prosody-modules
23c4c61a1068
mod_sasl2/mod_sasl2.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Annotate

mod_sasl2/mod_sasl2.lua @ 6055:23c4c61a1068

mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways Some gateways are happy to receive presence for each participant in MUCs that they are in only once, to any one of their joined JIDs.
author Stephen Paul Weber <singpolyma@singpolyma.net>
date Sun, 17 Nov 2024 22:32:52 -0500
parent 6036:1ef53e0264f4
child 6056:56fa3bad16cc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- Prosody IM
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 -- Copyright (C) 2019 Kim Alvefur
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 --
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 -- This project is MIT/X11 licensed. Please see the
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 -- COPYING file in the source package for more information.
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 --
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 -- XEP-0388: Extensible SASL Profile
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 --
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local st = require "util.stanza";
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 local errors = require "util.error";
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local base64 = require "util.encodings".base64;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 local jid_join = require "util.jid".join;
5038
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
14 local set = require "util.set";
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
5039
c0d243b27e64 mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace
Matthew Wild <mwild1@gmail.com>
parents: 5038
diff changeset
19 local xmlns_sasl2 = "urn:xmpp:sasl:2";
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20
5088
e9cf361982d5 mod_sasl2: Honour (c2s_)require_encryption config option
Matthew Wild <mwild1@gmail.com>
parents: 5067
diff changeset
21 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true));
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"});
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" });
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 local host = module.host;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27
5038
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
28 local function tls_unique(self)
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
29 return self.userdata["tls-unique"]:ssl_peerfinished();
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
30 end
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
31
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
32 local function tls_exporter(conn)
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
33 if not conn.ssl_exportkeyingmaterial then return end
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
34 return conn:ssl_exportkeyingmaterial("EXPORTER-Channel-Binding", 32, "");
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
35 end
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
36
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
37 local function sasl_tls_exporter(self)
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
38 return tls_exporter(self.userdata["tls-exporter"]);
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
39 end
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
40
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 module:hook("stream-features", function(event)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 local origin, features = event.origin, event.features;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 local log = origin.log or module._log;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 if origin.type ~= "c2s_unauthed" then
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 log("debug", "Already authenticated");
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 return
5088
e9cf361982d5 mod_sasl2: Honour (c2s_)require_encryption config option
Matthew Wild <mwild1@gmail.com>
parents: 5067
diff changeset
48 elseif secure_auth_only and not origin.secure then
e9cf361982d5 mod_sasl2: Honour (c2s_)require_encryption config option
Matthew Wild <mwild1@gmail.com>
parents: 5067
diff changeset
49 log("debug", "Not offering authentication on insecure connection");
e9cf361982d5 mod_sasl2: Honour (c2s_)require_encryption config option
Matthew Wild <mwild1@gmail.com>
parents: 5067
diff changeset
50 return;
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 local sasl_handler = usermanager_get_sasl_handler(host, origin)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 origin.sasl_handler = sasl_handler;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
5038
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
56 local channel_bindings = set.new()
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
57 if origin.encrypted then
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
58 -- check whether LuaSec has the nifty binding to the function needed for tls-unique
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
59 -- FIXME: would be nice to have this check only once and not for every socket
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
60 if sasl_handler.add_cb_handler then
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
61 local info = origin.conn:ssl_info();
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
62 if info and info.protocol == "TLSv1.3" then
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
63 log("debug", "Channel binding 'tls-unique' undefined in context of TLS 1.3");
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
64 if tls_exporter(origin.conn) then
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
65 log("debug", "Channel binding 'tls-exporter' supported");
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
66 sasl_handler:add_cb_handler("tls-exporter", sasl_tls_exporter);
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
67 channel_bindings:add("tls-exporter");
5913
2597e2113561 mod_sasl2: Log when tls-exporter is NOT supported, as well as when it is
Matthew Wild <mwild1@gmail.com>
parents: 5261
diff changeset
68 else
2597e2113561 mod_sasl2: Log when tls-exporter is NOT supported, as well as when it is
Matthew Wild <mwild1@gmail.com>
parents: 5261
diff changeset
69 log("debug", "Channel binding 'tls-exporter' not supported");
5038
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
70 end
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
71 elseif origin.conn.ssl_peerfinished and origin.conn:ssl_peerfinished() then
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
72 log("debug", "Channel binding 'tls-unique' supported");
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
73 sasl_handler:add_cb_handler("tls-unique", tls_unique);
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
74 channel_bindings:add("tls-unique");
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
75 else
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
