prosody-modules: mod_seclabels/mod_seclabels.lua@39c2824c2880 (annotated)

252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	1	local st = require "util.stanza";
981 020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	2	local xml = require "util.xml";
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	3
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	4	local xmlns_label = "urn:xmpp:sec-label:0";
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	5	local xmlns_label_catalog = "urn:xmpp:sec-label:catalog:2";
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	6	local xmlns_label_catalog_old = "urn:xmpp:sec-label:catalog:0"; -- COMPAT
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	7
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	8	module:add_feature(xmlns_label);
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	9	module:add_feature(xmlns_label_catalog);
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	10	module:add_feature(xmlns_label_catalog_old);
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	11
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	12	module:hook("account-disco-info", function(event) -- COMPAT
266 e7296274f48c mod_seclabels: Advertise features in account disco#info, fixes interop with Swift Kim Alvefur <zash@zash.se> parents: 252 diff changeset	13	local stanza = event.stanza;
1310 2df312eb816d mod_seclabels: Avoid tracebacks about indexing nil stanza Vadim Misbakh-Soloviov <mva@mva.name> parents: 981 diff changeset	14	if stanza then
2df312eb816d mod_seclabels: Avoid tracebacks about indexing nil stanza Vadim Misbakh-Soloviov <mva@mva.name> parents: 981 diff changeset	15	stanza:tag('feature', {var=xmlns_label}):up();
2df312eb816d mod_seclabels: Avoid tracebacks about indexing nil stanza Vadim Misbakh-Soloviov <mva@mva.name> parents: 981 diff changeset	16	stanza:tag('feature', {var=xmlns_label_catalog}):up();
2df312eb816d mod_seclabels: Avoid tracebacks about indexing nil stanza Vadim Misbakh-Soloviov <mva@mva.name> parents: 981 diff changeset	17	end;
266 e7296274f48c mod_seclabels: Advertise features in account disco#info, fixes interop with Swift Kim Alvefur <zash@zash.se> parents: 252 diff changeset	18	end);
e7296274f48c mod_seclabels: Advertise features in account disco#info, fixes interop with Swift Kim Alvefur <zash@zash.se> parents: 252 diff changeset	19
449 08ffbbdafeea mod_seclabels: Fetch catalog from config. Kim Alvefur <zash@zash.se> parents: 266 diff changeset	20	local default_labels = {
452 48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	21	{
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	22	name = "Unclassified",
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	23	label = true,
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	24	default = true,
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	25	},
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	26	Classified = {
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	27	SECRET = { color = "black", bgcolor = "aqua", label = "THISISSECRET" };
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	28	PUBLIC = { label = "THISISPUBLIC" };
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	29	};
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	30	};
937 5276e1fc26b6 mod_seclabels: Remove config-reloaded hook. Just reload the module to update Kim Alvefur <zash@zash.se> parents: 452 diff changeset	31	local catalog_name = module:get_option_string("security_catalog_name", "Default");
5276e1fc26b6 mod_seclabels: Remove config-reloaded hook. Just reload the module to update Kim Alvefur <zash@zash.se> parents: 452 diff changeset	32	local catalog_desc = module:get_option_string("security_catalog_desc", "My labels");
5276e1fc26b6 mod_seclabels: Remove config-reloaded hook. Just reload the module to update Kim Alvefur <zash@zash.se> parents: 452 diff changeset	33	local labels = module:get_option("security_labels", default_labels);
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	34
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	35	function handle_catalog_request(request)
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	36	local catalog_request = request.stanza.tags[1];
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	37	local reply = st.reply(request.stanza)
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	38	:tag("catalog", {
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	39	xmlns = catalog_request.attr.xmlns,
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	40	to = catalog_request.attr.to,
449 08ffbbdafeea mod_seclabels: Fetch catalog from config. Kim Alvefur <zash@zash.se> parents: 266 diff changeset	41	name = catalog_name,
08ffbbdafeea mod_seclabels: Fetch catalog from config. Kim Alvefur <zash@zash.se> parents: 266 diff changeset	42	desc = catalog_desc
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	43	});
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1310 diff changeset	44
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	45	local function add_labels(catalog, labels, selector)
452 48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	46	local function add_item(item, name)
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	47	local name = name or item.name;
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	48	if item.label then
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	49	if catalog_request.attr.xmlns == xmlns_label_catalog then
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	50	catalog:tag("item", {
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	51	selector = selector..name,
452 48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	52	default = item.default and "true" or nil,
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	53	}):tag("securitylabel", { xmlns = xmlns_label })
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	54	else -- COMPAT
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	55	catalog:tag("securitylabel", {
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	56	xmlns = xmlns_label,
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	57	selector = selector..name,
452 48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	58	default = item.default and "true" or nil,
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	59	})
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	60	end
452 48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	61	if item.display or item.color or item.bgcolor then
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	62	catalog:tag("displaymarking", {
452 48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	63	fgcolor = item.color,
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	64	bgcolor = item.bgcolor,
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	65	}):text(item.display or name):up();
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	66	end
981 020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	67	if item.label == true then
020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	68	catalog:tag("label"):text(name):up();
020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	69	elseif type(item.label) == "string" then
020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	70	-- TODO Do we need anything other than XML parsing?
