author | Kim Alvefur <zash@zash.se> |
Fri, 23 Sep 2016 13:20:49 +0200 | |
changeset 2310 | ad40c094e7d7 |
parent 1343 | 7dbde05b48a9 |
permissions | -rw-r--r-- |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 |
local st = require "util.stanza"; |
981
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
2 |
local xml = require "util.xml"; |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
local xmlns_label = "urn:xmpp:sec-label:0"; |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
5 |
local xmlns_label_catalog = "urn:xmpp:sec-label:catalog:2"; |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
6 |
local xmlns_label_catalog_old = "urn:xmpp:sec-label:catalog:0"; -- COMPAT |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
|
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
module:add_feature(xmlns_label); |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
9 |
module:add_feature(xmlns_label_catalog); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
10 |
module:add_feature(xmlns_label_catalog_old); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
12 |
module:hook("account-disco-info", function(event) -- COMPAT |
266
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
13 |
local stanza = event.stanza; |
1310
2df312eb816d
mod_seclabels: Avoid tracebacks about indexing nil stanza
Vadim Misbakh-Soloviov <mva@mva.name>
parents:
981
diff
changeset
|
14 |
if stanza then |
2df312eb816d
mod_seclabels: Avoid tracebacks about indexing nil stanza
Vadim Misbakh-Soloviov <mva@mva.name>
parents:
981
diff
changeset
|
15 |
stanza:tag('feature', {var=xmlns_label}):up(); |
2df312eb816d
mod_seclabels: Avoid tracebacks about indexing nil stanza
Vadim Misbakh-Soloviov <mva@mva.name>
parents:
981
diff
changeset
|
16 |
stanza:tag('feature', {var=xmlns_label_catalog}):up(); |
2df312eb816d
mod_seclabels: Avoid tracebacks about indexing nil stanza
Vadim Misbakh-Soloviov <mva@mva.name>
parents:
981
diff
changeset
|
17 |
end; |
266
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
18 |
end); |
e7296274f48c
mod_seclabels: Advertise features in account disco#info, fixes interop with Swift
Kim Alvefur <zash@zash.se>
parents:
252
diff
changeset
|
19 |
|
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
20 |
local default_labels = { |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
21 |
{ |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
22 |
name = "Unclassified", |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
23 |
label = true, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
24 |
default = true, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
25 |
}, |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
Classified = { |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
SECRET = { color = "black", bgcolor = "aqua", label = "THISISSECRET" }; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
PUBLIC = { label = "THISISPUBLIC" }; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
}; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
}; |
937
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
31 |
local catalog_name = module:get_option_string("security_catalog_name", "Default"); |
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
32 |
local catalog_desc = module:get_option_string("security_catalog_desc", "My labels"); |
5276e1fc26b6
mod_seclabels: Remove config-reloaded hook. Just reload the module to update
Kim Alvefur <zash@zash.se>
parents:
452
diff
changeset
|
33 |
local labels = module:get_option("security_labels", default_labels); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
|
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
35 |
function handle_catalog_request(request) |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
local catalog_request = request.stanza.tags[1]; |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
local reply = st.reply(request.stanza) |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
:tag("catalog", { |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
39 |
xmlns = catalog_request.attr.xmlns, |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 |
to = catalog_request.attr.to, |
449
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
41 |
name = catalog_name, |
08ffbbdafeea
mod_seclabels: Fetch catalog from config.
Kim Alvefur <zash@zash.se>
parents:
266
diff
changeset
|
42 |
desc = catalog_desc |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 |
}); |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1310
diff
changeset
|
44 |
|
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
local function add_labels(catalog, labels, selector) |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
46 |
local function add_item(item, name) |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
47 |
local name = name or item.name; |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
48 |
if item.label then |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
49 |
if catalog_request.attr.xmlns == xmlns_label_catalog then |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
50 |
catalog:tag("item", { |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
51 |
selector = selector..name, |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
52 |
default = item.default and "true" or nil, |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
53 |
}):tag("securitylabel", { xmlns = xmlns_label }) |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
54 |
else -- COMPAT |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
55 |
catalog:tag("securitylabel", { |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
56 |
xmlns = xmlns_label, |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
57 |
selector = selector..name, |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
58 |
default = item.default and "true" or nil, |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
59 |
}) |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
60 |
end |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
61 |
if item.display or item.color or item.bgcolor then |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
62 |
catalog:tag("displaymarking", { |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
63 |
fgcolor = item.color, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
64 |
bgcolor = item.bgcolor, |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
65 |
}):text(item.display or name):up(); |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
66 |
end |
981
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
67 |
if item.label == true then |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
68 |
catalog:tag("label"):text(name):up(); |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
69 |
elseif type(item.label) == "string" then |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
70 |
-- TODO Do we need anything other than XML parsing? |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
71 |
if item.label:sub(1,1) == "<" then |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
72 |
catalog:tag("label"):add_child(xml.parse(item.label)):up(); |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
73 |
else |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
74 |
catalog:tag("label"):text(item.label):up(); |
020b5944a973
mod_seclabels: Allow stanzas or XML strings as labels in the config
Kim Alvefur <zash@zash.se>
parents:
937
diff
changeset
|
75 |
end |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
76 |
elseif type(item.label) == "table" then |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
77 |
catalog:tag("label"):add_child(item.label):up(); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
end |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
79 |
catalog:up(); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
80 |
if catalog_request.attr.xmlns == xmlns_label_catalog then |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
81 |
catalog:up(); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
82 |
end |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 |
else |
452
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
84 |
add_labels(catalog, item, (selector or "")..name.."|"); |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
85 |
end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
86 |
end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
87 |
for i = 1,#labels do |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
88 |
add_item(labels[i]) |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
89 |
end |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
90 |
for name, child in pairs(labels) do |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
91 |
if type(name) == "string" then |
48b615229509
mod_seclabels: Support orderd items
Kim Alvefur <zash@zash.se>
parents:
451
diff
changeset
|
92 |
add_item(child, name) |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
end |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 |
end |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 |
end |
451
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
96 |
-- TODO query remote servers |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
97 |
--[[ FIXME later |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
98 |
labels = module:fire_event("sec-label-catalog", { |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
99 |
to = catalog_request.attr.to, |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
100 |
request = request; -- or just origin? |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
101 |
labels = labels; |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
102 |
}) or labels; |
f43d2d26c1c4
mod_seclabels: Fix config reloading
Kim Alvefur <zash@zash.se>
parents:
450
diff
changeset
|
103 |
--]] |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
104 |
add_labels(reply, labels, ""); |
252
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 |
request.origin.send(reply); |
8eae74a31acb
mod_seclabels: Prototype security labels plugin
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 |
return true; |
450
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
107 |
end |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
108 |
module:hook("iq/host/"..xmlns_label_catalog..":catalog", handle_catalog_request); |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
109 |
module:hook("iq/self/"..xmlns_label_catalog..":catalog", handle_catalog_request); -- COMPAT |
fb152d4af082
mod_seclabels: Update to latest catalog schema, while keeping compatibility with the old one.
Kim Alvefur <zash@zash.se>
parents:
449
diff
changeset
|
110 |
module:hook("iq/self/"..xmlns_label_catalog_old..":catalog", handle_catalog_request); -- COMPAT |