prosody
77ac0d96ac24
plugins/mod_auth_insecure.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

plugins/mod_auth_insecure.lua @ 12206:77ac0d96ac24

mod_s2s: Enable outgoing Direct TLS connections Makes it faster by cutting out the roundtrips involved in <starttls/>, at the cost of making an additional SRV lookup. Since we already ignore a missing <starttls/> offer and try anyway there is not much difference in security. The fact that XMPP is used and the hostnames involved might still be visible until the future Encrypted ClientHello extension allows hiding those too.
author Kim Alvefur <zash@zash.se>
date Fri, 21 Jan 2022 17:59:19 +0100
parent 10914:0d7d71dee0a0
child 12671:32881d0c359f
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- luacheck: ignore 212

local datamanager = require "util.datamanager";
local new_sasl = require "util.sasl".new;
local saslprep = require "util.encodings".stringprep.saslprep;

local host = module.host;
local provider = { name = "insecure" };

assert(module:get_option_string("insecure_open_authentication") == "Yes please, I know what I'm doing!");

function provider.test_password(username, password)
	return true;
end

function provider.set_password(username, password)
	local account = datamanager.load(username, host, "accounts");
	password = saslprep(password);
	if not password then
		return nil, "Password fails SASLprep.";
	end
	if account then
		account.password = password;
		return datamanager.store(username, host, "accounts", account);
	end
	return nil, "Account not available.";
end

function provider.user_exists(username)
	return true;
end

function provider.create_user(username, password)
	return datamanager.store(username, host, "accounts", {password = password});
end

function provider.delete_user(username)
	return datamanager.store(username, host, "accounts", nil);
end

function provider.get_sasl_handler()
	local getpass_authentication_profile = {
		plain_test = function(sasl, username, password, realm)
			return true, true;
		end
	};
	return new_sasl(module.host, getpass_authentication_profile);
end

module:add_item("auth-provider", provider);