prosody
32a0c3816d73
plugins/mod_saslauth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

plugins/mod_saslauth.lua @ 3523:32a0c3816d73

mod_saslauth: Updated to use the new events API.
author Waqas Hussain <waqas20@gmail.com>
date Sat, 16 Oct 2010 05:03:00 +0500
parent 3468:d50e2c937717
child 3524:d206b4e0a9f3
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1523
841d61be198f Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents: 1486
diff changeset
1 -- Prosody IM
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2877
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 2877
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
4 --
758
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 724
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
b1885732e979 GPL->MIT!
Matthew Wild <mwild1@gmail.com>
parents: 724
diff changeset
6 -- COPYING file in the source package for more information.
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
7 --
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
8
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 449
diff changeset
9
38
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local st = require "util.stanza";
46
d6b3f9dbb624 Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents: 38
diff changeset
12 local sm_bind_resource = require "core.sessionmanager".bind_resource;
1042
a3d77353c18a mod_*: Fix a load of global accesses
Matthew Wild <mwild1@gmail.com>
parents: 938
diff changeset
13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
447
c0dae734d3bf Stopped using the lbase64 library
Waqas Hussain <waqas20@gmail.com>
parents: 438
diff changeset
14 local base64 = require "util.encodings".base64;
38
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15
1721
1dcfb2c64302 Use NODEprep for prepping usernames used during SASL logins.
Tobias Markmann <tm@ayena.de>
parents: 1523
diff changeset
16 local nodeprep = require "util.encodings".stringprep.nodeprep;
3188
c690e3c5105c mod_saslauth: Updated to use usermanager.get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents: 3178
diff changeset
17 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
46
d6b3f9dbb624 Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents: 38
diff changeset
18 local t_concat, t_insert = table.concat, table.insert;
38
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 local tostring = tostring;
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20
2415
eb383f58624b mod_saslauth: Use module:get_option()
Paul Aurich <paul@darkrain42.org>
parents: 2414
diff changeset
21 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
3385
192ffdaef491 mod_saslauth: A little cleanup for anonymous_login.
Waqas Hussain <waqas20@gmail.com>
parents: 3363
diff changeset
22 local anonymous_login = module:get_option("anonymous_login");
3417
53e854b52110 mod_saslauth: Check for unencrypted PLAIN auth in mod_saslauth instead of the SASL handler (makes it work for Cyrus SASL).
Waqas Hussain <waqas20@gmail.com>
parents: 3416
diff changeset
23 local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth")
3066
5e5137057b5f mod_saslauth: Split out cyrus SASL config options into locals, and add support for cyrus_application_name (default: 'prosody')
Matthew Wild <mwild1@gmail.com>
parents: 3064
diff changeset
24
1071
216f9a9001f1 mod_saslauth: Use module logger instead of creating a new one
Matthew Wild <mwild1@gmail.com>
parents: 1042
diff changeset
25 local log = module._log;
38
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
46
d6b3f9dbb624 Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents: 38
diff changeset
28 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind';
d6b3f9dbb624 Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents: 38
diff changeset
29 local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas';
38
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30
3463
1644ab13a4ca mod_saslauth: Get rid of most Cyrus SASL related code (use authentication='cyrus' instead).
Waqas Hussain <waqas20@gmail.com>
parents: 3418
diff changeset
31 local new_sasl = require "util.sasl".new;
38
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32
2450
03bb0e6d87d5 mod_saslauth: Made some variables local to avoid unnecessary global access.
Waqas Hussain <waqas20@gmail.com>
parents: 2418
diff changeset
33 local anonymous_authentication_profile = {
2193
8fbbdb11a520 Merge with sasl branch.
Tobias Markmann <tm@ayena.de>
parents: 2014 2179
diff changeset
34 anonymous = function(username, realm)
2450
03bb0e6d87d5 mod_saslauth: Made some variables local to avoid unnecessary global access.
