Diff

plugins/mod_saslauth.lua @ 1585:edc066730d11

Switch to using a more generic credentials_callback/handler for SASL auth. Not all authentication mechanisms have the same requirements; it makes sense to provide them only with the information they require (and for them to depend on that) so that as many auth mechanisms as possible can be supported with a variety of credentials-storing schemes. This commit patches that together
author nick@lupine.me.uk
date Fri, 24 Jul 2009 01:34:25 +0100
parent 1584:ffe8a9296e04
child 1637:c1292624f991
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua	Thu Jul 23 22:15:06 2009 +0100
+++ b/plugins/mod_saslauth.lua	Fri Jul 24 01:34:25 2009 +0100
@@ -16,6 +16,8 @@
 local datamanager_load = require "util.datamanager".load;
 local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods;
+local usermanager_user_exists = require "core.usermanager".user_exists;
+local usermanager_get_password = require "core.usermanager".get_password;
 local t_concat, t_insert = table.concat, table.insert;
 local tostring = tostring;
 local jid_split = require "util.jid".split
@@ -65,18 +67,19 @@
 	end
 end
 
-local function password_callback(node, hostname, realm, mechanism, decoder)
-	local password = (datamanager_load(node, hostname, "accounts") or {}).password; -- FIXME handle hashed passwords
-	local func = function(x) return x; end;
-	if password then
-		if mechanism == "PLAIN" then
-			return func, password;
-		elseif mechanism == "DIGEST-MD5" then
-			if decoder then node, realm, password = decoder(node), decoder(realm), decoder(password); end
-			return func, md5(node..":"..realm..":"..password);
-		end
-	end
-	return func, nil;
+local function credentials_callback(mechanism, ...)
+  if mechanism == "PLAIN" then
+    local username, hostname, password = arg[1], arg[2], arg[3];
+    local response = usermanager_validate_credentials(hostname, username, password, mechanism)
+    if response == nil then return false
+    else return response end
+  elseif mechanism == "DIGEST-MD5" then
+    function func(x) return x; end
+    local node, domain, realm, decoder = arg[1], arg[2], arg[3], arg[4];
+    local password = usermanager_get_password(node, domain)
+    if decoder then node, realm, password = decoder(node), decoder(realm), decoder(password); end
+    return func, md5(node..":"..realm..":"..password);
+  end
 end
 
 local function sasl_handler(session, stanza)
@@ -89,7 +92,7 @@
 		elseif stanza.attr.mechanism == "ANONYMOUS" then
 			return session.send(build_reply("failure", "mechanism-too-weak"));
 		end
-		session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback);
+		session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, credentials_callback);
 		if not session.sasl_handler then
 			return session.send(build_reply("failure", "invalid-mechanism"));
 		end