Comparison

plugins/mod_saslauth.lua @ 286:7e4908d4bdf6

Merge with Waqas changes to mod_saslauth.
author Tobias Markmann <tm@ayena.de>
date Sat, 15 Nov 2008 19:25:51 +0100
parent 283:8e1fd8ff66ee
parent 284:4f540755260c
child 288:dc53343af9ac
comparison
equal deleted inserted replaced
285:372d0891e8fd 286:7e4908d4bdf6
51 end 51 end
52 end 52 end
53 return func, nil; 53 return func, nil;
54 end 54 end
55 55
56 function do_sasl(session, stanza)
57 local text = stanza[1];
58 if text then
59 text = base64.decode(text);
60 if not text then
61 session.sasl_handler = nil;
62 session.send(build_reply("failure", "incorrect-encoding"));
63 return;
64 end
65 end
66 local status, ret = session.sasl_handler:feed(text);
67 handle_status(session, status);
68 session.send(build_reply(status, ret));
69 end
70
56 add_handler("c2s_unauthed", "auth", xmlns_sasl, 71 add_handler("c2s_unauthed", "auth", xmlns_sasl,
57 function (session, stanza) 72 function (session, stanza)
58 if not session.sasl_handler then 73 if not session.sasl_handler then
59 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); 74 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback);
60 local status, ret = session.sasl_handler:feed(stanza[1]); 75 do_sasl(session, stanza);
61 handle_status(session, status);
62 session.send(build_reply(status, ret));
63 --[[session.sasl_handler = new_sasl(stanza.attr.mechanism,
64 function (username, password)
65 -- onAuth
66 require "core.usermanager"
67 if usermanager_validate_credentials(session.host, username, password) then
68 return true;
69 end
70 return false;
71 end,
72 function (username)
73 -- onSuccess
74 local success, err = sessionmanager.make_authenticated(session, username);
75 if not success then
76 sessionmanager.destroy_session(session);
77 return;
78 end
79 session.sasl_handler = nil;
80 session:reset_stream();
81 end,
82 function (reason)
83 -- onFail
84 log("debug", "SASL failure, reason: %s", reason);
85 end,
86 function (stanza)
87 -- onWrite
88 log("debug", "SASL writes: %s", tostring(stanza));
89 send(session, stanza);
90 end
91 );
92 session.sasl_handler:feed(stanza); ]]
93 else 76 else
94 error("Client tried to negotiate SASL again", 0); 77 error("Client tried to negotiate SASL again", 0);
95 end 78 end
96 end); 79 end);
97 80
98 add_handler("c2s_unauthed", "abort", xmlns_sasl, 81 add_handler("c2s_unauthed", "abort", xmlns_sasl,
99 function(session, stanza) 82 function(session, stanza)
100 if not session.sasl_handler then error("Attempt to abort when sasl has not started"); end 83 if not session.sasl_handler then error("Attempt to abort when sasl has not started"); end
101 local status, ret = session.sasl_handler:feed(stanza[1]); 84 do_sasl(session, stanza);
102 handle_status(session, status);
103 session.send(build_reply(status, ret));
104 end); 85 end);
105 86
106 add_handler("c2s_unauthed", "response", xmlns_sasl, 87 add_handler("c2s_unauthed", "response", xmlns_sasl,
107 function(session, stanza) 88 function(session, stanza)
108 if not session.sasl_handler then error("Attempt to respond when sasl has not started"); end 89 if not session.sasl_handler then error("Attempt to respond when sasl has not started"); end
109 local status, ret = session.sasl_handler:feed(stanza[1]); 90 do_sasl(session, stanza);
110 handle_status(session, status);
111 session.send(build_reply(status, ret));
112 end); 91 end);
113 92
114 add_event_hook("stream-features", 93 add_event_hook("stream-features",
115 function (session, features) 94 function (session, features)
116 if not session.username then 95 if not session.username then
117 t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"); 96 t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>");
118 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. 97 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.