76 log("debug", "Channel binding 'tls-unique' not supported (by LuaSec?)");
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
77 end
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
78 sasl_handler["userdata"] = {
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
79 ["tls-unique"] = origin.conn;
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
80 ["tls-exporter"] = origin.conn;
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
81 };
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
82 else
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
83 log("debug", "Channel binding not supported by SASL handler");
88980b2dd986 mod_sasl2: Hacky support for channel binding
Matthew Wild <mwild1@gmail.com>
parents: 5028
diff changeset
84 end
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86
5039
c0d243b27e64 mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace
Matthew Wild <mwild1@gmail.com>
parents: 5038
diff changeset
87 local mechanisms = st.stanza("authentication", { xmlns = xmlns_sasl2 });
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89 local available_mechanisms = sasl_handler:mechanisms()
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90 for mechanism in pairs(available_mechanisms) do
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
91 if disabled_mechanisms:contains(mechanism) then
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
92 log("debug", "Not offering disabled mechanism %s", mechanism);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93 elseif not origin.secure and insecure_mechanisms:contains(mechanism) then
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 log("debug", "Not offering mechanism %s on insecure connection", mechanism);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 else
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
96 log("debug", "Offering mechanism %s", mechanism);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
97 mechanisms:text_tag("mechanism", mechanism);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
98 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
100
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 features:add_direct_child(mechanisms);
5028
1f2d2bfd29dd mod_sasl2: Add event for other modules to advertise inline features
Matthew Wild <mwild1@gmail.com>
parents: 5025
diff changeset
102
5042
166fd192f39c mod_sasl2: Move <inline/> into <authentication>
Matthew Wild <mwild1@gmail.com>
parents: 5041
diff changeset
103 local inline = st.stanza("inline");
5067
54c6b4595f86 mod_sasl2: Forward stream attributes into sub-event
Matthew Wild <mwild1@gmail.com>
parents: 5063
diff changeset
104 module:fire_event("advertise-sasl-features", { origin = origin, features = inline, stream = event.stream });
5042
166fd192f39c mod_sasl2: Move <inline/> into <authentication>
Matthew Wild <mwild1@gmail.com>
parents: 5041
diff changeset
105 mechanisms:add_direct_child(inline);
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
106 end, 1);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
107
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108 local function handle_status(session, status, ret, err_msg)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109 local err = nil;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
110 if status == "error" then
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111 ret, err = nil, ret;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
112 if not errors.is_err(err) then
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
113 err = errors.new({ condition = err, text = err_msg }, { session = session });
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
114 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
115 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
116
5018
ed2a9a4c4f01 mod_sasl2: Return status from event handlers
Matthew Wild <mwild1@gmail.com>
parents: 4796
diff changeset
117 return module:fire_event("sasl2/"..session.base_type.."/"..status, {
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
118 session = session,
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 message = ret;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
120 error = err;
5025
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
121 error_text = err_msg;
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
122 });
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
123 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
124
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
125 module:hook("sasl2/c2s/failure", function (event)
5249
828e5e443613 mod_sasl2: Fire authentication-{success,failure} events like mod_saslauth
Matthew Wild <mwild1@gmail.com>
parents: 5088
diff changeset
126 module:fire_event("authentication-failure", event);
5025
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
127 local session, condition, text = event.session, event.message, event.error_text;
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
128 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 })
5041
afa09e069afb mod_sasl2: Fix missing namespace on failure condition (thanks tmolitor)
Matthew Wild <mwild1@gmail.com>
parents: 5039
diff changeset
129 :tag(condition, { xmlns = "urn:ietf:params:xml:ns:xmpp-sasl" }):up();
5025
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
130 if text then
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
131 failure:text_tag("text", text);
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
132 end
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
133 session.send(failure);
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
134 return true;
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
135 end);
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
136
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
137 module:hook("sasl2/c2s/error", function (event)
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
138 local session = event.session
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
139 session.send(st.stanza("failure", { xmlns = xmlns_sasl2 })
5025
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
140 :tag(event.error and event.error.condition));
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
141 return true;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
142 end);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
143
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
144 module:hook("sasl2/c2s/challenge", function (event)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
145 local session = event.session;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
146 session.send(st.stanza("challenge", { xmlns = xmlns_sasl2 })
5019
c83ce822f105 mod_sasl2: Fix <challenge> generation
Matthew Wild <mwild1@gmail.com>
parents: 5018
diff changeset
147 :text(base64.encode(event.message)));
5020
6a36dae4a88d mod_sasl2: Return true to indicate challenge was handled successfully
Matthew Wild <mwild1@gmail.com>
parents: 5019
diff changeset
148 return true;
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
149 end);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
