prosody
546695e80e0a
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 3167:546695e80e0a
Correct out of order logic in mod_hashpassauth
Make saslauth check the existence of the get_password and test_password functions to determine which authentication profile to use.
| author | Jeff Mitchell <jeff@jefferai.org> |
|---|---|
| date | Fri, 28 May 2010 14:47:32 -0400 |
| parent | 3164:db9def53fe9c |
| child | 3178:46f5ed897beb |
comparison
equal
deleted
inserted
replaced
| 3166:3c46cb94caed | 3167:546695e80e0a |
|---|---|
| 13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; | 13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; |
| 14 local base64 = require "util.encodings".base64; | 14 local base64 = require "util.encodings".base64; |
| 15 | 15 |
| 16 local nodeprep = require "util.encodings".stringprep.nodeprep; | 16 local nodeprep = require "util.encodings".stringprep.nodeprep; |
| 17 local datamanager_load = require "util.datamanager".load; | 17 local datamanager_load = require "util.datamanager".load; |
| 18 local usermanager_get_provider = require "core.usermanager".get_provider; | |
| 18 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; | 19 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; |
| 19 local usermanager_user_exists = require "core.usermanager".user_exists; | 20 local usermanager_user_exists = require "core.usermanager".user_exists; |
| 20 local usermanager_get_password = require "core.usermanager".get_password; | 21 local usermanager_get_password = require "core.usermanager".get_password; |
| 21 local usermanager_test_password = require "core.usermanager".test_password; | 22 local usermanager_test_password = require "core.usermanager".test_password; |
| 22 local t_concat, t_insert = table.concat, table.insert; | 23 local t_concat, t_insert = table.concat, table.insert; |
| 64 else | 65 else |
| 65 module:log("error", "Unknown SASL backend: %s", sasl_backend); | 66 module:log("error", "Unknown SASL backend: %s", sasl_backend); |
| 66 error("Unknown SASL backend"); | 67 error("Unknown SASL backend"); |
| 67 end | 68 end |
| 68 | 69 |
| 69 local default_authentication_profile = { | 70 local getpass_authentication_profile = { |
| 70 plain = function(username, realm) | 71 plain = function(username, realm) |
| 71 local prepped_username = nodeprep(username); | 72 local prepped_username = nodeprep(username); |
| 72 if not prepped_username then | 73 if not prepped_username then |
| 73 log("debug", "NODEprep failed on username: %s", username); | 74 log("debug", "NODEprep failed on username: %s", username); |
| 74 return "", nil; | 75 return "", nil; |
| 79 end | 80 end |
| 80 return password, true; | 81 return password, true; |
| 81 end | 82 end |
| 82 }; | 83 }; |
| 83 | 84 |
| 84 local hashpass_authentication_profile = { | 85 local testpass_authentication_profile = { |
| 85 plain_test = function(username, password, realm) | 86 plain_test = function(username, password, realm) |
| 86 local prepped_username = nodeprep(username); | 87 local prepped_username = nodeprep(username); |
| 87 if not prepped_username then | 88 if not prepped_username then |
| 88 log("debug", "NODEprep failed on username: %s", username); | 89 log("debug", "NODEprep failed on username: %s", username); |
| 89 return "", nil; | 90 return "", nil; |
| 192 end | 193 end |
| 193 local realm = module:get_option("sasl_realm") or origin.host; | 194 local realm = module:get_option("sasl_realm") or origin.host; |
| 194 if module:get_option("anonymous_login") then | 195 if module:get_option("anonymous_login") then |
| 195 origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); | 196 origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); |
| 196 else | 197 else |
| 197 local authentication = module:get_option("authentication"); | 198 if usermanager_get_provider(realm).get_password then |
| 198 log("debug", "AUTH: creating handler for '%s' type", authentication); | 199 origin.sasl_handler = new_sasl(realm, getpass_authentication_profile); |
| 199 if authentication == nil or authentication == "default" then | 200 elseif usermanager_get_provider(realm).test_password then |
| 200 origin.sasl_handler = new_sasl(realm, default_authentication_profile); | 201 origin.sasl_handler = new_sasl(realm, testpass_authentication_profile); |
| 201 elseif authentication == "hashpass" then | 202 else |
| 202 origin.sasl_handler = new_sasl(realm, hashpass_authentication_profile); | 203 log("warning", "AUTH: Could not load an authentication profile for the given provider."); |
| 203 end | 204 end |
| 204 if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then | 205 if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then |
| 205 origin.sasl_handler:forbidden({"PLAIN"}); | 206 origin.sasl_handler:forbidden({"PLAIN"}); |
| 206 end | 207 end |
| 207 end | 208 end |
