prosody
efe3eaaeff34
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 935:efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Mon, 30 Mar 2009 03:51:37 +0500 |
| parent | 934:0bda9b5b6a06 |
| child | 938:663f75dd7b42 |
comparison
equal
deleted
inserted
replaced
| 934:0bda9b5b6a06 | 935:efe3eaaeff34 |
|---|---|
| 70 end | 70 end |
| 71 | 71 |
| 72 local function sasl_handler(session, stanza) | 72 local function sasl_handler(session, stanza) |
| 73 if stanza.name == "auth" then | 73 if stanza.name == "auth" then |
| 74 -- FIXME ignoring duplicates because ejabberd does | 74 -- FIXME ignoring duplicates because ejabberd does |
| 75 if config.get(session.host or "*", "core", "anonymous_login") and stanza.attr.mechanism ~= "ANONYMOUS" then | |
| 76 return session.send(build_reply("failure", "invalid-mechanism")); | |
| 77 elseif mechanism == "ANONYMOUS" then | |
| 78 return session.send(build_reply("failure", "mechanism-too-weak")); | |
| 79 end | |
| 75 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); | 80 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); |
| 81 if not session.sasl_handler then | |
| 82 return session.send(build_reply("failure", "invalid-mechanism")); | |
| 83 end | |
| 76 elseif not session.sasl_handler then | 84 elseif not session.sasl_handler then |
| 77 return; -- FIXME ignoring out of order stanzas because ejabberd does | 85 return; -- FIXME ignoring out of order stanzas because ejabberd does |
| 78 end | 86 end |
| 79 local text = stanza[1]; | 87 local text = stanza[1]; |
| 80 if text then | 88 if text then |
| 103 module:add_event_hook("stream-features", | 111 module:add_event_hook("stream-features", |
| 104 function (session, features) | 112 function (session, features) |
| 105 if not session.username then | 113 if not session.username then |
| 106 features:tag("mechanisms", mechanisms_attr); | 114 features:tag("mechanisms", mechanisms_attr); |
| 107 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. | 115 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
| 108 features:tag("mechanism"):text("PLAIN"):up(); | |
| 109 features:tag("mechanism"):text("DIGEST-MD5"):up(); | |
| 110 if config.get(session.host or "*", "core", "anonymous_login") then | 116 if config.get(session.host or "*", "core", "anonymous_login") then |
| 111 features:tag("mechanism"):text("ANONYMOUS"):up(); | 117 features:tag("mechanism"):text("ANONYMOUS"):up(); |
| 118 else | |
| 119 features:tag("mechanism"):text("DIGEST-MD5"):up(); | |
| 120 features:tag("mechanism"):text("PLAIN"):up(); | |
| 112 end | 121 end |
| 113 features:up(); | 122 features:up(); |
| 114 else | 123 else |
| 115 features:tag("bind", bind_attr):tag("required"):up():up(); | 124 features:tag("bind", bind_attr):tag("required"):up():up(); |
| 116 features:tag("session", xmpp_session_attr):up(); | 125 features:tag("session", xmpp_session_attr):up(); |
