + local obj, dir = get_object(_dir); + if not obj then error("object not found: " .. t_concat(dir, '/')); end + local r = {}; + if type(obj) == "table" then + for key, val in pairs(obj) do + r[key] = type(val); + end + end + return r; +end); +data:set("get", get_object); +data:set("set", set_object); +data:set("echo", function(...) return {...}; end); +data:set("_G", _G); + +return _M; diff --git a/plugins/mod_xmlrpc.lua b/plugins/mod_xmlrpc.lua index 6fdfe8be..8174462a 100644 --- a/plugins/mod_xmlrpc.lua +++ b/plugins/mod_xmlrpc.lua @@ -60,11 +60,12 @@ local function parse_xml(xml) return stanza.tags[1]; end -local function get_method(method) +--[[local function get_method(method) return function(...) return {method = method; args = {...}}; end -end +end]] +local get_method = require "core.objectmanager".get_object; local function handle_xmlrpc_request(method, args) method = get_method(method); -- cgit v1.2.3 From 90fa7296e47fa3439f9842b6904c35dba48364e7 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 7 Mar 2009 20:17:09 +0000 Subject: mod_saslauth: Disable SASL ANONYMOUS unless explicitly enabled with sasl_anonymous = true --- plugins/mod_saslauth.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index ed19a150..4804607b 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -17,6 +17,7 @@ local t_concat, t_insert = table.concat, table.insert; local tostring = tostring; local jid_split = require "util.jid".split local md5 = require "util.hashes".md5; +local config = require "core.configmanager"; local log = require "util.logger".init("mod_saslauth"); @@ -106,7 +107,9 @@ module:add_event_hook("stream-features", -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. features:tag("mechanism"):text("PLAIN"):up(); features:tag("mechanism"):text("DIGEST-MD5"):up(); - features:tag("mechanism"):text("ANONYMOUS"):up(); + if config.get(session.host or "*", "core", "sasl_anonymous") then + features:tag("mechanism"):text("ANONYMOUS"):up(); + end features:up(); else features:tag("bind", bind_attr):tag("required"):up():up(); -- cgit v1.2.3 From 612012dcb6f66e108bc82f9237597c21aeeb28b4 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 8 Mar 2009 03:46:44 +0500 Subject: usermanager: Added is_admin(jid) --- core/usermanager.lua | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/core/usermanager.lua b/core/usermanager.lua index fd8fe739..bee1502e 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -11,8 +11,12 @@ require "util.datamanager" local datamanager = datamanager; local log = require "util.logger".init("usermanager"); +local type = type; local error = error; +local ipairs = ipairs; local hashes = require "util.hashes"; +local jid_bare = require "util.jid".bare; +local config = require "core.configmanager"; module "usermanager" @@ -59,4 +63,15 @@ function get_supported_methods(host) return methods; end +function is_admin(jid) + local admins = config.get("*", "core", "admins") or {}; + if type(admins) == "table" then + jid = jid_bare(jid); + for _,admin in ipairs(admins) do + if admin == jid then return true; end + end + else log("debug", "Option core.admins is not a table"); end + return nil; +end + return _M; -- cgit v1.2.3 From c7333421616f6c5d32f136ad8bcb795a7c393554 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 8 Mar 2009 04:49:51 +0500 Subject: mod_legacyauth: Added stream feature: --- plugins/mod_legacyauth.lua | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index 8f3de58d..3e392470 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -12,6 +12,9 @@ local st = require "util.stanza"; local t_concat = table.concat; module:add_feature("jabber:iq:auth"); +module:add_event_hook("stream-features", function (session, features) + if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end +end); module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", function (session, stanza) -- cgit v1.2.3 From 61ca31c484a4ad127d9088aaf14914c3af37a26a Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 8 Mar 2009 05:03:22 +0500 Subject: mod_xmlrpc: Limit usage to admins --- plugins/mod_xmlrpc.lua | 48 +++++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/plugins/mod_xmlrpc.lua b/plugins/mod_xmlrpc.lua index 8174462a..238ee3ea 100644 --- a/plugins/mod_xmlrpc.lua +++ b/plugins/mod_xmlrpc.lua @@ -14,6 +14,11 @@ local st = require "util.stanza"; local pcall = pcall; local unpack = unpack; local tostring = tostring; +local is_admin = require "core.usermanager".is_admin; +local jid_split = require "util.jid".split; +local b64_decode = require "util.encodings".base64.decode; +local get_method = require "core.objectmanager".get_object; +local validate_credentials = require "core.usermanager".validate_credentials; local translate_request = require "util.xmlrpc".translate_request; local create_response = require "util.xmlrpc".create_response; @@ -60,13 +65,6 @@ local function parse_xml(xml) return stanza.tags[1]; end ---[[local function get_method(method) - return function(...) - return {method = method; args = {...}}; - end -end]] -local get_method = require "core.objectmanager".get_object; - local function handle_xmlrpc_request(method, args) method = get_method(method); if not method then return create_error_response(404, "method not found"); end @@ -86,29 +84,37 @@ local function handle_xmpp_request(origin, stanza) local query = stanza.tags[1]; if query.name == "query" then if #query.tags == 1 then - local success, method, args = pcall(translate_request, query.tags[1]); - if success then - local result = handle_xmlrpc_request(method, args); - origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result)); - else - origin.send(st.error_reply(stanza, "modify", "bad-request", method)); - end - else - origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request")); - end - else - origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); - end + if is_admin(stanza.attr.from) then + local success, method, args = pcall(translate_request, query.tags[1]); + if success then + local result = handle_xmlrpc_request(method, args); + origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result)); + else + origin.send(st.error_reply(stanza, "modify", "bad-request", method)); + end + else origin.send(st.error_reply(stanza, "auth", "forbidden", "No content in XML-RPC request")); end + else origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request")); end + else origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); end end module:add_iq_handler({"c2s", "s2sin"}, "jabber:iq:rpc", handle_xmpp_request); module:add_feature("jabber:iq:rpc"); +-- TODO add to disco replies -local default_headers = { ["Content-Type"] = "text/xml" }; +local default_headers = { ['Content-Type'] = 'text/xml' }; +local unauthorized_response = { status = '401 UNAUTHORIZED', headers = {['Content-Type']='text/html', ['WWW-Authenticate']='Basic realm="WallyWorld"'}; body = "Authentication required"; }; local function handle_http_request(method, body, request) + -- authenticate user + local username, password = b64_decode(request['authorization'] or ''):gmatch('([^:]*):(.*)')(); -- TODO digest auth + local node, host = jid_split(username); + if not validate_credentials(host, node, password) and is_admin(username) then + return unauthorized_response; + end + -- parse request local stanza = body and parse_xml(body); if (not stanza) or request.method ~= "POST" then return "You really don't look like an XML-RPC client to me... what do you want?"; end + -- execute request local success, method, args = pcall(translate_request, stanza); if success then return { headers = default_headers; body = tostring(handle_xmlrpc_request(method, args)) }; -- cgit v1.2.3