prosody
edc066730d11
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 1585:edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
Not all authentication mechanisms have the same requirements; it makes sense
to provide them only with the information they require (and for them to
depend on that) so that as many auth mechanisms as possible can be supported
with a variety of credentials-storing schemes. This commit patches that together
| author | nick@lupine.me.uk |
|---|---|
| date | Fri, 24 Jul 2009 01:34:25 +0100 |
| parent | 1584:ffe8a9296e04 |
| child | 1637:c1292624f991 |
comparison
equal
deleted
inserted
replaced
| 1584:ffe8a9296e04 | 1585:edc066730d11 |
|---|---|
| 14 local base64 = require "util.encodings".base64; | 14 local base64 = require "util.encodings".base64; |
| 15 | 15 |
| 16 local datamanager_load = require "util.datamanager".load; | 16 local datamanager_load = require "util.datamanager".load; |
| 17 local usermanager_validate_credentials = require "core.usermanager".validate_credentials; | 17 local usermanager_validate_credentials = require "core.usermanager".validate_credentials; |
| 18 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; | 18 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; |
| 19 local usermanager_user_exists = require "core.usermanager".user_exists; | |
| 20 local usermanager_get_password = require "core.usermanager".get_password; | |
| 19 local t_concat, t_insert = table.concat, table.insert; | 21 local t_concat, t_insert = table.concat, table.insert; |
| 20 local tostring = tostring; | 22 local tostring = tostring; |
| 21 local jid_split = require "util.jid".split | 23 local jid_split = require "util.jid".split |
| 22 local md5 = require "util.hashes".md5; | 24 local md5 = require "util.hashes".md5; |
| 23 local config = require "core.configmanager"; | 25 local config = require "core.configmanager"; |
| 63 session.sasl_handler = nil; | 65 session.sasl_handler = nil; |
| 64 session:reset_stream(); | 66 session:reset_stream(); |
| 65 end | 67 end |
| 66 end | 68 end |
| 67 | 69 |
| 68 local function password_callback(node, hostname, realm, mechanism, decoder) | 70 local function credentials_callback(mechanism, ...) |
| 69 local password = (datamanager_load(node, hostname, "accounts") or {}).password; -- FIXME handle hashed passwords | 71 if mechanism == "PLAIN" then |
| 70 local func = function(x) return x; end; | 72 local username, hostname, password = arg[1], arg[2], arg[3]; |
| 71 if password then | 73 local response = usermanager_validate_credentials(hostname, username, password, mechanism) |
| 72 if mechanism == "PLAIN" then | 74 if response == nil then return false |
| 73 return func, password; | 75 else return response end |
| 74 elseif mechanism == "DIGEST-MD5" then | 76 elseif mechanism == "DIGEST-MD5" then |
| 75 if decoder then node, realm, password = decoder(node), decoder(realm), decoder(password); end | 77 function func(x) return x; end |
| 76 return func, md5(node..":"..realm..":"..password); | 78 local node, domain, realm, decoder = arg[1], arg[2], arg[3], arg[4]; |
| 77 end | 79 local password = usermanager_get_password(node, domain) |
| 78 end | 80 if decoder then node, realm, password = decoder(node), decoder(realm), decoder(password); end |
| 79 return func, nil; | 81 return func, md5(node..":"..realm..":"..password); |
| 82 end | |
| 80 end | 83 end |
| 81 | 84 |
| 82 local function sasl_handler(session, stanza) | 85 local function sasl_handler(session, stanza) |
| 83 if stanza.name == "auth" then | 86 if stanza.name == "auth" then |
| 84 -- FIXME ignoring duplicates because ejabberd does | 87 -- FIXME ignoring duplicates because ejabberd does |
| 87 return session.send(build_reply("failure", "invalid-mechanism")); | 90 return session.send(build_reply("failure", "invalid-mechanism")); |
| 88 end | 91 end |
| 89 elseif stanza.attr.mechanism == "ANONYMOUS" then | 92 elseif stanza.attr.mechanism == "ANONYMOUS" then |
| 90 return session.send(build_reply("failure", "mechanism-too-weak")); | 93 return session.send(build_reply("failure", "mechanism-too-weak")); |
| 91 end | 94 end |
| 92 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); | 95 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, credentials_callback); |
| 93 if not session.sasl_handler then | 96 if not session.sasl_handler then |
| 94 return session.send(build_reply("failure", "invalid-mechanism")); | 97 return session.send(build_reply("failure", "invalid-mechanism")); |
| 95 end | 98 end |
| 96 elseif not session.sasl_handler then | 99 elseif not session.sasl_handler then |
| 97 return; -- FIXME ignoring out of order stanzas because ejabberd does | 100 return; -- FIXME ignoring out of order stanzas because ejabberd does |
