Jibri - Authenticating if a room has a password added by moderator

@damencho should special authenticated users (i.e. the ‘bots’) should be able to bypass the meeting password?

Nope, this is very easy achievable with a prosody module. Basically whitelisting jids that can join without password.
On ‘muc-occupant-pre-join’ event you can get the join stanza and add to it the password that is set to the room and this in case the jid of the user is a predefined one.

Awesome - Ill give that a go tonight :slight_smile:

Thanks folks

To be honest i couldn’t get that to work - looks like i need to write a lua module to handle that which is a little beyond my time at the moment.

Feel free to close for now - ill come back again if it becomes more pressing.

Hi @damencho

Any plan to opensource that module?

Thank you.

Could you please elaborate on that? I wrote a module copying mod_token_verification but it’s not enough to return nil for the recording user and false for everybody else.

local MUC_NS = "http://jabber.org/protocol/muc";
module:hook("muc-occupant-pre-join", function (event)
    local room, stanza = event.room, event.stanza;

    local user, domain, res = jid_split(event.stanza.attr.from);

    if user is jibri
    local join = stanza:get_child("x", MUC_NS);
    join:tag("password", { xmlns = MUC_NS }):text(room:get_password());
4 Likes

Thank you, that put me on the right track:

local MUC_NS = "http://jabber.org/protocol/muc";
local jid = require "util.jid";
module:hook("muc-occupant-pre-join", function (event)
    local room, stanza = event.room, event.stanza;

    local user, domain, res = jid.split(event.stanza.attr.from);
    log("info", "--------------> user %s domain %s res %s pass %s", tostring(user),tostring(domain),tostring(res),tostring(room:get_password())); 

    if user=='recorder' then
      local join = stanza:get_child("x", MUC_NS);
      join:tag("password", { xmlns = MUC_NS }):text(room:get_password());
    end;
end);
6 Likes

Check and domain, that domain should allow only auth users. To make sure nobody impersonates as jibri and beeing hidden or enter without pass.

1 Like

if user==‘recorder’ and domain==‘recorder.my.domain’ ?

2 Likes

yep.

1 Like

I tried adding the above recommendation to /usr/share/jitsi-meet/prosody-plugins/ in a .lua file. I then restarted prosody and recording still fails when the conference has a password set. What am I missing?

I checked the prosody.log for the added info entry in olivluca’s version but didn’t see a log entry. Does that mean the module didn’t get included correctly? (I checked user/group ownership and permissions to make sure the file matched the others in the folder)

If, say, you called the module mod_xyz.lua, you’ll have to add it to the modules_enabled for the conference, e.g.

Component "conference.your.dom.ain" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "xyz"; -------- this
        -- "token_verification";
    }
    admins = { "focus@auth.your.dom.ain" }
2 Likes

Awesome! Thanks for the info. However, I’m still not able to get the recorder to join a room with a password. I set prosody log to debug, then found this:

Apr 14 14:24:21 mod_muc debug recorder@recorder.XX.XX/6c73f0d1-b893-416b-a193-4ca69166db98 couldn’t join due to invalid password: willitrecord@conference.XX.XX/54189a88

Does that mean the prosody module isn’t passing back the correct conference password on the pre-join event or does that mean I have an authentication error with my recorder’s internal authentication?

I think the latter, but don’t take my word for it (it happened to me because I mistyped the password but dont’ remember if that’ was the log message).

Edit: you can try on a room with no password, if that works there must be a typo in the lua script. I copied verbatim what I’m using, just added the check on the domain as suggested by @damencho

Hi,
Think that Im doing something wrong because this “module” is not working on my site.
What i have done already:

  • in /usr/share/jitsi-meet/prosody-plugins I have created mod_xyz.lua file with content from @olivluca
  • in /etc/prosmody/conf.d/conf.local.lua i have added “xyz” to module_enabled section
    Recording is not working, On jibri side have error "125:2378 “2020-04-22T09:40:44.318Z” “[conference.js]” “\u003CX._onConferenceFailed>: " “CONFERENCE FAILED:” “conference.passwordRequired””

When I start recording in room without password everything i working great.
Any idea what I doing wrong ?

I didn’t enable it in conf.local.lua, see post #14 Jibri - Authenticating if a room has a password added by moderator

Ok, but I have enabled and it is still not working. I feel stupid :frowning:

Hi,
I only got it working using prosody 0.11, in 0.10 never got it to work. Probably muc-occupant-pre-join isn´t implemented in 0.10

I have a problem recording with a locked conference. what should I do to make Jibri doing recording locked conference?