prosody
d50e2c937717
plugins/mod_saslauth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_saslauth.lua @ 3468:d50e2c937717

mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
author Waqas Hussain <waqas20@gmail.com>
date Mon, 23 Aug 2010 16:54:56 +0500
parent 3464:72cd7a785014
child 3523:32a0c3816d73
comparison
equal deleted inserted replaced
3467:c9f4c3aa14a1 3468:d50e2c937717
13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; 13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
14 local base64 = require "util.encodings".base64; 14 local base64 = require "util.encodings".base64;
15 15
16 local nodeprep = require "util.encodings".stringprep.nodeprep; 16 local nodeprep = require "util.encodings".stringprep.nodeprep;
17 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; 17 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
18 local usermanager_user_exists = require "core.usermanager".user_exists;
19 local t_concat, t_insert = table.concat, table.insert; 18 local t_concat, t_insert = table.concat, table.insert;
20 local tostring = tostring; 19 local tostring = tostring;
21 20
22 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); 21 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
23 local anonymous_login = module:get_option("anonymous_login"); 22 local anonymous_login = module:get_option("anonymous_login");
24 local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth") 23 local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth")
25
26 -- Cyrus config options
27 local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
28 24
29 local log = module._log; 25 local log = module._log;
30 26
31 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; 27 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
32 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; 28 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind';
61 if status == "failure" then 57 if status == "failure" then
62 session.sasl_handler = session.sasl_handler:clean_clone(); 58 session.sasl_handler = session.sasl_handler:clean_clone();
63 elseif status == "success" then 59 elseif status == "success" then
64 local username = nodeprep(session.sasl_handler.username); 60 local username = nodeprep(session.sasl_handler.username);
65 61
66 if not(require_provisioning) or usermanager_user_exists(username, session.host) then 62 local ok, err = sm_make_authenticated(session, session.sasl_handler.username);
67 local ok, err = sm_make_authenticated(session, session.sasl_handler.username); 63 if ok then
68 if ok then 64 session.sasl_handler = nil;
69 session.sasl_handler = nil; 65 session:reset_stream();
70 session:reset_stream();
71 else
72 module:log("warn", "SASL succeeded but username was invalid");
73 session.sasl_handler = session.sasl_handler:clean_clone();
74 return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
75 end
76 else 66 else
77 module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username); 67 module:log("warn", "SASL succeeded but username was invalid");
78 session.sasl_handler = session.sasl_handler:clean_clone(); 68 session.sasl_handler = session.sasl_handler:clean_clone();
79 return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP"; 69 return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
80 end 70 end
81 end 71 end
82 return status, ret, err_msg; 72 return status, ret, err_msg;
83 end 73 end
84 74