Waqas Hussain <waqas20@gmail.com>
parents: 2418
diff changeset
35 return true; -- for normal usage you should always return true here
03bb0e6d87d5 mod_saslauth: Made some variables local to avoid unnecessary global access.
Waqas Hussain <waqas20@gmail.com>
parents: 2418
diff changeset
36 end
03bb0e6d87d5 mod_saslauth: Made some variables local to avoid unnecessary global access.
Waqas Hussain <waqas20@gmail.com>
parents: 2418
diff changeset
37 };
38
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38
292
33175ad2f682 Started using realm in password hashing, and added support for error message replies from sasl
Waqas Hussain <waqas20@gmail.com>
parents: 291
diff changeset
39 local function build_reply(status, ret, err_msg)
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
40 local reply = st.stanza(status, {xmlns = xmlns_sasl});
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
41 if status == "challenge" then
2860
ad534f89c758 mod_saslauth: Don't print raw SASL data to avoid logging passwords unnecessarily
Matthew Wild <mwild1@gmail.com>
parents: 2014
diff changeset
42 --log("debug", "CHALLENGE: %s", ret or "");
293
b446de4e258e base64 encode the sasl responses
Waqas Hussain <waqas20@gmail.com>
parents: 292
diff changeset
43 reply:text(base64.encode(ret or ""));
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
44 elseif status == "failure" then
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
45 reply:tag(ret):up();
293
b446de4e258e base64 encode the sasl responses
Waqas Hussain <waqas20@gmail.com>
parents: 292
diff changeset
46 if err_msg then reply:tag("text"):text(err_msg); end
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
47 elseif status == "success" then
2860
ad534f89c758 mod_saslauth: Don't print raw SASL data to avoid logging passwords unnecessarily
Matthew Wild <mwild1@gmail.com>
parents: 2014
diff changeset
48 --log("debug", "SUCCESS: %s", ret or "");
293
b446de4e258e base64 encode the sasl responses
Waqas Hussain <waqas20@gmail.com>
parents: 292
diff changeset
49 reply:text(base64.encode(ret or ""));
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
50 else
1073
7c20373d4451 mod_saslauth: Remove 2 instances of raising errors and replacing with more graceful handling
Matthew Wild <mwild1@gmail.com>
parents: 1072
diff changeset
51 module:log("error", "Unknown sasl status: %s", status);
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
52 end
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
53 return reply;
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
54 end
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
55
3062
892c49869293 mod_saslauth: Add return value and error message to the Cyrus SASL handle_status callback
Matthew Wild <mwild1@gmail.com>
parents: 3061
diff changeset
56 local function handle_status(session, status, ret, err_msg)
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
57 if status == "failure" then
2251
18079ede5b62 mod_saslauth: Fix typo in variable name
Matthew Wild <mwild1@gmail.com>
parents: 2242
diff changeset
58 session.sasl_handler = session.sasl_handler:clean_clone();
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
59 elseif status == "success" then
1846
fdb43fc1bafc mod_saslauth: Prep username used for authenticating a session
Matthew Wild <mwild1@gmail.com>
parents: 1721
diff changeset
60 local username = nodeprep(session.sasl_handler.username);
3064
596303990c7c usermanager, mod_saslauth: Make account provisioning for Cyrus SASL optional (default: not required)
Matthew Wild <mwild1@gmail.com>
parents: 3062
diff changeset
61
3468
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3464
diff changeset
62 local ok, err = sm_make_authenticated(session, session.sasl_handler.username);
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3464
diff changeset
63 if ok then
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3464
diff changeset
64 session.sasl_handler = nil;