150
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
151 module:hook("sasl2/c2s/success", function (event)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
152 local session = event.session
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
153 local ok, err = sm_make_authenticated(session, session.sasl_handler.username);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
154 if not ok then
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
155 handle_status(session, "failure", err);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
156 return true;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
157 end
6036
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
158 local tasks = module:fire_event("sasl2/c2s/tasks", { session = session })
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
159 if tasks then
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
160 local continue = st.stanza("continue", { xmlns = xmlns_sasl2 });
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
161 if event.message then
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
162 continue:text_tag("additional-data", base64.encode(event.message));
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
163 end
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
164 if tasks.text then
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
165 continue:text_tag("text", tasks.text)
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
166 end
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
167 continue:tag("tasks");
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
168 for task in pairs(tasks.tasks) do
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
169 continue:text_tag("task", task)
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
170 end
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
171 session.tasks = tasks.tasks;
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
172 session.send(continue);
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
173 return true;
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
174 else
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
175 event.success = st.stanza("success", { xmlns = xmlns_sasl2 });
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
176 if event.message then
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
177 event.success:text_tag("additional-data", base64.encode(event.message));
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
178 end
5023
90772a9c92a0 mod_sasl2: Include additional-data in SASL success response
Matthew Wild <mwild1@gmail.com>
parents: 5021
diff changeset
179 end
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
180 end, 1000);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
181
6055
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
182 module:hook("sasl2/c2s/tasks", function(event)
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
183 if event.session.tested then
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
184 return;
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
185 end
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
186
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
187 return { tasks = { TEST = function(session, el)
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
188 local data = st.stanza("task-data", { xmlns = xmlns_sasl2 });
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
189 local count = tonumber(el:get_child_text("test", "test") or "0");
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
190 if count >= 10000 then
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
191 session.tested = true
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
192 module:fire_event("sasl2/"..session.base_type.."/success", {
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
193 session = session,
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
194 });
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
195 else
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
196 data:text_tag("test", tostring(count + 1), { xmlns = "test" })
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
197 session.send(data);
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
198 end
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
199 end }, text = "Need to test this" };
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
200 end);
23c4c61a1068 mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 6036
diff changeset
201
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
202 module:hook("sasl2/c2s/success", function (event)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
203 local session = event.session
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
204 event.success:text_tag("authorization-identifier", jid_join(session.username, session.host, session.resource));
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
205 session.send(event.success);
5049
e89aad13a52a mod_sasl2: Further break up success handling, into pre/post stream:features
Matthew Wild <mwild1@gmail.com>
parents: 5048
diff changeset
206 end, -1000);
e89aad13a52a mod_sasl2: Further break up success handling, into pre/post stream:features
Matthew Wild <mwild1@gmail.com>
parents: 5048
diff changeset
207
e89aad13a52a mod_sasl2: Further break up success handling, into pre/post stream:features
Matthew Wild <mwild1@gmail.com>
parents: 5048
diff changeset
208 module:hook("sasl2/c2s/success", function (event)
5249
828e5e443613 mod_sasl2: Fire authentication-{success,failure} events like mod_saslauth
Matthew Wild <mwild1@gmail.com>
parents: 5088
diff changeset
209 module:fire_event("authentication-success", event);
5049
e89aad13a52a mod_sasl2: Further break up success handling, into pre/post stream:features
Matthew Wild <mwild1@gmail.com>
parents: 5048
diff changeset
210 local session = event.session;
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
211 local features = st.stanza("stream:features");
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
212 module:fire_event("stream-features", { origin = session, features = features });
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
213 session.send(features);
5049
e89aad13a52a mod_sasl2: Further break up success handling, into pre/post stream:features
Matthew Wild <mwild1@gmail.com>
parents: 5048
diff changeset
214 end, -1500);
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
215
5021
f62b091b1c81 mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents: 5020
diff changeset
216 -- The gap here is to allow modules to do stuff to the stream after the stanza
f62b091b1c81 mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents: 5020
diff changeset
217 -- is sent, but before we proceed with anything else. This is expected to be
f62b091b1c81 mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents: 5020
diff changeset
218 -- a common pattern with SASL2, which allows atomic negotiation of a bunch of
f62b091b1c81 mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents: 5020
diff changeset
219 -- stream features.
