prosody
44a78985471f
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 12912:44a78985471f
mod_saslauth: Support for SASL handlers forcing a specific resource
The token layer supports tokens that are tied to a given resource.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 01 Mar 2023 12:56:08 +0000 |
| parent | 12726:9f100ab9ffdf |
| child | 12977:74b9e05af71e |
comparison
equal
deleted
inserted
replaced
| 12911:ab1164eda011 | 12912:44a78985471f |
|---|---|
| 52 module:fire_event("authentication-failure", { session = session, condition = ret, text = err_msg }); | 52 module:fire_event("authentication-failure", { session = session, condition = ret, text = err_msg }); |
| 53 session.sasl_handler = session.sasl_handler:clean_clone(); | 53 session.sasl_handler = session.sasl_handler:clean_clone(); |
| 54 elseif status == "success" then | 54 elseif status == "success" then |
| 55 local ok, err = sm_make_authenticated(session, session.sasl_handler.username, session.sasl_handler.role); | 55 local ok, err = sm_make_authenticated(session, session.sasl_handler.username, session.sasl_handler.role); |
| 56 if ok then | 56 if ok then |
| 57 session.sasl_resource = session.sasl_handler.resource; | |
| 57 module:fire_event("authentication-success", { session = session }); | 58 module:fire_event("authentication-success", { session = session }); |
| 58 session.sasl_handler = nil; | 59 session.sasl_handler = nil; |
| 59 session:reset_stream(); | 60 session:reset_stream(); |
| 60 else | 61 else |
| 61 module:log("warn", "SASL succeeded but username was invalid"); | 62 module:log("warn", "SASL succeeded but username was invalid"); |
| 372 end | 373 end |
| 373 end); | 374 end); |
| 374 | 375 |
| 375 module:hook("stanza/iq/urn:ietf:params:xml:ns:xmpp-bind:bind", function(event) | 376 module:hook("stanza/iq/urn:ietf:params:xml:ns:xmpp-bind:bind", function(event) |
| 376 local origin, stanza = event.origin, event.stanza; | 377 local origin, stanza = event.origin, event.stanza; |
| 377 local resource; | 378 local resource = origin.sasl_resource; |
| 378 if stanza.attr.type == "set" then | 379 if stanza.attr.type == "set" and not resource then |
| 379 local bind = stanza.tags[1]; | 380 local bind = stanza.tags[1]; |
| 380 resource = bind:get_child("resource"); | 381 resource = bind:get_child("resource"); |
| 381 resource = resource and #resource.tags == 0 and resource[1] or nil; | 382 resource = resource and #resource.tags == 0 and resource[1] or nil; |
| 382 end | 383 end |
| 383 local success, err_type, err, err_msg = sm_bind_resource(origin, resource); | 384 local success, err_type, err, err_msg = sm_bind_resource(origin, resource); |
| 384 if success then | 385 if success then |
| 386 origin.sasl_resource = nil; | |
| 385 origin.send(st.reply(stanza) | 387 origin.send(st.reply(stanza) |
| 386 :tag("bind", { xmlns = xmlns_bind }) | 388 :tag("bind", { xmlns = xmlns_bind }) |
| 387 :tag("jid"):text(origin.full_jid)); | 389 :tag("jid"):text(origin.full_jid)); |
| 388 origin.log("debug", "Resource bound: %s", origin.full_jid); | 390 origin.log("debug", "Resource bound: %s", origin.full_jid); |
| 389 else | 391 else |
