prosody
02ccf2fbf000
plugins/mod_saslauth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_saslauth.lua @ 10487:02ccf2fbf000

mod_saslauth: Collect SASL EXTERNAL failures into an util.error object Will be easier than that concatenated string to extract info out of for use elsewhere.
author Kim Alvefur <zash@zash.se>
date Sat, 07 Dec 2019 22:51:43 +0100
parent 10481:7a3c04789d5c
child 10488:03ff1e614b4d
comparison
equal deleted inserted replaced
10486:479e96e554c8 10487:02ccf2fbf000
11 local st = require "util.stanza"; 11 local st = require "util.stanza";
12 local sm_bind_resource = require "core.sessionmanager".bind_resource; 12 local sm_bind_resource = require "core.sessionmanager".bind_resource;
13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; 13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
14 local base64 = require "util.encodings".base64; 14 local base64 = require "util.encodings".base64;
15 local set = require "util.set"; 15 local set = require "util.set";
16 local errors = require "util.error";
16 17
17 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; 18 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
18 19
19 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false)); 20 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false));
20 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) 21 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
100 if child.name ~= "text" then 101 if child.name ~= "text" then
101 condition = child.name; 102 condition = child.name;
102 break; 103 break;
103 end 104 end
104 end 105 end
105 if text and condition then 106 local err = errors.new({
106 condition = condition .. ": " .. text; 107 -- TODO type = what?
107 end 108 text = text,
108 module:log("info", "SASL EXTERNAL with %s failed: %s", session.to_host, condition); 109 condition = condition,
110 }, {
111 session = session,
112 stanza = stanza,
113 });
114
115 module:log("info", "SASL EXTERNAL with %s failed: %s", session.to_host, err);
109 116
110 session.external_auth = "failed" 117 session.external_auth = "failed"
111 session.external_auth_failure_reason = condition; 118 session.external_auth_failure_reason = err;
112 end, 500) 119 end, 500)
113 120
114 module:hook_tag(xmlns_sasl, "failure", function (session, stanza) -- luacheck: ignore 212/stanza 121 module:hook_tag(xmlns_sasl, "failure", function (session, stanza) -- luacheck: ignore 212/stanza
115 session.log("debug", "No fallback from SASL EXTERNAL failure, giving up"); 122 session.log("debug", "No fallback from SASL EXTERNAL failure, giving up");
116 session:close(nil, session.external_auth_failure_reason); 123 session:close(nil, session.external_auth_failure_reason);