From 08fd56633452a3e95ff09e349fb08d3fe7257130 Mon Sep 17 00:00:00 2001 From: Alexander PapaTutuWawa Date: Thu, 29 Oct 2020 18:10:08 +0100 Subject: [PATCH] mix: Implement access control for channel creation Oh, and create the messages node on room creation --- mod_mix/mod_mix.lua | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/mod_mix/mod_mix.lua b/mod_mix/mod_mix.lua index 8d9b00f..b21fbad 100644 --- a/mod_mix/mod_mix.lua +++ b/mod_mix/mod_mix.lua @@ -22,7 +22,7 @@ local persistent_channel_data = module:open_store("mix_data", "keyval"); -- Configuration local default_channel_description = module:get_option("default_description", "A MIX channel for chatting"); local default_channel_name = module:get_option("default_name", "MIX channel"); -local restrict_local_channel_creation = module:get_option("restrict_local_channels", true); +local restrict_channel_creation = module:get_option("restrict_local_channels", "local"); module:depends("disco"); -- module:depends("mam"); TODO: Once message sending works @@ -185,6 +185,24 @@ module:hook("iq/bare/http://jabber.org/protocol/disco#items:query", function(eve return true; end); +function can_create_channels(user) + -- Returns true when the jid is allowed to create MIX channels. False otherwise. + if restrict_channel_creation == "local" then + -- NOTE: Taken from plugins/muc/mod_muc.lua + local host_suffix = host:gsub("^[^%.]+%.", ""); + module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(user), host_suffix); + + if jid.host(user) == host_suffix then + return true; + else + return false; + end + end + + -- TODO: Handle also true/"admin" (See mod_muc) + return true; +end + module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event) module:log("debug", "IQ-GET host disco#info"); @@ -196,14 +214,8 @@ module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function( :tag("feature", { var = "http://jabber.org/protocol/disco#info" }):up() :tag("feature", { var = mix_core_xmlns }):up(); - -- TODO: This should also check for admin and an array - if restrict_channel_creation == "local" then - -- NOTE: Taken from plugins/muc/mod_muc.lua - local host_suffix = host:gsub("^[^%.]+%.", ""); - module:log("debug", "Comparing %s (Sender) to %s (Host)", jid.host(stanza.attr.from), host_suffix); - if jid.host(stanza.attr.from) == host_suffix then - reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up(); - end + if can_create_channels(stanza.attr.from) then + reply:tag("feature", { var = mix_core_xmlns.."#create-channel" }):up(); end end); @@ -409,6 +421,7 @@ function create_channel(node, creator, adhoc) channel:publish_info(srv); -- TODO: This seems bad srv:create("urn:xmpp:mix:nodes:participants", true, { ["access_model"] = "open"}); + srv:create("urn:xmpp:mix:nodes:messages", true, { ["access_model"] = "open"}); table.insert(channels, channel); end @@ -417,6 +430,12 @@ module:hook("iq-set/host/"..mix_core_xmlns..":create", function(event) local origin, stanza = event.origin, event.stanza; local from = jid.bare(stanza.attr.from); + -- Check permissions + if not can_create_channels(from) then + origin.send(st.error_reply(stanza, "cancel", "forbidden", "Not authorized to create channels")); + return; + end + local create = stanza:get_child("create", mix_core_xmlns); local node; if create.attr.channel ~= nil then @@ -465,7 +484,7 @@ module:hook("iq-set/host/"..mix_core_xmlns..":destroy", function(event) origin.send(channel_not_found(stanza)); return; end - -- TODO: Check permissions + -- TODO: Check permissions: can_create_channels and maybe compare to the contact JIDs -- Remove all registered nodes local srv = pep.get_pep_service(node);