Changeset

3240:9782a222e941

Merge 0.7->trunk
author Matthew Wild <mwild1@gmail.com>
date Sat, 12 Jun 2010 02:39:18 +0100
parents 3235:651139e831b1 (current diff) 3239:5ea90ee96022 (diff)
children 3242:43f9478d8119
files core/sessionmanager.lua plugins/mod_saslauth.lua
diffstat 3 files changed, 21 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/core/sessionmanager.lua	Fri Jun 11 20:45:00 2010 +0500
+++ b/core/sessionmanager.lua	Sat Jun 12 02:39:18 2010 +0100
@@ -25,6 +25,7 @@
 local config_get = require "core.configmanager".get;
 local nameprep = require "util.encodings".stringprep.nameprep;
 local resourceprep = require "util.encodings".stringprep.resourceprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 
 local initialize_filters = require "util.filters".initialize;
 local fire_event = require "core.eventmanager".fire_event;
@@ -122,6 +123,8 @@
 end
 
 function make_authenticated(session, username)
+	username = nodeprep(username);
+	if not username or #username == 0 then return nil, "Invalid username"; end
 	session.username = username;
 	if session.type == "c2s_unauthed" then
 		session.type = "c2s";
--- a/net/server_event.lua	Fri Jun 11 20:45:00 2010 +0500
+++ b/net/server_event.lua	Sat Jun 12 02:39:18 2010 +0100
@@ -20,8 +20,8 @@
 
 local cfg = {
 	MAX_CONNECTIONS       = 100000,  -- max per server connections (use "ulimit -n" on *nix)
-	MAX_HANDSHAKE_ATTEMPS = 1000,  -- attempts to finish ssl handshake
-	HANDSHAKE_TIMEOUT     = 60,  -- timout in seconds per handshake attempt
+	MAX_HANDSHAKE_ATTEMPTS= 1000,  -- attempts to finish ssl handshake
+	HANDSHAKE_TIMEOUT     = 60,  -- timeout in seconds per handshake attempt
 	MAX_READ_LENGTH       = 1024 * 1024 * 1024 * 1024,  -- max bytes allowed to read from sockets
 	MAX_SEND_LENGTH       = 1024 * 1024 * 1024 * 1024,  -- max bytes size of write buffer (for writing on sockets)
 	ACCEPT_DELAY          = 10,  -- seconds to wait until the next attempt of a full server to accept
@@ -136,7 +136,7 @@
 	
 	function interface_mt:_start_connection(plainssl) -- should be called from addclient
 			local callback = function( event )
-				if EV_TIMEOUT == event then  -- timout during connection
+				if EV_TIMEOUT == event then  -- timeout during connection
 					self.fatalerror = "connection timeout"
 					self:ontimeout()  -- call timeout listener
 					self:_close()
@@ -196,12 +196,12 @@
 				function( event )
 					local _, err
 					local attempt = 0
-					local maxattempt = cfg.MAX_HANDSHAKE_ATTEMPS
+					local maxattempt = cfg.MAX_HANDSHAKE_ATTEMPTS
 					while attempt < maxattempt do  -- no endless loop
 						attempt = attempt + 1
-						debug( "ssl handshake of client with id:"..tostring(self).."attemp:"..attempt )
+						debug( "ssl handshake of client with id:"..tostring(self)..", attempt:"..attempt )
 						if attempt > maxattempt then
-							self.fatalerror = "max handshake attemps exceeded"
+							self.fatalerror = "max handshake attempts exceeded"
 						elseif EV_TIMEOUT == event then
 							self.fatalerror = "timeout during handshake"
 						else
@@ -570,7 +570,7 @@
 							return -1;
 						end
 						interface.eventwritetimeout = addevent( base, nil, EV_TIMEOUT, callback, cfg.WRITE_TIMEOUT )  -- reg a new timeout event
-						debug( "wantread during write attemp, reg it in readcallback but dont know what really happens next..." )
+						debug( "wantread during write attempt, reg it in readcallback but dont know what really happens next..." )
 						-- hopefully this works with luasec; its simply not possible to use 2 different write events on a socket in luaevent
 						return -1
 					end
@@ -631,7 +631,7 @@
 								interface:_close()
 							end, cfg.READ_TIMEOUT
 						)
-						debug( "wantwrite during read attemp, reg it in writecallback but dont know what really happens next..." )
+						debug( "wantwrite during read attempt, reg it in writecallback but dont know what really happens next..." )
 						-- to be honest i dont know what happens next, if it is allowed to first read, the write etc...
 					else  -- connection was closed or fatal error
 						interface.fatalerror = err
@@ -693,7 +693,7 @@
 				if interface._connections >= cfg.MAX_CONNECTIONS then
 					client:close( )  -- refuse connection
 					debug( "maximal connections reached, refuse client connection; accept delay:", delay )
-					return EV_TIMEOUT, delay  -- delay for next accept attemp
+					return EV_TIMEOUT, delay  -- delay for next accept attempt
 				end
 				local client_ip, client_port = client:getpeername( )
 				interface._connections = interface._connections + 1  -- increase connection count
--- a/plugins/mod_saslauth.lua	Fri Jun 11 20:45:00 2010 +0500
+++ b/plugins/mod_saslauth.lua	Sat Jun 12 02:39:18 2010 +0100
@@ -95,17 +95,17 @@
 		session.sasl_handler = session.sasl_handler:clean_clone();
 	elseif status == "success" then
 		local username = nodeprep(session.sasl_handler.username);
-		if not username then -- TODO move this to sessionmanager
-			module:log("warn", "SASL succeeded but we didn't get a username!");
-			session.sasl_handler = nil;
-			session:reset_stream();
-			return status, ret, err_msg;
-		end
 
 		if not(require_provisioning) or usermanager_user_exists(username, session.host) then
-			sm_make_authenticated(session, session.sasl_handler.username);
-			session.sasl_handler = nil;
-			session:reset_stream();
+			local aret, err = sm_make_authenticated(session, session.sasl_handler.username);
+			if aret then
+				session.sasl_handler = nil;
+				session:reset_stream();
+			else
+				module:log("warn", "SASL succeeded but username was invalid");
+				session.sasl_handler = session.sasl_handler:clean_clone();
+				return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
+			end
 		else
 			module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
 			session.sasl_handler = session.sasl_handler:clean_clone();