mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes

Fri, 29 Dec 2017 16:28:47 +0100

author
Daniel Gultsch <daniel@gultsch.de>
date
Fri, 29 Dec 2017 16:28:47 +0100
changeset 2856
08f6b9d37a49
parent 2855
7713cd4fff8f
child 2857
ff1666716d10

mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes

mod_omemo_all_access/README.markdown file | annotate | diff | comparison | revisions
mod_omemo_all_access/mod_omemo_all_access.lua file | annotate | diff | comparison | revisions
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_omemo_all_access/README.markdown	Fri Dec 29 16:28:47 2017 +0100
@@ -0,0 +1,27 @@
+---
+labels:
+- 'Stage-Alpha'
+summary: 'Disable access control for all OMEMO related PEP nodes'
+---
+
+Introduction
+============
+
+Traditionally OMEMO encrypted messages could only be exchanged after gaining mutual presence subscription due to the OMEMO key material being stored in PEP.
+
+XEP-0060 defines a method of changing the access model of a PEP node from `presence` to `open`. However Prosody does not yet support access models on PEP nodes.
+
+This module disables access control for all OMEMO PEP nodes (=all nodes in the namespace of `eu.siacs.conversations.axolotl.*`), giving everyone access to the OMEMO key material and allowing them to start OMEMO sessions with users on this server.
+
+Disco feature
+=============
+
+This modules annouces a disco feature on the account to allow external tools such as the [Compliance Tester](https://conversations.im/compliance/) to check if this module has been installed.
+
+
+Compatibility
+=============
+
+  ----- -----------------------------------------------------------------------------
+  0.10  Works
+  ----- -----------------------------------------------------------------------------
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_omemo_all_access/mod_omemo_all_access.lua	Fri Dec 29 16:28:47 2017 +0100
@@ -0,0 +1,55 @@
+-- OMEMO all access module
+-- Copyright (c) 2017 Daniel Gultsch
+--
+-- This module is MIT/X11 licensed
+--
+
+local jid_bare = require "util.jid".bare;
+local st = require "util.stanza"
+local white_listed_namespace = "eu.siacs.conversations.axolotl."
+local disco_feature_namespace = white_listed_namespace .. "whitelisted"
+
+local mod_pep = module:depends"pep";
+local pep_data = mod_pep.module.save().data;
+
+local function on_account_disco_info(event)
+	(event.reply or event.stanza):tag("feature", {var=disco_feature_namespace}):up();
+end
+
+local function on_pep_request(event)
+	local session, stanza = event.origin, event.stanza
+	local payload = stanza.tags[1];
+	if stanza.attr.type == 'get' then
+		local node, requested_id;
+		payload = payload.tags[1]
+		if payload and payload.name == 'items' then
+			node = payload.attr.node
+			local item = payload.tags[1];
+			if item and item.name == 'item' then
+				requested_id = item.attr.id;
+			end 
+		end
+		if node and string.sub(node,1,string.len(white_listed_namespace)) == white_listed_namespace then
+			local user = stanza.attr.to and jid_bare(stanza.attr.to) or session.username..'@'..session.host;
+			local user_data = pep_data[user];
+			if user_data and user_data[node] then
+				local id, item = unpack(user_data[node]);
+				if not requested_id or id == requested_id then
+					local stanza = st.reply(stanza)
+						:tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'})
+							:tag('items', {node=node})
+								:add_child(item)
+							:up()
+						:up();
+					session.send(stanza);
+					module:log("debug","provided access to omemo node",node)
+					return true;
+				end
+			end
+			module:log("debug","requested node was white listed", node)
+		end
+	end
+end
+
+module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", on_pep_request, 10);
+module:hook("account-disco-info", on_account_disco_info);

mercurial