mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_omemo_all_access/README.markdown Fri Dec 29 16:28:47 2017 +0100
@@ -0,0 +1,27 @@
+---
+labels:
+- 'Stage-Alpha'
+summary: 'Disable access control for all OMEMO related PEP nodes'
+---
+
+Introduction
+============
+
+Traditionally OMEMO encrypted messages could only be exchanged after gaining mutual presence subscription due to the OMEMO key material being stored in PEP.
+
+XEP-0060 defines a method of changing the access model of a PEP node from `presence` to `open`. However Prosody does not yet support access models on PEP nodes.
+
+This module disables access control for all OMEMO PEP nodes (=all nodes in the namespace of `eu.siacs.conversations.axolotl.*`), giving everyone access to the OMEMO key material and allowing them to start OMEMO sessions with users on this server.
+
+Disco feature
+=============
+
+This modules annouces a disco feature on the account to allow external tools such as the [Compliance Tester](https://conversations.im/compliance/) to check if this module has been installed.
+
+
+Compatibility
+=============
+
+ ----- -----------------------------------------------------------------------------
+ 0.10 Works
+ ----- -----------------------------------------------------------------------------
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_omemo_all_access/mod_omemo_all_access.lua Fri Dec 29 16:28:47 2017 +0100
@@ -0,0 +1,55 @@
+-- OMEMO all access module
+-- Copyright (c) 2017 Daniel Gultsch
+--
+-- This module is MIT/X11 licensed
+--
+
+local jid_bare = require "util.jid".bare;
+local st = require "util.stanza"
+local white_listed_namespace = "eu.siacs.conversations.axolotl."
+local disco_feature_namespace = white_listed_namespace .. "whitelisted"
+
+local mod_pep = module:depends"pep";
+local pep_data = mod_pep.module.save().data;
+
+local function on_account_disco_info(event)
+ (event.reply or event.stanza):tag("feature", {var=disco_feature_namespace}):up();
+end
+
+local function on_pep_request(event)
+ local session, stanza = event.origin, event.stanza
+ local payload = stanza.tags[1];
+ if stanza.attr.type == 'get' then
+ local node, requested_id;
+ payload = payload.tags[1]
+ if payload and payload.name == 'items' then
+ node = payload.attr.node
+ local item = payload.tags[1];
+ if item and item.name == 'item' then
+ requested_id = item.attr.id;
+ end
+ end
+ if node and string.sub(node,1,string.len(white_listed_namespace)) == white_listed_namespace then
+ local user = stanza.attr.to and jid_bare(stanza.attr.to) or session.username..'@'..session.host;
+ local user_data = pep_data[user];
+ if user_data and user_data[node] then
+ local id, item = unpack(user_data[node]);
+ if not requested_id or id == requested_id then
+ local stanza = st.reply(stanza)
+ :tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'})
+ :tag('items', {node=node})
+ :add_child(item)
+ :up()
+ :up();
+ session.send(stanza);
+ module:log("debug","provided access to omemo node",node)
+ return true;
+ end
+ end
+ module:log("debug","requested node was white listed", node)
+ end
+ end
+end
+
+module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", on_pep_request, 10);
+module:hook("account-disco-info", on_account_disco_info);