prosody
ffe8a9296e04
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 1584:ffe8a9296e04
mod_saslauth, usermanager: Fetch list of mechanisms from usermanager
| author | Nick Thomas |
|---|---|
| date | Thu, 23 Jul 2009 22:15:06 +0100 |
| parent | 1523:841d61be198f |
| child | 1585:edc066730d11 |
comparison
equal
deleted
inserted
replaced
| 1583:e17001ce0e9d | 1584:ffe8a9296e04 |
|---|---|
| 1 -- Prosody IM | 1 -- Prosody IM |
| 2 -- Copyright (C) 2008-2009 Matthew Wild | 2 -- Copyright (C) 2008-2009 Matthew Wild |
| 3 -- Copyright (C) 2008-2009 Waqas Hussain | 3 -- Copyright (C) 2008-2009 Waqas Hussain |
| 4 -- | 4 -- |
| 5 -- This project is MIT/X11 licensed. Please see the | 5 -- This project is MIT/X11 licensed. Please see the |
| 6 -- COPYING file in the source package for more information. | 6 -- COPYING file in the source package for more information. |
| 7 -- | 7 -- |
| 8 | 8 |
| 9 | 9 |
| 13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; | 13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; |
| 14 local base64 = require "util.encodings".base64; | 14 local base64 = require "util.encodings".base64; |
| 15 | 15 |
| 16 local datamanager_load = require "util.datamanager".load; | 16 local datamanager_load = require "util.datamanager".load; |
| 17 local usermanager_validate_credentials = require "core.usermanager".validate_credentials; | 17 local usermanager_validate_credentials = require "core.usermanager".validate_credentials; |
| 18 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; | |
| 18 local t_concat, t_insert = table.concat, table.insert; | 19 local t_concat, t_insert = table.concat, table.insert; |
| 19 local tostring = tostring; | 20 local tostring = tostring; |
| 20 local jid_split = require "util.jid".split | 21 local jid_split = require "util.jid".split |
| 21 local md5 = require "util.hashes".md5; | 22 local md5 = require "util.hashes".md5; |
| 22 local config = require "core.configmanager"; | 23 local config = require "core.configmanager"; |
| 55 if not session.sasl_handler.username then -- TODO move this to sessionmanager | 56 if not session.sasl_handler.username then -- TODO move this to sessionmanager |
| 56 module:log("warn", "SASL succeeded but we didn't get a username!"); | 57 module:log("warn", "SASL succeeded but we didn't get a username!"); |
| 57 session.sasl_handler = nil; | 58 session.sasl_handler = nil; |
| 58 session:reset_stream(); | 59 session:reset_stream(); |
| 59 return; | 60 return; |
| 60 end | 61 end |
| 61 sm_make_authenticated(session, session.sasl_handler.username); | 62 sm_make_authenticated(session, session.sasl_handler.username); |
| 62 session.sasl_handler = nil; | 63 session.sasl_handler = nil; |
| 63 session:reset_stream(); | 64 session:reset_stream(); |
| 64 end | 65 end |
| 65 end | 66 end |
| 105 return; | 106 return; |
| 106 end | 107 end |
| 107 end | 108 end |
| 108 local status, ret, err_msg = session.sasl_handler:feed(text); | 109 local status, ret, err_msg = session.sasl_handler:feed(text); |
| 109 handle_status(session, status); | 110 handle_status(session, status); |
| 110 local s = build_reply(status, ret, err_msg); | 111 local s = build_reply(status, ret, err_msg); |
| 111 log("debug", "sasl reply: %s", tostring(s)); | 112 log("debug", "sasl reply: %s", tostring(s)); |
| 112 session.send(s); | 113 session.send(s); |
| 113 end | 114 end |
| 114 | 115 |
| 115 module:add_handler("c2s_unauthed", "auth", xmlns_sasl, sasl_handler); | 116 module:add_handler("c2s_unauthed", "auth", xmlns_sasl, sasl_handler); |
| 117 module:add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler); | 118 module:add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler); |
| 118 | 119 |
| 119 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; | 120 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
| 120 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; | 121 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
| 121 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; | 122 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
| 122 module:add_event_hook("stream-features", | 123 module:add_event_hook("stream-features", |
| 123 function (session, features) | 124 function (session, features) |
| 124 if not session.username then | 125 if not session.username then |
| 125 if secure_auth_only and not session.secure then | 126 if secure_auth_only and not session.secure then |
| 126 return; | 127 return; |
| 127 end | 128 end |
| 128 features:tag("mechanisms", mechanisms_attr); | 129 features:tag("mechanisms", mechanisms_attr); |
| 129 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. | 130 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
| 130 if config.get(session.host or "*", "core", "anonymous_login") then | 131 if config.get(session.host or "*", "core", "anonymous_login") then |
| 131 features:tag("mechanism"):text("ANONYMOUS"):up(); | 132 features:tag("mechanism"):text("ANONYMOUS"):up(); |
| 132 else | 133 else |
| 133 features:tag("mechanism"):text("DIGEST-MD5"):up(); | 134 mechanisms = usermanager_get_supported_methods(session.host or "*"); |
| 134 features:tag("mechanism"):text("PLAIN"):up(); | 135 for k, v in pairs(mechanisms) do |
| 136 features:tag("mechanism"):text(k):up(); | |
| 137 end | |
| 135 end | 138 end |
| 136 features:up(); | 139 features:up(); |
| 137 else | 140 else |
| 138 features:tag("bind", bind_attr):tag("required"):up():up(); | 141 features:tag("bind", bind_attr):tag("required"):up():up(); |
| 139 features:tag("session", xmpp_session_attr):up(); | 142 features:tag("session", xmpp_session_attr):up(); |
| 140 end | 143 end |
| 141 end); | 144 end); |
| 142 | 145 |
| 143 module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", | 146 module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", |
| 144 function (session, stanza) | 147 function (session, stanza) |
| 145 log("debug", "Client requesting a resource bind"); | 148 log("debug", "Client requesting a resource bind"); |
| 146 local resource; | 149 local resource; |
| 147 if stanza.attr.type == "set" then | 150 if stanza.attr.type == "set" then |
| 148 local bind = stanza.tags[1]; | 151 local bind = stanza.tags[1]; |
| 160 session.send(st.reply(stanza) | 163 session.send(st.reply(stanza) |
| 161 :tag("bind", { xmlns = xmlns_bind}) | 164 :tag("bind", { xmlns = xmlns_bind}) |
| 162 :tag("jid"):text(session.full_jid)); | 165 :tag("jid"):text(session.full_jid)); |
| 163 end | 166 end |
| 164 end); | 167 end); |
| 165 | 168 |
| 166 module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", | 169 module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", |
| 167 function (session, stanza) | 170 function (session, stanza) |
| 168 log("debug", "Client requesting a session"); | 171 log("debug", "Client requesting a session"); |
| 169 session.send(st.reply(stanza)); | 172 session.send(st.reply(stanza)); |
| 170 end); | 173 end); |