f62b091b1c81 mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents: 5020
diff changeset
220 module:hook("sasl2/c2s/success", function (event) --luacheck: ignore 212/event
5063
53145c6b6b0b mod_sasl2: Clear sasl_handler on final success
Matthew Wild <mwild1@gmail.com>
parents: 5049
diff changeset
221 event.session.sasl_handler = nil;
5021
f62b091b1c81 mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents: 5020
diff changeset
222 return true;
f62b091b1c81 mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents: 5020
diff changeset
223 end, -2000);
f62b091b1c81 mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents: 5020
diff changeset
224
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
225 local function process_cdata(session, cdata)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
226 if cdata then
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
227 cdata = base64.decode(cdata);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
228 if not cdata then
5025
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
229 return handle_status(session, "failure", "incorrect-encoding");
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
230 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
231 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
232 return handle_status(session, session.sasl_handler:process(cdata));
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
233 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
234
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
235 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth)
5088
e9cf361982d5 mod_sasl2: Honour (c2s_)require_encryption config option
Matthew Wild <mwild1@gmail.com>
parents: 5067
diff changeset
236 if secure_auth_only and not session.secure then
e9cf361982d5 mod_sasl2: Honour (c2s_)require_encryption config option
Matthew Wild <mwild1@gmail.com>
parents: 5067
diff changeset
237 return handle_status(session, "failure", "encryption-required");
e9cf361982d5 mod_sasl2: Honour (c2s_)require_encryption config option
Matthew Wild <mwild1@gmail.com>
parents: 5067
diff changeset
238 end
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
239 local sasl_handler = session.sasl_handler;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
240 if not sasl_handler then
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
241 sasl_handler = usermanager_get_sasl_handler(host, session);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
242 session.sasl_handler = sasl_handler;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
243 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
244 local mechanism = assert(auth.attr.mechanism);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
245 if not sasl_handler:select(mechanism) then
5025
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
246 return handle_status(session, "failure", "invalid-mechanism");
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
247 end
5048
3697d19d5fd9 mod_sasl2: Store client id if provided
Matthew Wild <mwild1@gmail.com>
parents: 5044
diff changeset
248 local user_agent = auth:get_child("user-agent");
3697d19d5fd9 mod_sasl2: Store client id if provided
Matthew Wild <mwild1@gmail.com>
parents: 5044
diff changeset
249 if user_agent then
3697d19d5fd9 mod_sasl2: Store client id if provided
Matthew Wild <mwild1@gmail.com>
parents: 5044
diff changeset
250 session.client_id = user_agent.attr.id;
5261
6526b670e66d mod_sasl2: Pull user-agent info into sasl_handler for later reference
Matthew Wild <mwild1@gmail.com>
parents: 5249
diff changeset
251 sasl_handler.user_agent = {
6526b670e66d mod_sasl2: Pull user-agent info into sasl_handler for later reference
Matthew Wild <mwild1@gmail.com>
parents: 5249
diff changeset
252 software = user_agent:get_child_text("software");
6526b670e66d mod_sasl2: Pull user-agent info into sasl_handler for later reference
Matthew Wild <mwild1@gmail.com>
parents: 5249
diff changeset
253 device = user_agent:get_child_text("device");
6526b670e66d mod_sasl2: Pull user-agent info into sasl_handler for later reference
Matthew Wild <mwild1@gmail.com>
parents: 5249
diff changeset
254 };
5048
3697d19d5fd9 mod_sasl2: Store client id if provided
Matthew Wild <mwild1@gmail.com>
parents: 5044
diff changeset
255 end
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
256 local initial = auth:get_child_text("initial-response");
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
257 return process_cdata(session, initial);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
258 end);
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
259
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
260 module:hook_tag(xmlns_sasl2, "response", function (session, response)
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
261 local sasl_handler = session.sasl_handler;
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
262 if not sasl_handler or not sasl_handler.selected then
5025
fd154db7c8fc mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents: 5023
diff changeset
263 return handle_status(session, "failure", "invalid-mechanism");
3905
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
264 end
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
265 return process_cdata(session, response:get_text());
5ae2e865eea0 mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff changeset
266 end);
6036
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
267
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
268 module:hook_tag(xmlns_sasl2, "next", function (session, next)
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
269 if not session.tasks or not next.attr.task or not session.tasks[next.attr.task] then
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
270 return handle_status(session, "failure", "invalid-mechanism");
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
271 end
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
272
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
273 session.task = session.tasks[next.attr.task];
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
274 session.tasks = nil;
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
275 session.task(session, next);
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
276 return true;
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
277 end);
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
278
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
279 module:hook_tag(xmlns_sasl2, "task-data", function (session, data)
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
280 if not session.task then
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
281 return handle_status(session, "failure", "invalid-mechanism");
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
282 end
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
283
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
284 session.task(session, data);
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
285 return true;
1ef53e0264f4 mod_sasl2: hook for modules to implement tasks
Stephen Paul Weber <singpolyma@singpolyma.net>
parents: 5913
diff changeset
286 end);