prosody
596303990c7c

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

3064:596303990c7c

usermanager, mod_saslauth: Make account provisioning for Cyrus SASL optional (default: not required)
author Matthew Wild <mwild1@gmail.com>
date Thu, 20 May 2010 11:32:24 +0100
parents 3063:ca149818083d
children 3065:0b8bd6f6a9c7 3066:5e5137057b5f
files core/usermanager.lua plugins/mod_saslauth.lua
diffstat 2 files changed, 15 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/core/usermanager.lua	Thu May 20 11:13:51 2010 +0100
+++ b/core/usermanager.lua	Thu May 20 11:32:24 2010 +0100
@@ -16,6 +16,8 @@
 local config = require "core.configmanager";
 local hosts = hosts;
 
+local require_provisioning = config.get("*", "core", "cyrus_require_provisioning") or false;
+
 module "usermanager"
 
 local function is_cyrus(host) return config.get(host, "core", "sasl_backend") == "cyrus"; end
@@ -66,12 +68,12 @@
 end
 
 function user_exists(username, host)
-	if is_cyrus(host) then return true; end
+	if not(require_provisioning) and is_cyrus(host) then return true; end
 	return datamanager.load(username, host, "accounts") ~= nil; -- FIXME also check for empty credentials
 end
 
 function create_user(username, password, host)
-	if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
+	if not(require_provisioning) and is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
 	return datamanager.store(username, host, "accounts", {password = password});
 end
 
--- a/plugins/mod_saslauth.lua	Thu May 20 11:13:51 2010 +0100
+++ b/plugins/mod_saslauth.lua	Thu May 20 11:32:24 2010 +0100
@@ -27,6 +27,7 @@
 
 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
 local sasl_backend = module:get_option("sasl_backend") or "builtin";
+local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
 
 local log = module._log;
 
@@ -105,9 +106,16 @@
 			session:reset_stream();
 			return status, ret, err_msg;
 		end
-		sm_make_authenticated(session, session.sasl_handler.username);
-		session.sasl_handler = nil;
-		session:reset_stream();
+
+		if not(require_provisioning) or usermanager_user_exists(username, session.host) then
+			sm_make_authenticated(session, session.sasl_handler.username);
+			session.sasl_handler = nil;
+			session:reset_stream();
+		else
+			module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
+			session.sasl_handler = session.sasl_handler:clean_clone();
+			return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
+		end
 	end
 	return status, ret, err_msg;
 end