search

processone / ejabberd

Robust, Ubiquitous and Massively Scalable Messaging Platform (XMPP, MQTT, SIP Server)
https://www.process-one.net/en/ejabberd/
Other
6.05k stars 1.51k forks source link

mod_privilege is outdated #3889

Open truenicoco opened 2 years ago

truenicoco commented 2 years ago

mod_privilege does not implement the latest revision of XEP-0356, which notably includes a namespace version bump, making it incompatible with components relying on this latest revision.

ravermeister commented 8 months ago

Any chance this will be implemented soon™?

trungnt2910 commented 7 months ago

Any chances for this being updated?

I specifically need the IQ permission part, which was added in version 0.4.

Not opening a new issue to prevent duplicates...

badlop commented 3 months ago

I wrote a small patch in the xmpp library, and pointed ejabberd to use that one. Can you check if it works as expected?

Neustradamus commented 2 months ago

@truenicoco, @ravermeister, @trungnt2910: Have you tested?

It is good, it can be merged?

mremond commented 2 months ago

@badlop As we have no feedback at the moment, do you think the patch is good enough for inclusion in 24.07 ?

sezuan commented 2 months ago

I've tested the latest update. The server reports now iq permissions to the slidge gateway:

<message to="whatsapp.<redacted>" from="<redacted>.de">
  <privilege xmlns="urn:xmpp:privilege:2">
    <perm type="outgoing" access="message"/>
    <perm type="both" access="roster"/>
    <perm type="both" access="iq"/>
    <perm type="none" access="presence"/>
  </privilege>
</message>

Slidge still complains:

WARNING:slidge.core.gateway.base:IQ privileges not granted for pubsub namespace, we cannot create the MDS node of matthias@<redacted>
WARNING:slidge.core.gateway.base:IQ privileges not granted for pubsub#owner namespace, we cannot listen to the MDS events of matthias@<redacted>
/venv/lib/python3.11/site-packages/slidge/group/room.py:901:UserWarning:IQ privileges (XEP0356) are not set, we cannot fetch the user bookmarks
/venv/lib/python3.11/site-packages/slidge/group/room.py:924:UserWarning:IQ privileges (XEP0356) are not set, we cannot add bookmarks for the user

That might be because the iq permissions must be advertised per namespace.

truenicoco commented 2 months ago

Oh wait, I think what ejabberd sends is actually OK and should be interpreted as "permission for all namespaces", I have to update slidge to interpret it as such.

~Indeed~, cf https://xmpp.org/extensions/xep-0356.html#example-8

<message from='capulet.net' to='pubub.capulet.lit' id='iq_perm_1'>
  <privilege xmlns='urn:xmpp:privilege:2'>
    <perm access='iq'>
      <namespace ns='http://jabber.org/protocol/pubsub' type='set' />
    </perm>
  </privilege>
</message>
truenicoco commented 1 month ago

Well, after all it seems that what this patch does is illegal, authorized IQ namespaces MUST be specified:

To grant an "iq" permission, authorised namespaces must be specified

Server adversites "iq" permission by using a element with an 'access' attribute of the value "iq" and wihout 'type' attribute

I did push a patch in slidge that allows it anyway, so someone can test anyway if they want!