Changeset

281:826308c07627

mod_saslauth updated for digest-md5
author Waqas Hussain <waqas20@gmail.com>
date Sat, 15 Nov 2008 12:21:04 +0500
parents 270:837c7f701a56
children 282:80e7de32b618 284:4f540755260c
files plugins/mod_saslauth.lua
diffstat 1 files changed, 60 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua	Sat Nov 15 04:28:41 2008 +0000
+++ b/plugins/mod_saslauth.lua	Sat Nov 15 12:21:04 2008 +0500
@@ -2,6 +2,7 @@
 local st = require "util.stanza";
 local send = require "core.sessionmanager".send_to_session;
 local sm_bind_resource = require "core.sessionmanager".bind_resource;
+local jid
 
 local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
 local t_concat, t_insert = table.concat, table.insert;
@@ -15,10 +16,51 @@
 
 local new_sasl = require "util.sasl".new;
 
+local function build_reply(status, ret)
+	local reply = st.stanza(status, {xmlns = xmlns_sasl});
+	if status == "challenge" then
+		reply:text(ret or "");
+	elseif status == "failure" then
+		reply:tag(ret):up();
+	elseif status == "success" then
+		reply:text(ret or "");
+	else
+		error("Unknown sasl status: "..status);
+	end
+	return reply;
+end
+
+local function handle_status(session, status)
+	if status == "failure" then
+		session.sasl_handler = nil;
+	elseif status == "success" then
+		session.sasl_handler = nil;
+		session:reset_stream();
+	end
+end
+
+local function password_callback(jid, mechanism)
+	local node, host = jid_split(jid);
+	local password = (datamanager.load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords
+	local func = function(x) return x; end;
+	if password then
+		if mechanism == "PLAIN" then
+			return func, password;
+		elseif mechanism == "DIGEST-MD5" then
+			return func, require "hashes".md5(node.."::"..password);
+		end
+	end
+	return func, nil;
+end
+
 add_handler("c2s_unauthed", "auth", xmlns_sasl,
 		function (session, stanza)
 			if not session.sasl_handler then
-				session.sasl_handler = new_sasl(stanza.attr.mechanism, 
+				session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback);
+				local status, ret = session.sasl_handler:feed(stanza[1]);
+				handle_status(session, status);
+				session.send(build_reply(status, ret));
+				--[[session.sasl_handler = new_sasl(stanza.attr.mechanism, 
 					function (username, password)
 						-- onAuth
 						require "core.usermanager"
@@ -47,12 +89,27 @@
 						send(session, stanza);
 					end
 				);
-				session.sasl_handler:feed(stanza);	
+				session.sasl_handler:feed(stanza);	]]
 			else
 				error("Client tried to negotiate SASL again", 0);
 			end
-			
 		end);
+
+add_handler("c2s_unauthed", "abort", xmlns_sasl,
+	function(session, stanza)
+		if not session.sasl_handler then error("Attempt to abort when sasl has not started"); end
+		local status, ret = session.sasl_handler:feed(stanza[1]);
+		handle_status(session, status);
+		session.send(build_reply(status, ret));
+	end);
+
+add_handler("c2s_unauthed", "response", xmlns_sasl,
+	function(session, stanza)
+		if not session.sasl_handler then error("Attempt to respond when sasl has not started"); end
+		local status, ret = session.sasl_handler:feed(stanza[1]);
+		handle_status(session, status);
+		session.send(build_reply(status, ret));
+	end);
 		
 add_event_hook("stream-features", 
 					function (session, features)