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3464
diff changeset
65 session:reset_stream();
3064
596303990c7c usermanager, mod_saslauth: Make account provisioning for Cyrus SASL optional (default: not required)
Matthew Wild <mwild1@gmail.com>
parents: 3062
diff changeset
66 else
3468
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3464
diff changeset
67 module:log("warn", "SASL succeeded but username was invalid");
3064
596303990c7c usermanager, mod_saslauth: Make account provisioning for Cyrus SASL optional (default: not required)
Matthew Wild <mwild1@gmail.com>
parents: 3062
diff changeset
68 session.sasl_handler = session.sasl_handler:clean_clone();
3468
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3464
diff changeset
69 return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
3064
596303990c7c usermanager, mod_saslauth: Make account provisioning for Cyrus SASL optional (default: not required)
Matthew Wild <mwild1@gmail.com>
parents: 3062
diff changeset
70 end
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
71 end
3062
892c49869293 mod_saslauth: Add return value and error message to the Cyrus SASL handle_status callback
Matthew Wild <mwild1@gmail.com>
parents: 3061
diff changeset
72 return status, ret, err_msg;
281
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
73 end
826308c07627 mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents: 120
diff changeset
74
705
11afa1d88c55 mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents: 615
diff changeset
75 local function sasl_handler(session, stanza)
295
bb078eb1f1de mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents: 293
diff changeset
76 if stanza.name == "auth" then
bb078eb1f1de mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents: 293
diff changeset
77 -- FIXME ignoring duplicates because ejabberd does
3418
e75af8e6af54 mod_saslauth: Fixed a nil global access.
Waqas Hussain <waqas20@gmail.com>
parents: 3417
diff changeset
78 local mechanism = stanza.attr.mechanism;
3385
192ffdaef491 mod_saslauth: A little cleanup for anonymous_login.
Waqas Hussain <waqas20@gmail.com>
parents: 3363
diff changeset
79 if anonymous_login then
3418
e75af8e6af54 mod_saslauth: Fixed a nil global access.
Waqas Hussain <waqas20@gmail.com>
parents: 3417
diff changeset
80 if mechanism ~= "ANONYMOUS" then
1186
078eb3b109e9 mod_saslauth: Fix logic error which prevented SASL ANONYMOUS from working
Matthew Wild <mwild1@gmail.com>
parents: 1073
diff changeset
81 return session.send(build_reply("failure", "invalid-mechanism"));
078eb3b109e9 mod_saslauth: Fix logic error which prevented SASL ANONYMOUS from working
Matthew Wild <mwild1@gmail.com>
parents: 1073
diff changeset
82 end
3418
e75af8e6af54 mod_saslauth: Fixed a nil global access.
Waqas Hussain <waqas20@gmail.com>
parents: 3417
diff changeset
83 elseif mechanism == "ANONYMOUS" then
935
efe3eaaeff34 Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents: 934
diff changeset
84 return session.send(build_reply("failure", "mechanism-too-weak"));
efe3eaaeff34 Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents: 934
diff changeset
85 end
3417
53e854b52110 mod_saslauth: Check for unencrypted PLAIN auth in mod_saslauth instead of the SASL handler (makes it work for Cyrus SASL).
Waqas Hussain <waqas20@gmail.com>
parents: 3416
diff changeset
86 if not session.secure and (secure_auth_only or (mechanism == "PLAIN" and not allow_unencrypted_plain_auth)) then
3416
c505a8cc8922 mod_saslauth: Move mandatory encryption enforcement to before sasl_handler:select().
Waqas Hussain <waqas20@gmail.com>
parents: 3391
diff changeset
87 return session.send(build_reply("failure", "encryption-required"));
c505a8cc8922 mod_saslauth: Move mandatory encryption enforcement to before sasl_handler:select().
Waqas Hussain <waqas20@gmail.com>
parents: 3391
diff changeset
88 end
3418
e75af8e6af54 mod_saslauth: Fixed a nil global access.
