prosody
32177c680d2a
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 4507:32177c680d2a
Merge with 0.9
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 12 Feb 2012 14:21:09 +0000 |
| parent | 4506:6643c9753453 |
| child | 4754:449a78f91f0e |
comparison
equal
deleted
inserted
replaced
| 4503:6dc327809dfd | 4507:32177c680d2a |
|---|---|
| 14 local s2s_make_authenticated = require "core.s2smanager".make_authenticated; | 14 local s2s_make_authenticated = require "core.s2smanager".make_authenticated; |
| 15 local base64 = require "util.encodings".base64; | 15 local base64 = require "util.encodings".base64; |
| 16 | 16 |
| 17 local cert_verify_identity = require "util.x509".verify_identity; | 17 local cert_verify_identity = require "util.x509".verify_identity; |
| 18 | 18 |
| 19 local nodeprep = require "util.encodings".stringprep.nodeprep; | |
| 20 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; | 19 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; |
| 21 local tostring = tostring; | 20 local tostring = tostring; |
| 22 | 21 |
| 23 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 22 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 24 local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth") | 23 local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth") |
| 49 local function handle_status(session, status, ret, err_msg) | 48 local function handle_status(session, status, ret, err_msg) |
| 50 if status == "failure" then | 49 if status == "failure" then |
| 51 module:fire_event("authentication-failure", { session = session, condition = ret, text = err_msg }); | 50 module:fire_event("authentication-failure", { session = session, condition = ret, text = err_msg }); |
| 52 session.sasl_handler = session.sasl_handler:clean_clone(); | 51 session.sasl_handler = session.sasl_handler:clean_clone(); |
| 53 elseif status == "success" then | 52 elseif status == "success" then |
| 54 module:fire_event("authentication-success", { session = session }); | |
| 55 local username = nodeprep(session.sasl_handler.username); | |
| 56 | |
| 57 local ok, err = sm_make_authenticated(session, session.sasl_handler.username); | 53 local ok, err = sm_make_authenticated(session, session.sasl_handler.username); |
| 58 if ok then | 54 if ok then |
| 55 module:fire_event("authentication-success", { session = session }); | |
| 59 session.sasl_handler = nil; | 56 session.sasl_handler = nil; |
| 60 session:reset_stream(); | 57 session:reset_stream(); |
| 61 else | 58 else |
| 62 module:log("warn", "SASL succeeded but username was invalid"); | 59 module:log("warn", "SASL succeeded but username was invalid"); |
| 60 module:fire_event("authentication-failure", { session = session, condition = "not-authorized", text = err }); | |
| 63 session.sasl_handler = session.sasl_handler:clean_clone(); | 61 session.sasl_handler = session.sasl_handler:clean_clone(); |
| 64 return "failure", "not-authorized", "User authenticated successfully, but username was invalid"; | 62 return "failure", "not-authorized", "User authenticated successfully, but username was invalid"; |
| 65 end | 63 end |
| 66 end | 64 end |
| 67 return status, ret, err_msg; | 65 return status, ret, err_msg; |
