From 1f437623ad987328bcd6ca34b551f14415985b32 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 27 Jan 2020 21:54:59 +0000 Subject: usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish). Note: Removes the ability for mod_auth_* providers to determine user admin status. Such modules will need to have their is_admin methods ported to be a mod_authz_* provider. --- core/usermanager.lua | 62 +++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 30 deletions(-) (limited to 'core/usermanager.lua') diff --git a/core/usermanager.lua b/core/usermanager.lua index bb5669cf..ec98d12f 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -9,12 +9,13 @@ local modulemanager = require "core.modulemanager"; local log = require "util.logger".init("usermanager"); local type = type; -local ipairs = ipairs; local jid_bare = require "util.jid".bare; +local jid_split = require "util.jid".split; local jid_prep = require "util.jid".prep; local config = require "core.configmanager"; local sasl_new = require "util.sasl".new; local storagemanager = require "core.storagemanager"; +local set = require "util.set"; local prosody = _G.prosody; local hosts = prosody.hosts; @@ -34,6 +35,22 @@ local function new_null_provider() }); end +local global_admins_config = config.get("*", "admins"); +if type(global_admins_config) ~= "table" then + global_admins_config = nil; -- TODO: factor out moduleapi magic config handling and use it here +end +local global_admins = set.new(global_admins_config) / jid_prep; + +local admin_role = { ["prosody:admin"] = true }; +local global_authz_provider = { + get_user_roles = function (user) end; --luacheck: ignore 212/user + get_jid_roles = function (jid) + if global_admins:contains(jid) then + return admin_role; + end + end; +}; + local provider_mt = { __index = new_null_provider() }; local function initialize_host(host) @@ -66,6 +83,11 @@ local function initialize_host(host) if auth_provider ~= "null" then modulemanager.load(host, "auth_"..auth_provider); end + + local authz_provider_name = config.get(host, "authorization") or "internal"; + + local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); + host_session.authz = authz_mod or global_authz_provider; end; prosody.events.add_handler("host-activated", initialize_host, 100); @@ -120,38 +142,18 @@ local function is_admin(jid, host) jid = jid_bare(jid); host = host or "*"; - local host_admins = config.get(host, "admins"); - local global_admins = config.get("*", "admins"); - - if host_admins and host_admins ~= global_admins then - if type(host_admins) == "table" then - for _,admin in ipairs(host_admins) do - if jid_prep(admin) == jid then - return true; - end - end - elseif host_admins then - log("error", "Option 'admins' for host '%s' is not a list", host); - end - end + local actor_user, actor_host = jid_split(jid); + local roles; - if global_admins then - if type(global_admins) == "table" then - for _,admin in ipairs(global_admins) do - if jid_prep(admin) == jid then - return true; - end - end - elseif global_admins then - log("error", "Global option 'admins' is not a list"); - end - end + local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; - -- Still not an admin, check with auth provider - if host ~= "*" and hosts[host].users and hosts[host].users.is_admin then - return hosts[host].users.is_admin(jid); + if actor_host == host then -- Local user + roles = authz_provider.get_user_roles(actor_user); + else -- Remote user/JID + roles = authz_provider.get_jid_roles(jid); end - return false; + + return roles and roles["prosody:admin"]; end return { -- cgit v1.2.3 From b177628d3c336437b7098935b2e1040dc254e46a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 27 Jan 2020 22:09:19 +0000 Subject: usermanager: Load authz providers on components also --- core/usermanager.lua | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'core/usermanager.lua') diff --git a/core/usermanager.lua b/core/usermanager.lua index ec98d12f..47d157bf 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -55,6 +55,12 @@ local provider_mt = { __index = new_null_provider() }; local function initialize_host(host) local host_session = hosts[host]; + + local authz_provider_name = config.get(host, "authorization") or "internal"; + + local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); + host_session.authz = authz_mod or global_authz_provider; + if host_session.type ~= "local" then return; end host_session.events.add_handler("item-added/auth-provider", function (event) @@ -84,10 +90,6 @@ local function initialize_host(host) modulemanager.load(host, "auth_"..auth_provider); end - local authz_provider_name = config.get(host, "authorization") or "internal"; - - local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); - host_session.authz = authz_mod or global_authz_provider; end; prosody.events.add_handler("host-activated", initialize_host, 100); -- cgit v1.2.3 From 34abcc8bd5da00be68279f31b747a341f23d1c11 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 27 Jan 2020 22:28:52 +0000 Subject: mod_authz_internal, usermanager: Rename to mod_authz_config --- core/usermanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core/usermanager.lua') diff --git a/core/usermanager.lua b/core/usermanager.lua index 47d157bf..4a1e18f9 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -56,7 +56,7 @@ local provider_mt = { __index = new_null_provider() }; local function initialize_host(host) local host_session = hosts[host]; - local authz_provider_name = config.get(host, "authorization") or "internal"; + local authz_provider_name = config.get(host, "authorization") or "config"; local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); host_session.authz = authz_mod or global_authz_provider; -- cgit v1.2.3 From 3fb671e0a3ebec083770b6ea0bf91b1489ebf833 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 5 Feb 2020 17:41:14 +0000 Subject: usermanager: Add get_roles() function --- core/usermanager.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'core/usermanager.lua') diff --git a/core/usermanager.lua b/core/usermanager.lua index 4a1e18f9..acdc7909 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -137,7 +137,7 @@ local function get_provider(host) return hosts[host].users; end -local function is_admin(jid, host) +local function get_roles(jid, host) if host and not hosts[host] then return false; end if type(jid) ~= "string" then return false; end @@ -155,6 +155,11 @@ local function is_admin(jid, host) roles = authz_provider.get_jid_roles(jid); end + return roles; +end + +local function is_admin(jid, host) + local roles = get_roles(jid, host); return roles and roles["prosody:admin"]; end @@ -170,5 +175,6 @@ return { users = users; get_sasl_handler = get_sasl_handler; get_provider = get_provider; + get_roles = get_roles; is_admin = is_admin; }; -- cgit v1.2.3 From 8d04879adfbe5d4039a14c5bd10e95ee4b051566 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 23 Feb 2020 12:38:43 +0000 Subject: usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter --- core/usermanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core/usermanager.lua') diff --git a/core/usermanager.lua b/core/usermanager.lua index acdc7909..aced0379 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -56,7 +56,7 @@ local provider_mt = { __index = new_null_provider() }; local function initialize_host(host) local host_session = hosts[host]; - local authz_provider_name = config.get(host, "authorization") or "config"; + local authz_provider_name = config.get(host, "authorization") or "internal"; local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); host_session.authz = authz_mod or global_authz_provider; -- cgit v1.2.3 From 8f5d92c15e9a26ca360454df6cab03f21c8eba39 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 19 Mar 2020 14:12:40 +0000 Subject: usermanager: Fix traceback when checking admin status of host-only JIDs (fixes #1508) --- core/usermanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core/usermanager.lua') diff --git a/core/usermanager.lua b/core/usermanager.lua index aced0379..11707450 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -149,7 +149,7 @@ local function get_roles(jid, host) local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; - if actor_host == host then -- Local user + if actor_user and actor_host == host then -- Local user roles = authz_provider.get_user_roles(actor_user); else -- Remote user/JID roles = authz_provider.get_jid_roles(jid); -- cgit v1.2.3