author | Rob Hoelz <rob@hoelz.ro> |
Mon, 10 Dec 2012 22:33:07 +0100 | |
changeset 872 | 6fed90021f3c |
parent 452 | 48b615229509 |
child 937 | 5276e1fc26b6 |
permissions | -rw-r--r-- |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 |
local st = require "util.stanza"; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
local xmlns_label = "urn:xmpp:sec-label:0"; |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
4 |
local xmlns_label_catalog = "urn:xmpp:sec-label:catalog:2"; |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
5 |
local xmlns_label_catalog_old = "urn:xmpp:sec-label:catalog:0"; -- COMPAT |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
module:add_feature(xmlns_label); |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
8 |
module:add_feature(xmlns_label_catalog); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
9 |
module:add_feature(xmlns_label_catalog_old); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
11 |
module:hook("account-disco-info", function(event) -- COMPAT |
266
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
12 |
local stanza = event.stanza; |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
13 |
stanza:tag('feature', {var=xmlns_label}):up(); |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
14 |
stanza:tag('feature', {var=xmlns_label_catalog}):up(); |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
15 |
end); |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
16 |
|
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
17 |
local default_labels = { |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
18 |
{ |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
19 |
name = "Unclassified", |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
20 |
label = true, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
21 |
default = true, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
22 |
}, |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
Classified = { |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
SECRET = { color = "black", bgcolor = "aqua", label = "THISISSECRET" }; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
PUBLIC = { label = "THISISPUBLIC" }; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
}; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
}; |
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
28 |
local catalog_name, catalog_desc, labels; |
451
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
29 |
local function get_conf() |
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
30 |
catalog_name = module:get_option_string("security_catalog_name", "Default"); |
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
31 |
catalog_desc = module:get_option_string("security_catalog_desc", "My labels"); |
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
32 |
labels = module:get_option("security_labels", default_labels); |
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
33 |
end |
451
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
34 |
module:hook_global("config-reloaded",get_conf); |
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
35 |
get_conf(); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
37 |
function handle_catalog_request(request) |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
local catalog_request = request.stanza.tags[1]; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
local reply = st.reply(request.stanza) |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 |
:tag("catalog", { |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
41 |
xmlns = catalog_request.attr.xmlns, |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
to = catalog_request.attr.to, |
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
43 |
name = catalog_name, |
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
44 |
desc = catalog_desc |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
}); |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
local function add_labels(catalog, labels, selector) |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
48 |
local function add_item(item, name) |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
49 |
local name = name or item.name; |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
50 |
if item.label then |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
51 |
if catalog_request.attr.xmlns == xmlns_label_catalog then |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
52 |
catalog:tag("item", { |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
53 |
selector = selector..name, |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
54 |
default = item.default and "true" or nil, |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
55 |
}):tag("securitylabel", { xmlns = xmlns_label }) |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
56 |
else -- COMPAT |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
57 |
catalog:tag("securitylabel", { |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
58 |
xmlns = xmlns_label, |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
59 |
selector = selector..name, |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
60 |
default = item.default and "true" or nil, |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
61 |
}) |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
62 |
end |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
63 |
if item.display or item.color or item.bgcolor then |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
64 |
catalog:tag("displaymarking", { |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
65 |
fgcolor = item.color, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
66 |
bgcolor = item.bgcolor, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
67 |
}):text(item.display or name):up(); |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
68 |
end |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
69 |
if type(item.label) == "string" then |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
70 |
catalog:tag("label"):text(item.label):up(); |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
71 |
elseif type(item.label) == "table" then |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
72 |
catalog:tag("label"):add_child(item.label):up(); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 |
end |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
74 |
catalog:up(); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
75 |
if catalog_request.attr.xmlns == xmlns_label_catalog then |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
76 |
catalog:up(); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
77 |
end |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
else |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
79 |
add_labels(catalog, item, (selector or "")..name.."|"); |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
80 |
end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
81 |
end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
82 |
for i = 1,#labels do |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
83 |
add_item(labels[i]) |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
84 |
end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
85 |
for name, child in pairs(labels) do |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
86 |
if type(name) == "string" then |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
87 |
add_item(child, name) |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 |
end |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 |
end |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 |
end |
451
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
91 |
-- TODO query remote servers |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
92 |
--[[ FIXME later |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
93 |
labels = module:fire_event("sec-label-catalog", { |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
94 |
to = catalog_request.attr.to, |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
95 |
request = request; -- or just origin? |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
96 |
labels = labels; |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
97 |
}) or labels; |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
98 |
--]] |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
99 |
add_labels(reply, labels, ""); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 |
request.origin.send(reply); |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 |
return true; |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
102 |
end |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
103 |
module:hook("iq/host/"..xmlns_label_catalog..":catalog", handle_catalog_request); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
104 |
module:hook("iq/self/"..xmlns_label_catalog..":catalog", handle_catalog_request); -- COMPAT |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
105 |
module:hook("iq/self/"..xmlns_label_catalog_old..":catalog", handle_catalog_request); -- COMPAT |