Changeset

2179:c985536d5452 sasl

Making mod_saslauth use the new SASL API.
author Tobias Markmann <tm@ayena.de>
date Fri, 28 Aug 2009 13:04:38 +0200
parents 2178:28d841403a21
children 2180:8de2f7f5b870
files plugins/mod_saslauth.lua util/sasl.lua
diffstat 2 files changed, 24 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua	Thu Aug 27 21:29:36 2009 +0200
+++ b/plugins/mod_saslauth.lua	Fri Aug 28 13:04:38 2009 +0200
@@ -34,6 +34,12 @@
 
 local new_sasl = require "util.sasl".new;
 
+default_authentication_profile = {
+	plain = function(username, realm)
+			return usermanager_get_password(username, realm), true;
+		end
+};
+
 local function build_reply(status, ret, err_msg)
 	local reply = st.stanza(status, {xmlns = xmlns_sasl});
 	if status == "challenge" then
@@ -101,8 +107,8 @@
 		elseif stanza.attr.mechanism == "ANONYMOUS" then
 			return session.send(build_reply("failure", "mechanism-too-weak"));
 		end
-		session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, credentials_callback);
-		if not session.sasl_handler then
+		local valid_mechanism = session.sasl_handler:select(stanza.attr.mechanism);
+		if not valid_mechanism then
 			return session.send(build_reply("failure", "invalid-mechanism"));
 		end
 	elseif not session.sasl_handler then
@@ -118,7 +124,7 @@
 			return;
 		end
 	end
-	local status, ret, err_msg = session.sasl_handler:feed(text);
+	local status, ret, err_msg = session.sasl_handler:process(text);
 	handle_status(session, status);
 	local s = build_reply(status, ret, err_msg);
 	log("debug", "sasl reply: %s", tostring(s));
@@ -138,14 +144,14 @@
 				if secure_auth_only and not session.secure then
 					return;
 				end
+				session.sasl_handler = new_sasl(session.host, default_authentication_profile);
 				features:tag("mechanisms", mechanisms_attr);
 				-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 					if config.get(session.host or "*", "core", "anonymous_login") then
 						features:tag("mechanism"):text("ANONYMOUS"):up();
 					else
-						mechanisms = usermanager_get_supported_methods(session.host or "*");
-						for k, v in pairs(mechanisms) do
-							features:tag("mechanism"):text(k):up();
+						for k, v in pairs(session.sasl_handler:mechanisms()) do
+							features:tag("mechanism"):text(v):up();
 						end
 					end
 				features:up();
--- a/util/sasl.lua	Thu Aug 27 21:29:36 2009 +0200
+++ b/util/sasl.lua	Fri Aug 28 13:04:38 2009 +0200
@@ -81,6 +81,7 @@
 -- create a new SASL object which can be used to authenticate clients
 function new(realm, profile)
 	sasl_i = {profile = profile};
+	sasl_i.realm = realm;
 	return setmetatable(sasl_i, method);
 end
 
@@ -92,7 +93,7 @@
 		if backend_mechanism[backend] then
 			for _, mechanism in ipairs(backend_mechanism[backend]) do
 				mechanisms[mechanism] = true;
-				end
+			end
 		end
 	end
 	self["possible_mechanisms"] = mechanisms;
@@ -102,7 +103,9 @@
 -- select a mechanism to use
 function method:select(mechanism)
 	self.mech_i = mechanisms[mechanism]
-	if self.mech_i == nil then return false; end
+	if self.mech_i == nil then 
+		return false;
+	end
 	return true;
 end
 
@@ -120,13 +123,16 @@
 	local authentication = s_match(response, "%z([^&%z]+)%z")
 	local password = s_match(response, "%z[^&%z]+%z([^&%z]+)")
 
-	if authentication == nil or password == nil then return "failure", "malformed-request" end
+	if authentication == nil or password == nil then
+		return "failure", "malformed-request";
+	end
 
-	local correct, state = false, false, false;
+	local correct, state = false, false;
 	if self.profile.plain then
-		local correct_password, state = self.profile.plain(authentication, self.realm);
+		local correct_password;
+		correct_password, state = self.profile.plain(authentication, self.realm);
 		if correct_password == password then correct = true; else correct = false; end
-	else if self.profile.plain_test then
+	elseif self.profile.plain_test then
 		correct, state = self.profile.plain_test(authentication, self.realm, password);
 	end