prosody
fd8ce71bc72b
plugins/mod_legacyauth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_legacyauth.lua @ 1216:fd8ce71bc72b

mod_saslauth, mod_legacyauth: Deny logins to unsecure sessions when require_encryption config option is true
author Matthew Wild <mwild1@gmail.com>
date Fri, 29 May 2009 14:33:55 +0100
parent 1042:a3d77353c18a
child 1218:8e02c10c9e60
comparison
equal deleted inserted replaced
1215:d3534badd748 1216:fd8ce71bc72b
9 9
10 10
11 local st = require "util.stanza"; 11 local st = require "util.stanza";
12 local t_concat = table.concat; 12 local t_concat = table.concat;
13 13
14 local config = require "core.configmanager";
15 local secure_auth_only = config.get(module:get_host(), "core", "require_encryption");
16
14 local sessionmanager = require "core.sessionmanager"; 17 local sessionmanager = require "core.sessionmanager";
15 local usermanager = require "core.usermanager"; 18 local usermanager = require "core.usermanager";
16 19
17 module:add_feature("jabber:iq:auth"); 20 module:add_feature("jabber:iq:auth");
18 module:add_event_hook("stream-features", function (session, features) 21 module:add_event_hook("stream-features", function (session, features)
19 if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end 22 if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end
20 end); 23 end);
21 24
22 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", 25 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
23 function (session, stanza) 26 function (session, stanza)
27 if secure_auth_only and not session.secure then
28 session.send(st.error_reply(stanza, "modify", "not-acceptable", "Encryption (SSL or TLS) is required to connect to this server"));
29 return true;
30 end
31
24 local username = stanza.tags[1]:child_with_name("username"); 32 local username = stanza.tags[1]:child_with_name("username");
25 local password = stanza.tags[1]:child_with_name("password"); 33 local password = stanza.tags[1]:child_with_name("password");
26 local resource = stanza.tags[1]:child_with_name("resource"); 34 local resource = stanza.tags[1]:child_with_name("resource");
27 if not (username and password and resource) then 35 if not (username and password and resource) then
28 local reply = st.reply(stanza); 36 local reply = st.reply(stanza);