aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWaqas Hussain <waqas20@gmail.com>2010-08-23 16:54:56 +0500
committerWaqas Hussain <waqas20@gmail.com>2010-08-23 16:54:56 +0500
commit373662e4a695ef9d75381173eb4efb439e91d91b (patch)
tree82b3a14bfacbc2e01a2d47570a01d55e2c985eb9
parent06fbe2e85325a81cff5f2ddf816ebaf4925364c6 (diff)
downloadprosody-373662e4a695ef9d75381173eb4efb439e91d91b.tar.gz
prosody-373662e4a695ef9d75381173eb4efb439e91d91b.zip
mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
-rw-r--r--plugins/mod_auth_cyrus.lua14
-rw-r--r--plugins/mod_saslauth.lua22
-rw-r--r--util/sasl_cyrus.lua3
3 files changed, 22 insertions, 17 deletions
diff --git a/plugins/mod_auth_cyrus.lua b/plugins/mod_auth_cyrus.lua
index c1315e7f..ed3d5408 100644
--- a/plugins/mod_auth_cyrus.lua
+++ b/plugins/mod_auth_cyrus.lua
@@ -8,9 +8,12 @@
local log = require "util.logger".init("auth_cyrus");
+local usermanager_user_exists = require "core.usermanager".user_exists;
+
local cyrus_service_realm = module:get_option("cyrus_service_realm");
local cyrus_service_name = module:get_option("cyrus_service_name");
local cyrus_application_name = module:get_option("cyrus_application_name");
+local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
prosody.unlock_globals(); --FIXME: Figure out why this is needed and
-- why cyrussasl isn't caught by the sandbox
@@ -41,6 +44,9 @@ function new_default_provider(host)
end
function provider.user_exists(username)
+ if require_provisioning then
+ return usermanager_user_exists(username, module.host);
+ end
return true;
end
@@ -50,7 +56,13 @@ function new_default_provider(host)
function provider.get_sasl_handler()
local realm = module:get_option("sasl_realm") or module.host;
- return new_sasl(realm);
+ local handler = new_sasl(realm);
+ if require_provisioning then
+ function handler.require_provisioning(username)
+ return usermanager_user_exists(username, module.host);
+ end
+ end
+ return handler;
end
return provider;
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 78420212..732d5d91 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -15,7 +15,6 @@ local base64 = require "util.encodings".base64;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
-local usermanager_user_exists = require "core.usermanager".user_exists;
local t_concat, t_insert = table.concat, table.insert;
local tostring = tostring;
@@ -23,9 +22,6 @@ local secure_auth_only = module:get_option("c2s_require_encryption") or module:g
local anonymous_login = module:get_option("anonymous_login");
local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth")
--- Cyrus config options
-local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
-
local log = module._log;
local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
@@ -63,20 +59,14 @@ local function handle_status(session, status, ret, err_msg)
elseif status == "success" then
local username = nodeprep(session.sasl_handler.username);
- if not(require_provisioning) or usermanager_user_exists(username, session.host) then
- local ok, err = sm_make_authenticated(session, session.sasl_handler.username);
- if ok then
- session.sasl_handler = nil;
- session:reset_stream();
- else
- module:log("warn", "SASL succeeded but username was invalid");
- session.sasl_handler = session.sasl_handler:clean_clone();
- return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
- end
+ local ok, err = sm_make_authenticated(session, session.sasl_handler.username);
+ if ok then
+ session.sasl_handler = nil;
+ session:reset_stream();
else
- module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
+ module:log("warn", "SASL succeeded but username was invalid");
session.sasl_handler = session.sasl_handler:clean_clone();
- return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
+ return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
end
end
return status, ret, err_msg;
diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua
index 3ec8adca..aafd5455 100644
--- a/util/sasl_cyrus.lua
+++ b/util/sasl_cyrus.lua
@@ -143,6 +143,9 @@ function method:process(message)
self.username = cyrussasl.get_username(self.cyrus)
if (err == 0) then -- SASL_OK
+ if self.require_provisioning and not self.require_provisioning(self.username) then
+ return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
+ end
return "success", data
elseif (err == 1) then -- SASL_CONTINUE
return "challenge", data