Waqas Hussain <waqas20@gmail.com>
parents: 3417
diff changeset
89 local valid_mechanism = session.sasl_handler:select(mechanism);
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 1639
diff changeset
90 if not valid_mechanism then
935
efe3eaaeff34 Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents: 934
diff changeset
91 return session.send(build_reply("failure", "invalid-mechanism"));
efe3eaaeff34 Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents: 934
diff changeset
92 end
295
bb078eb1f1de mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents: 293
diff changeset
93 elseif not session.sasl_handler then
bb078eb1f1de mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents: 293
diff changeset
94 return; -- FIXME ignoring out of order stanzas because ejabberd does
bb078eb1f1de mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents: 293
diff changeset
95 end
284
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
96 local text = stanza[1];
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
97 if text then
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
98 text = base64.decode(text);
2860
ad534f89c758 mod_saslauth: Don't print raw SASL data to avoid logging passwords unnecessarily
Matthew Wild <mwild1@gmail.com>
parents: 2014
diff changeset
99 --log("debug", "AUTH: %s", text:gsub("[%z\001-\008\011\012\014-\031]", " "));
284
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
100 if not text then
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
101 session.sasl_handler = nil;
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
102 session.send(build_reply("failure", "incorrect-encoding"));
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
103 return;
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
104 end
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
105 end
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 1639
diff changeset
106 local status, ret, err_msg = session.sasl_handler:process(text);
3062
892c49869293 mod_saslauth: Add return value and error message to the Cyrus SASL handle_status callback
Matthew Wild <mwild1@gmail.com>
parents: 3061
diff changeset
107 status, ret, err_msg = handle_status(session, status, ret, err_msg);
1584
ffe8a9296e04 mod_saslauth, usermanager: Fetch list of mechanisms from usermanager
Nick Thomas
parents: 1523
diff changeset
108 local s = build_reply(status, ret, err_msg);
1072
c7967004b5d0 mod_saslauth: Various logging fixes
Matthew Wild <mwild1@gmail.com>
parents: 1071
diff changeset
109 log("debug", "sasl reply: %s", tostring(s));
288
dc53343af9ac Set username in a SASL object.
Tobias Markmann <tm@ayena.de>
parents: 286
diff changeset
110 session.send(s);
284
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
111 end
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
112
438
193f9dd64f17 Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents: 357
diff changeset
113 module:add_handler("c2s_unauthed", "auth", xmlns_sasl, sasl_handler);
193f9dd64f17 Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents: 357
diff changeset
114 module:add_handler("c2s_unauthed", "abort", xmlns_sasl, sasl_handler);
193f9dd64f17 Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents: 357
diff changeset
115 module:add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler);
284
4f540755260c mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents: 281
diff changeset
116
357
17bcecb06420 Use a stanza for c2s stream features instead of an array of strings. Removes a FIXME.
Matthew Wild <mwild1@gmail.com>
parents: 313
diff changeset
117 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' };
17bcecb06420 Use a stanza for c2s stream features instead of an array of strings. Removes a FIXME.
Matthew Wild <mwild1@gmail.com>
parents: 313
diff changeset
118 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' };
17bcecb06420 Use a stanza for c2s stream features instead of an array of strings. Removes a FIXME.
Matthew Wild <mwild1@gmail.com>
parents: 313
diff changeset
119 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' };
2612
475552b04151 mod_saslauth: Hook stream-features event using new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2451
diff changeset
120 module:hook("stream-features", function(event)
475552b04151 mod_saslauth: Hook stream-features event using new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2451
diff changeset
121 local origin, features = event.origin, event.features;
475552b04151 mod_saslauth: Hook stream-features event using new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2451
diff changeset
122 if not origin.username then
475552b04151 mod_saslauth: Hook stream-features event using new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 2451
diff changeset
123 if secure_auth_only and not origin.secure then
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
124 return;
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
125 end
3385
192ffdaef491 mod_saslauth: A little cleanup for anonymous_login.
