Comparison

plugins/mod_saslauth.lua @ 2860:ad534f89c758

mod_saslauth: Don't print raw SASL data to avoid logging passwords unnecessarily
author Matthew Wild <mwild1@gmail.com>
date Sat, 13 Feb 2010 19:35:12 +0000
parent 2014:913c0845ef9a
child 2877:1edeb8fe7d14
comparison
equal deleted inserted replaced
2859:460681180194 2860:ad534f89c758
36 local new_sasl = require "util.sasl".new; 36 local new_sasl = require "util.sasl".new;
37 37
38 local function build_reply(status, ret, err_msg) 38 local function build_reply(status, ret, err_msg)
39 local reply = st.stanza(status, {xmlns = xmlns_sasl}); 39 local reply = st.stanza(status, {xmlns = xmlns_sasl});
40 if status == "challenge" then 40 if status == "challenge" then
41 log("debug", "%s", ret or ""); 41 --log("debug", "CHALLENGE: %s", ret or "");
42 reply:text(base64.encode(ret or "")); 42 reply:text(base64.encode(ret or ""));
43 elseif status == "failure" then 43 elseif status == "failure" then
44 reply:tag(ret):up(); 44 reply:tag(ret):up();
45 if err_msg then reply:tag("text"):text(err_msg); end 45 if err_msg then reply:tag("text"):text(err_msg); end
46 elseif status == "success" then 46 elseif status == "success" then
47 log("debug", "%s", ret or ""); 47 --log("debug", "SUCCESS: %s", ret or "");
48 reply:text(base64.encode(ret or "")); 48 reply:text(base64.encode(ret or ""));
49 else 49 else
50 module:log("error", "Unknown sasl status: %s", status); 50 module:log("error", "Unknown sasl status: %s", status);
51 end 51 end
52 return reply; 52 return reply;
119 return; -- FIXME ignoring out of order stanzas because ejabberd does 119 return; -- FIXME ignoring out of order stanzas because ejabberd does
120 end 120 end
121 local text = stanza[1]; 121 local text = stanza[1];
122 if text then 122 if text then
123 text = base64.decode(text); 123 text = base64.decode(text);
124 log("debug", "%s", text); 124 --log("debug", "AUTH: %s", text:gsub("[%z\001-\008\011\012\014-\031]", " "));
125 if not text then 125 if not text then
126 session.sasl_handler = nil; 126 session.sasl_handler = nil;
127 session.send(build_reply("failure", "incorrect-encoding")); 127 session.send(build_reply("failure", "incorrect-encoding"));
128 return; 128 return;
129 end 129 end