prosody
d2f747920eaf
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 2451:d2f747920eaf
mod_saslauth: Fixed some indentation and added some semi-colons.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Mon, 11 Jan 2010 19:17:26 +0500 |
| parent | 2450:03bb0e6d87d5 |
| child | 2612:475552b04151 |
comparison
equal
deleted
inserted
replaced
| 2450:03bb0e6d87d5 | 2451:d2f747920eaf |
|---|---|
| 19 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; | 19 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; |
| 20 local usermanager_user_exists = require "core.usermanager".user_exists; | 20 local usermanager_user_exists = require "core.usermanager".user_exists; |
| 21 local usermanager_get_password = require "core.usermanager".get_password; | 21 local usermanager_get_password = require "core.usermanager".get_password; |
| 22 local t_concat, t_insert = table.concat, table.insert; | 22 local t_concat, t_insert = table.concat, table.insert; |
| 23 local tostring = tostring; | 23 local tostring = tostring; |
| 24 local jid_split = require "util.jid".split | 24 local jid_split = require "util.jid".split; |
| 25 local md5 = require "util.hashes".md5; | 25 local md5 = require "util.hashes".md5; |
| 26 local config = require "core.configmanager"; | 26 local config = require "core.configmanager"; |
| 27 | 27 |
| 28 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 28 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 29 local sasl_backend = module:get_option("sasl_backend") or "builtin"; | 29 local sasl_backend = module:get_option("sasl_backend") or "builtin"; |
| 36 | 36 |
| 37 local new_sasl | 37 local new_sasl |
| 38 if sasl_backend == "cyrus" then | 38 if sasl_backend == "cyrus" then |
| 39 local cyrus_new = require "util.sasl_cyrus".new; | 39 local cyrus_new = require "util.sasl_cyrus".new; |
| 40 new_sasl = function(realm) | 40 new_sasl = function(realm) |
| 41 return cyrus_new(realm, module:get_option("cyrus_service_name") or "xmpp") | 41 return cyrus_new(realm, module:get_option("cyrus_service_name") or "xmpp"); |
| 42 end | 42 end |
| 43 else | 43 else |
| 44 if sasl_backend ~= "builtin" then module:log("warn", "Unknown SASL backend %s", sasl_backend) end; | 44 if sasl_backend ~= "builtin" then module:log("warn", "Unknown SASL backend %s", sasl_backend); end; |
| 45 new_sasl = require "util.sasl".new; | 45 new_sasl = require "util.sasl".new; |
| 46 end | 46 end |
| 47 | 47 |
| 48 local default_authentication_profile = { | 48 local default_authentication_profile = { |
| 49 plain = function(username, realm) | 49 plain = function(username, realm) |
| 142 module:add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler); | 142 module:add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler); |
| 143 | 143 |
| 144 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; | 144 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
| 145 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; | 145 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
| 146 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; | 146 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
| 147 module:add_event_hook("stream-features", | 147 module:add_event_hook("stream-features", function(session, features) |
| 148 function (session, features) | 148 if not session.username then |
| 149 if not session.username then | 149 if secure_auth_only and not session.secure then |
| 150 if secure_auth_only and not session.secure then | 150 return; |
| 151 return; | 151 end |
| 152 end | 152 if module:get_option("anonymous_login") then |
| 153 if module:get_option("anonymous_login") then | 153 session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile); |
| 154 session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile); | 154 else |
| 155 else | 155 session.sasl_handler = new_sasl(session.host, default_authentication_profile); |
| 156 session.sasl_handler = new_sasl(session.host, default_authentication_profile); | 156 if not (module:get_option("allow_unencrypted_plain_auth")) and not session.secure then |
| 157 if not (module:get_option("allow_unencrypted_plain_auth")) and not session.secure then | 157 session.sasl_handler:forbidden({"PLAIN"}); |
| 158 session.sasl_handler:forbidden({"PLAIN"}); | |
| 159 end | |
| 160 end | |
| 161 features:tag("mechanisms", mechanisms_attr); | |
| 162 for k, v in pairs(session.sasl_handler:mechanisms()) do | |
| 163 features:tag("mechanism"):text(v):up(); | |
| 164 end | |
| 165 features:up(); | |
| 166 else | |
| 167 features:tag("bind", bind_attr):tag("required"):up():up(); | |
| 168 features:tag("session", xmpp_session_attr):tag("optional"):up():up(); | |
| 169 end | 158 end |
| 170 end); | 159 end |
| 160 features:tag("mechanisms", mechanisms_attr); | |
| 161 for k, v in pairs(session.sasl_handler:mechanisms()) do | |
| 162 features:tag("mechanism"):text(v):up(); | |
| 163 end | |
| 164 features:up(); | |
| 165 else | |
| 166 features:tag("bind", bind_attr):tag("required"):up():up(); | |
| 167 features:tag("session", xmpp_session_attr):tag("optional"):up():up(); | |
| 168 end | |
| 169 end); | |
| 171 | 170 |
| 172 module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", | 171 module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", function(session, stanza) |
| 173 function (session, stanza) | 172 log("debug", "Client requesting a resource bind"); |
| 174 log("debug", "Client requesting a resource bind"); | 173 local resource; |
| 175 local resource; | 174 if stanza.attr.type == "set" then |
| 176 if stanza.attr.type == "set" then | 175 local bind = stanza.tags[1]; |
| 177 local bind = stanza.tags[1]; | 176 if bind and bind.attr.xmlns == xmlns_bind then |
| 178 if bind and bind.attr.xmlns == xmlns_bind then | 177 resource = bind:child_with_name("resource"); |
| 179 resource = bind:child_with_name("resource"); | 178 if resource then |
| 180 if resource then | 179 resource = resource[1]; |
| 181 resource = resource[1]; | |
| 182 end | |
| 183 end | |
| 184 end | 180 end |
| 185 local success, err_type, err, err_msg = sm_bind_resource(session, resource); | 181 end |
| 186 if not success then | 182 end |
| 187 session.send(st.error_reply(stanza, err_type, err, err_msg)); | 183 local success, err_type, err, err_msg = sm_bind_resource(session, resource); |
| 188 else | 184 if not success then |
| 189 session.send(st.reply(stanza) | 185 session.send(st.error_reply(stanza, err_type, err, err_msg)); |
| 190 :tag("bind", { xmlns = xmlns_bind}) | 186 else |
| 191 :tag("jid"):text(session.full_jid)); | 187 session.send(st.reply(stanza) |
| 192 end | 188 :tag("bind", { xmlns = xmlns_bind}) |
| 193 end); | 189 :tag("jid"):text(session.full_jid)); |
| 190 end | |
| 191 end); | |
| 194 | 192 |
| 195 module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", | 193 module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", function(session, stanza) |
| 196 function (session, stanza) | 194 log("debug", "Client requesting a session"); |
| 197 log("debug", "Client requesting a session"); | 195 session.send(st.reply(stanza)); |
| 198 session.send(st.reply(stanza)); | 196 end); |
| 199 end); |
