Software /
code /
prosody
Changeset
3167:546695e80e0a
Correct out of order logic in mod_hashpassauth
Make saslauth check the existence of the get_password and test_password functions to determine which authentication profile to use.
author | Jeff Mitchell <jeff@jefferai.org> |
---|---|
date | Fri, 28 May 2010 14:47:32 -0400 |
parents | 3166:3c46cb94caed |
children | 3168:20c851616ade |
files | core/usermanager.lua plugins/mod_hashpassauth.lua plugins/mod_saslauth.lua |
diffstat | 3 files changed, 17 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/core/usermanager.lua Thu May 27 10:54:11 2010 -0400 +++ b/core/usermanager.lua Fri May 28 14:47:32 2010 -0400 @@ -78,6 +78,10 @@ return hosts[host].users.get_supported_methods(); end +function get_provider(host) + return hosts[host].users; +end + function is_admin(jid, host) if host and host ~= "*" then return hosts[host].users.is_admin(jid);
--- a/plugins/mod_hashpassauth.lua Thu May 27 10:54:11 2010 -0400 +++ b/plugins/mod_hashpassauth.lua Fri May 28 14:47:32 2010 -0400 @@ -35,10 +35,6 @@ if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end local credentials = datamanager.load(username, host, "accounts") or {}; - if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then - return nil, "Auth failed. Stored salt and iteration count information is not complete."; - end - if credentials.password ~= nil and string.len(credentials.password) ~= 0 then if credentials.password ~= password then return nil, "Auth failed. Provided password is incorrect."; @@ -51,6 +47,10 @@ end end + if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then + return nil, "Auth failed. Stored salt and iteration count information is not complete."; + end + local valid, binpass = saltedPasswordSHA1(password, credentials.salt, credentials.iteration_count); local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end); @@ -61,19 +61,6 @@ end end - function provider.get_password(username) - if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end - local credentials = datamanager.load(username, host, "accounts") or {}; - if(credentials.password ~= nil or (credentials.password ~= nil and string.len(credentials.password) ~= 0)) then - if provider.set_password(username, credentials.password) == nil then - return nil, "Problem setting plaintext password to hashed password."; - end - credentials = datamanager.load(username, host, "accounts"); - return credentials.hashpass; - end - return credentials.hashpass; - end - function provider.set_password(username, password) if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end local account = datamanager.load(username, host, "accounts");
--- a/plugins/mod_saslauth.lua Thu May 27 10:54:11 2010 -0400 +++ b/plugins/mod_saslauth.lua Fri May 28 14:47:32 2010 -0400 @@ -15,6 +15,7 @@ local nodeprep = require "util.encodings".stringprep.nodeprep; local datamanager_load = require "util.datamanager".load; +local usermanager_get_provider = require "core.usermanager".get_provider; local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_get_password = require "core.usermanager".get_password; @@ -66,7 +67,7 @@ error("Unknown SASL backend"); end -local default_authentication_profile = { +local getpass_authentication_profile = { plain = function(username, realm) local prepped_username = nodeprep(username); if not prepped_username then @@ -81,7 +82,7 @@ end }; -local hashpass_authentication_profile = { +local testpass_authentication_profile = { plain_test = function(username, password, realm) local prepped_username = nodeprep(username); if not prepped_username then @@ -194,12 +195,12 @@ if module:get_option("anonymous_login") then origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); else - local authentication = module:get_option("authentication"); - log("debug", "AUTH: creating handler for '%s' type", authentication); - if authentication == nil or authentication == "default" then - origin.sasl_handler = new_sasl(realm, default_authentication_profile); - elseif authentication == "hashpass" then - origin.sasl_handler = new_sasl(realm, hashpass_authentication_profile); + if usermanager_get_provider(realm).get_password then + origin.sasl_handler = new_sasl(realm, getpass_authentication_profile); + elseif usermanager_get_provider(realm).test_password then + origin.sasl_handler = new_sasl(realm, testpass_authentication_profile); + else + log("warning", "AUTH: Could not load an authentication profile for the given provider."); end if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then origin.sasl_handler:forbidden({"PLAIN"});