Waqas Hussain <waqas20@gmail.com>
parents: 3363
diff changeset
126 if anonymous_login then
3391
8ac3f60af3c4 mod_saslauth: Got rid of undocumented and useless 'sasl_realm' config option (was only used for anonymous auth, and that didn't make sense).
Waqas Hussain <waqas20@gmail.com>
parents: 3386
diff changeset
127 origin.sasl_handler = new_sasl(module.host, anonymous_authentication_profile);
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
128 else
3188
c690e3c5105c mod_saslauth: Updated to use usermanager.get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents: 3178
diff changeset
129 origin.sasl_handler = usermanager_get_sasl_handler(module.host);
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
130 end
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
131 features:tag("mechanisms", mechanisms_attr);
3417
53e854b52110 mod_saslauth: Check for unencrypted PLAIN auth in mod_saslauth instead of the SASL handler (makes it work for Cyrus SASL).
Waqas Hussain <waqas20@gmail.com>
parents: 3416
diff changeset
132 for mechanism in pairs(origin.sasl_handler:mechanisms()) do
53e854b52110 mod_saslauth: Check for unencrypted PLAIN auth in mod_saslauth instead of the SASL handler (makes it work for Cyrus SASL).
Waqas Hussain <waqas20@gmail.com>
parents: 3416
diff changeset
133 if mechanism ~= "PLAIN" or origin.secure or allow_unencrypted_plain_auth then
53e854b52110 mod_saslauth: Check for unencrypted PLAIN auth in mod_saslauth instead of the SASL handler (makes it work for Cyrus SASL).
Waqas Hussain <waqas20@gmail.com>
parents: 3416
diff changeset
134 features:tag("mechanism"):text(mechanism):up();
53e854b52110 mod_saslauth: Check for unencrypted PLAIN auth in mod_saslauth instead of the SASL handler (makes it work for Cyrus SASL).
Waqas Hussain <waqas20@gmail.com>
parents: 3416
diff changeset
135 end
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
136 end
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
137 features:up();
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
138 else
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
139 features:tag("bind", bind_attr):tag("required"):up():up();
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
140 features:tag("session", xmpp_session_attr):tag("optional"):up():up();
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
141 end
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
142 end);
1584
ffe8a9296e04 mod_saslauth, usermanager: Fetch list of mechanisms from usermanager
Nick Thomas
parents: 1523
diff changeset
143
3523
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
144 module:hook("iq/self/urn:ietf:params:xml:ns:xmpp-bind:bind", function(event)
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
145 log("debug", "Client requesting a resource bind");
3523
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
146 local origin, stanza = event.origin, event.stanza;
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
147 local resource;
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
148 if stanza.attr.type == "set" then
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
149 local bind = stanza.tags[1];
3523
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
150 resource = bind:child_with_name("resource");
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
151 resource = resource and #resource.tags == 0 and resource[1] or nil;
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
152 end
3523
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
153 local success, err_type, err, err_msg = sm_bind_resource(origin, resource);
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
154 if success then
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
155 origin.send(st.reply(stanza)
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
156 :tag("bind", { xmlns = xmlns_bind })
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
157 :tag("jid"):text(origin.full_jid));
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
158 else
3523
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
159 origin.send(st.error_reply(stanza, err_type, err, err_msg));
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
160 end
3523
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
161 return true;
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
162 end);
1584
ffe8a9296e04 mod_saslauth, usermanager: Fetch list of mechanisms from usermanager
Nick Thomas
parents: 1523
diff changeset
163
3523
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
164 module:hook("iq/self/urn:ietf:params:xml:ns:xmpp-session:session", function(event)
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
165 log("debug", "Client requesting a session");
3523
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
166 event.origin.send(st.reply(event.stanza));
32a0c3816d73 mod_saslauth: Updated to use the new events API.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
167 return true;
2451
d2f747920eaf mod_saslauth: Fixed some indentation and added some semi-colons.
Waqas Hussain <waqas20@gmail.com>
parents: 2450
diff changeset
168 end);