020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	71	if item.label:sub(1,1) == "<" then
020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	72	catalog:tag("label"):add_child(xml.parse(item.label)):up();
020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	73	else
020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	74	catalog:tag("label"):text(item.label):up();
020b5944a973 mod_seclabels: Allow stanzas or XML strings as labels in the config Kim Alvefur <zash@zash.se> parents: 937 diff changeset	75	end
452 48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	76	elseif type(item.label) == "table" then
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	77	catalog:tag("label"):add_child(item.label):up();
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	78	end
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	79	catalog:up();
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	80	if catalog_request.attr.xmlns == xmlns_label_catalog then
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	81	catalog:up();
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	82	end
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	83	else
452 48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	84	add_labels(catalog, item, (selector or "")..name.."\|");
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	85	end
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	86	end
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	87	for i = 1,#labels do
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	88	add_item(labels[i])
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	89	end
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	90	for name, child in pairs(labels) do
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	91	if type(name) == "string" then
48b615229509 mod_seclabels: Support orderd items Kim Alvefur <zash@zash.se> parents: 451 diff changeset	92	add_item(child, name)
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	93	end
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	94	end
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	95	end
451 f43d2d26c1c4 mod_seclabels: Fix config reloading Kim Alvefur <zash@zash.se> parents: 450 diff changeset	96	-- TODO query remote servers
f43d2d26c1c4 mod_seclabels: Fix config reloading Kim Alvefur <zash@zash.se> parents: 450 diff changeset	97	--[[ FIXME later
f43d2d26c1c4 mod_seclabels: Fix config reloading Kim Alvefur <zash@zash.se> parents: 450 diff changeset	98	labels = module:fire_event("sec-label-catalog", {
f43d2d26c1c4 mod_seclabels: Fix config reloading Kim Alvefur <zash@zash.se> parents: 450 diff changeset	99	to = catalog_request.attr.to,
f43d2d26c1c4 mod_seclabels: Fix config reloading Kim Alvefur <zash@zash.se> parents: 450 diff changeset	100	request = request; -- or just origin?
f43d2d26c1c4 mod_seclabels: Fix config reloading Kim Alvefur <zash@zash.se> parents: 450 diff changeset	101	labels = labels;
f43d2d26c1c4 mod_seclabels: Fix config reloading Kim Alvefur <zash@zash.se> parents: 450 diff changeset	102	}) or labels;
f43d2d26c1c4 mod_seclabels: Fix config reloading Kim Alvefur <zash@zash.se> parents: 450 diff changeset	103	--]]
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	104	add_labels(reply, labels, "");
252 8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	105	request.origin.send(reply);
8eae74a31acb mod_seclabels: Prototype security labels plugin Matthew Wild <mwild1@gmail.com> parents: diff changeset	106	return true;
450 fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	107	end
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	108	module:hook("iq/host/"..xmlns_label_catalog..":catalog", handle_catalog_request);
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	109	module:hook("iq/self/"..xmlns_label_catalog..":catalog", handle_catalog_request); -- COMPAT
fb152d4af082 mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one. Kim Alvefur <zash@zash.se> parents: 449 diff changeset	110	module:hook("iq/self/"..xmlns_label_catalog_old..":catalog", handle_catalog_request); -- COMPAT

author	Matthew Wild <mwild1@gmail.com>
	Sat, 24 Sep 2022 09:25:46 +0100
changeset 5062	39c2824c2880
parent 1343	7dbde05b48a9
permissions	-rw-r--r--