prosody
33175ad2f682
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 292:33175ad2f682
Started using realm in password hashing, and added support for error message replies from sasl
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Sun, 16 Nov 2008 01:54:14 +0500 |
| parent | 291:5672d2be1bf3 |
| child | 293:b446de4e258e |
comparison
equal
deleted
inserted
replaced
| 291:5672d2be1bf3 | 292:33175ad2f682 |
|---|---|
| 15 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; | 15 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; |
| 16 local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas'; | 16 local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas'; |
| 17 | 17 |
| 18 local new_sasl = require "util.sasl".new; | 18 local new_sasl = require "util.sasl".new; |
| 19 | 19 |
| 20 local function build_reply(status, ret) | 20 local function build_reply(status, ret, err_msg) |
| 21 local reply = st.stanza(status, {xmlns = xmlns_sasl}); | 21 local reply = st.stanza(status, {xmlns = xmlns_sasl}); |
| 22 if status == "challenge" then | 22 if status == "challenge" then |
| 23 reply:text(ret or ""); | 23 reply:text(ret or ""); |
| 24 elseif status == "failure" then | 24 elseif status == "failure" then |
| 25 reply:tag(ret):up(); | 25 reply:tag(ret):up(); |
| 26 if err_msg then reply:tag("text"); end | |
| 26 elseif status == "success" then | 27 elseif status == "success" then |
| 27 reply:text(ret or ""); | 28 reply:text(ret or ""); |
| 28 else | 29 else |
| 29 error("Unknown sasl status: "..status); | 30 error("Unknown sasl status: "..status); |
| 30 end | 31 end |
| 40 session.sasl_handler = nil; | 41 session.sasl_handler = nil; |
| 41 session:reset_stream(); | 42 session:reset_stream(); |
| 42 end | 43 end |
| 43 end | 44 end |
| 44 | 45 |
| 45 local function password_callback(jid, mechanism) | 46 local function password_callback(node, host, mechanism) |
| 46 local node, host = jid_split(jid); | |
| 47 local password = (datamanager.load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords | 47 local password = (datamanager.load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords |
| 48 local func = function(x) return x; end; | 48 local func = function(x) return x; end; |
| 49 if password then | 49 if password then |
| 50 if mechanism == "PLAIN" then | 50 if mechanism == "PLAIN" then |
| 51 return func, password; | 51 return func, password; |
| 52 elseif mechanism == "DIGEST-MD5" then | 52 elseif mechanism == "DIGEST-MD5" then |
| 53 return func, require "hashes".md5(node.."::"..password); | 53 return func, require "hashes".md5(node..":"..host..":"..password); |
| 54 end | 54 end |
| 55 end | 55 end |
| 56 return func, nil; | 56 return func, nil; |
| 57 end | 57 end |
| 58 | 58 |
| 64 session.sasl_handler = nil; | 64 session.sasl_handler = nil; |
| 65 session.send(build_reply("failure", "incorrect-encoding")); | 65 session.send(build_reply("failure", "incorrect-encoding")); |
| 66 return; | 66 return; |
| 67 end | 67 end |
| 68 end | 68 end |
| 69 local status, ret = session.sasl_handler:feed(text); | 69 local status, ret, err_msg = session.sasl_handler:feed(text); |
| 70 handle_status(session, status); | 70 handle_status(session, status); |
| 71 local s = build_reply(status, ret); | 71 local s = build_reply(status, ret, err_msg); |
| 72 log("debug", "sasl reply: "..tostring(s)); | 72 log("debug", "sasl reply: "..tostring(s)); |
| 73 session.send(s); | 73 session.send(s); |
| 74 end | 74 end |
| 75 | 75 |
| 76 add_handler("c2s_unauthed", "auth", xmlns_sasl, | 76 add_handler("c2s_unauthed", "auth", xmlns_sasl, |
