Software /
code /
prosody
File
plugins/mod_auth_anonymous.lua @ 12482:b193f8a2737e
mod_tls: Do not offer TLS if the connection is considered secure
This may be necessary if the session.conn object is not exchanged by the
network backend when establishing TLS. In that case, the starttls method
will always exist and thus that is not a good indicator for offering
TLS.
However, the secure bit already tells us that TLS has been established
or is not to be established on the connection, so we use that instead.
author | Jonas Schäfer <jonas@wielicki.name> |
---|---|
date | Fri, 17 Sep 2021 21:18:30 +0200 |
parent | 11122:d60094d9b458 |
child | 12977:74b9e05af71e |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -- luacheck: ignore 212 local new_sasl = require "util.sasl".new; local datamanager = require "util.datamanager"; local hosts = prosody.hosts; local allow_storage = module:get_option_boolean("allow_anonymous_storage", false); -- define auth provider local provider = {}; function provider.test_password(username, password) return nil, "Password based auth not supported."; end function provider.get_password(username) return nil, "Password not available."; end function provider.set_password(username, password) return nil, "Password based auth not supported."; end function provider.user_exists(username) return nil, "Only anonymous users are supported."; -- FIXME check if anonymous user is connected? end function provider.create_user(username, password) return nil, "Account creation/modification not supported."; end function provider.get_sasl_handler() local anonymous_authentication_profile = { anonymous = function(sasl, username, realm) return true; -- for normal usage you should always return true here end }; return new_sasl(module.host, anonymous_authentication_profile); end function provider.users() return next, hosts[module.host].sessions, nil; end -- datamanager callback to disable writes local function dm_callback(username, host, datastore, data) if host == module.host then return false; end return username, host, datastore, data; end if not module:get_option_boolean("allow_anonymous_s2s", false) then module:hook("route/remote", function (event) return false; -- Block outgoing s2s from anonymous users end, 300); end function module.load() if not allow_storage then datamanager.add_callback(dm_callback); end end function module.unload() if not allow_storage then datamanager.remove_callback(dm_callback); end end module:provides("auth", provider);