Software /
code /
prosody
Comparison
plugins/mod_saslauth.lua @ 6518:c0d221b0c94c
mod_saslauth: Break out tls-unique channel binding callback so it is instantiated once
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 19 Nov 2014 14:44:41 +0100 |
parent | 6517:e733e98a348a |
child | 6519:367db22cf7d2 |
comparison
equal
deleted
inserted
replaced
6517:e733e98a348a | 6518:c0d221b0c94c |
---|---|
212 session.sasl_handler = nil; | 212 session.sasl_handler = nil; |
213 session.send(build_reply("failure", "aborted")); | 213 session.send(build_reply("failure", "aborted")); |
214 return true; | 214 return true; |
215 end); | 215 end); |
216 | 216 |
217 local function tls_unique(self) | |
218 return self.userdata:getpeerfinished(); | |
219 end | |
220 | |
217 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; | 221 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
218 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; | 222 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
219 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; | 223 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
220 module:hook("stream-features", function(event) | 224 module:hook("stream-features", function(event) |
221 local origin, features = event.origin, event.features; | 225 local origin, features = event.origin, event.features; |
226 local sasl_handler = usermanager_get_sasl_handler(module.host, origin) | 230 local sasl_handler = usermanager_get_sasl_handler(module.host, origin) |
227 origin.sasl_handler = sasl_handler; | 231 origin.sasl_handler = sasl_handler; |
228 if origin.encrypted then | 232 if origin.encrypted then |
229 -- check wether LuaSec has the nifty binding to the function needed for tls-unique | 233 -- check wether LuaSec has the nifty binding to the function needed for tls-unique |
230 -- FIXME: would be nice to have this check only once and not for every socket | 234 -- FIXME: would be nice to have this check only once and not for every socket |
231 if origin.conn:socket().getpeerfinished and sasl_handler.add_cb_handler then | 235 if sasl_handler.add_cb_handler then |
232 sasl_handler:add_cb_handler("tls-unique", function(self) | 236 local socket = origin.conn:socket(); |
233 return self.userdata:getpeerfinished(); | 237 if socket.getpeerfinished then |
234 end); | 238 sasl_handler:add_cb_handler("tls-unique", tls_unique); |
235 sasl_handler["userdata"] = origin.conn:socket(); | 239 end |
240 sasl_handler["userdata"] = socket; | |
236 end | 241 end |
237 end | 242 end |
238 local mechanisms = st.stanza("mechanisms", mechanisms_attr); | 243 local mechanisms = st.stanza("mechanisms", mechanisms_attr); |
239 for mechanism in pairs(sasl_handler:mechanisms()) do | 244 for mechanism in pairs(sasl_handler:mechanisms()) do |
240 if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then | 245 if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then |