prosody
c0d221b0c94c
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 6518:c0d221b0c94c
mod_saslauth: Break out tls-unique channel binding callback so it is instantiated once
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 19 Nov 2014 14:44:41 +0100 |
| parent | 6517:e733e98a348a |
| child | 6519:367db22cf7d2 |
comparison
equal
deleted
inserted
replaced
| 6517:e733e98a348a | 6518:c0d221b0c94c |
|---|---|
| 212 session.sasl_handler = nil; | 212 session.sasl_handler = nil; |
| 213 session.send(build_reply("failure", "aborted")); | 213 session.send(build_reply("failure", "aborted")); |
| 214 return true; | 214 return true; |
| 215 end); | 215 end); |
| 216 | 216 |
| 217 local function tls_unique(self) | |
| 218 return self.userdata:getpeerfinished(); | |
| 219 end | |
| 220 | |
| 217 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; | 221 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
| 218 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; | 222 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
| 219 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; | 223 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
| 220 module:hook("stream-features", function(event) | 224 module:hook("stream-features", function(event) |
| 221 local origin, features = event.origin, event.features; | 225 local origin, features = event.origin, event.features; |
| 226 local sasl_handler = usermanager_get_sasl_handler(module.host, origin) | 230 local sasl_handler = usermanager_get_sasl_handler(module.host, origin) |
| 227 origin.sasl_handler = sasl_handler; | 231 origin.sasl_handler = sasl_handler; |
| 228 if origin.encrypted then | 232 if origin.encrypted then |
| 229 -- check wether LuaSec has the nifty binding to the function needed for tls-unique | 233 -- check wether LuaSec has the nifty binding to the function needed for tls-unique |
| 230 -- FIXME: would be nice to have this check only once and not for every socket | 234 -- FIXME: would be nice to have this check only once and not for every socket |
| 231 if origin.conn:socket().getpeerfinished and sasl_handler.add_cb_handler then | 235 if sasl_handler.add_cb_handler then |
| 232 sasl_handler:add_cb_handler("tls-unique", function(self) | 236 local socket = origin.conn:socket(); |
| 233 return self.userdata:getpeerfinished(); | 237 if socket.getpeerfinished then |
| 234 end); | 238 sasl_handler:add_cb_handler("tls-unique", tls_unique); |
| 235 sasl_handler["userdata"] = origin.conn:socket(); | 239 end |
| 240 sasl_handler["userdata"] = socket; | |
| 236 end | 241 end |
| 237 end | 242 end |
| 238 local mechanisms = st.stanza("mechanisms", mechanisms_attr); | 243 local mechanisms = st.stanza("mechanisms", mechanisms_attr); |
| 239 for mechanism in pairs(sasl_handler:mechanisms()) do | 244 for mechanism in pairs(sasl_handler:mechanisms()) do |
| 240 if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then | 245 if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then |
