Comparison

plugins/mod_saslauth.lua @ 3064:596303990c7c

usermanager, mod_saslauth: Make account provisioning for Cyrus SASL optional (default: not required)
author Matthew Wild <mwild1@gmail.com>
date Thu, 20 May 2010 11:32:24 +0100
parent 3062:892c49869293
child 3066:5e5137057b5f
comparison
equal deleted inserted replaced
3063:ca149818083d 3064:596303990c7c
25 local md5 = require "util.hashes".md5; 25 local md5 = require "util.hashes".md5;
26 local config = require "core.configmanager"; 26 local config = require "core.configmanager";
27 27
28 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); 28 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
29 local sasl_backend = module:get_option("sasl_backend") or "builtin"; 29 local sasl_backend = module:get_option("sasl_backend") or "builtin";
30 local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
30 31
31 local log = module._log; 32 local log = module._log;
32 33
33 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; 34 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
34 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; 35 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind';
103 module:log("warn", "SASL succeeded but we didn't get a username!"); 104 module:log("warn", "SASL succeeded but we didn't get a username!");
104 session.sasl_handler = nil; 105 session.sasl_handler = nil;
105 session:reset_stream(); 106 session:reset_stream();
106 return status, ret, err_msg; 107 return status, ret, err_msg;
107 end 108 end
108 sm_make_authenticated(session, session.sasl_handler.username); 109
109 session.sasl_handler = nil; 110 if not(require_provisioning) or usermanager_user_exists(username, session.host) then
110 session:reset_stream(); 111 sm_make_authenticated(session, session.sasl_handler.username);
112 session.sasl_handler = nil;
113 session:reset_stream();
114 else
115 module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
116 session.sasl_handler = session.sasl_handler:clean_clone();
117 return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
118 end
111 end 119 end
112 return status, ret, err_msg; 120 return status, ret, err_msg;
113 end 121 end
114 122
115 local function sasl_handler(session, stanza) 123 local function sasl_handler(session, stanza)