prosody
7c273da3cff6
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 6525:7c273da3cff6
Merge 0.10->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 20 Nov 2014 15:01:47 +0100 |
| parent | 6519:367db22cf7d2 |
| child | 7298:7056bbaf81ee |
comparison
equal
deleted
inserted
replaced
| 6516:ecd8d6437053 | 6525:7c273da3cff6 |
|---|---|
| 212 session.sasl_handler = nil; | 212 session.sasl_handler = nil; |
| 213 session.send(build_reply("failure", "aborted")); | 213 session.send(build_reply("failure", "aborted")); |
| 214 return true; | 214 return true; |
| 215 end); | 215 end); |
| 216 | 216 |
| 217 local function tls_unique(self) | |
| 218 return self.userdata["tls-unique"]:getpeerfinished(); | |
| 219 end | |
| 220 | |
| 217 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; | 221 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
| 218 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; | 222 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
| 219 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; | 223 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
| 220 module:hook("stream-features", function(event) | 224 module:hook("stream-features", function(event) |
| 221 local origin, features = event.origin, event.features; | 225 local origin, features = event.origin, event.features; |
| 222 if not origin.username then | 226 if not origin.username then |
| 223 if secure_auth_only and not origin.secure then | 227 if secure_auth_only and not origin.secure then |
| 224 return; | 228 return; |
| 225 end | 229 end |
| 226 origin.sasl_handler = usermanager_get_sasl_handler(module.host, origin); | 230 local sasl_handler = usermanager_get_sasl_handler(module.host, origin) |
| 231 origin.sasl_handler = sasl_handler; | |
| 227 if origin.encrypted then | 232 if origin.encrypted then |
| 228 -- check wether LuaSec has the nifty binding to the function needed for tls-unique | 233 -- check wether LuaSec has the nifty binding to the function needed for tls-unique |
| 229 -- FIXME: would be nice to have this check only once and not for every socket | 234 -- FIXME: would be nice to have this check only once and not for every socket |
| 230 if origin.conn:socket().getpeerfinished and origin.sasl_handler.add_cb_handler then | 235 if sasl_handler.add_cb_handler then |
| 231 origin.sasl_handler:add_cb_handler("tls-unique", function(self) | 236 local socket = origin.conn:socket(); |
| 232 return self.userdata:getpeerfinished(); | 237 if socket.getpeerfinished then |
| 233 end); | 238 sasl_handler:add_cb_handler("tls-unique", tls_unique); |
| 234 origin.sasl_handler["userdata"] = origin.conn:socket(); | 239 end |
| 240 sasl_handler["userdata"] = { | |
| 241 ["tls-unique"] = socket; | |
| 242 }; | |
| 235 end | 243 end |
| 236 end | 244 end |
| 237 local mechanisms = st.stanza("mechanisms", mechanisms_attr); | 245 local mechanisms = st.stanza("mechanisms", mechanisms_attr); |
| 238 for mechanism in pairs(origin.sasl_handler:mechanisms()) do | 246 for mechanism in pairs(sasl_handler:mechanisms()) do |
| 239 if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then | 247 if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then |
| 240 mechanisms:tag("mechanism"):text(mechanism):up(); | 248 mechanisms:tag("mechanism"):text(mechanism):up(); |
| 241 end | 249 end |
| 242 end | 250 end |
| 243 if mechanisms[1] then | 251 if mechanisms[1] then |
