aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2010-06-12 02:39:18 +0100
committerMatthew Wild <mwild1@gmail.com>2010-06-12 02:39:18 +0100
commit06982adcd24eabee31abcebc167411430697d55a (patch)
tree986567d378b68a194e49c780a06ac427f82054bc
parentfdb9749df9dbd15aab3607a5b09c2f6652877e6e (diff)
parentbc718af42e21112f168a114eb9840b54976f6179 (diff)
downloadprosody-06982adcd24eabee31abcebc167411430697d55a.tar.gz
prosody-06982adcd24eabee31abcebc167411430697d55a.zip
Merge 0.7->trunk
-rw-r--r--core/sessionmanager.lua3
-rw-r--r--net/server_event.lua18
-rw-r--r--plugins/mod_saslauth.lua18
3 files changed, 21 insertions, 18 deletions
diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua
index ac07a793..63768515 100644
--- a/core/sessionmanager.lua
+++ b/core/sessionmanager.lua
@@ -25,6 +25,7 @@ local rm_load_roster = require "core.rostermanager".load_roster;
local config_get = require "core.configmanager".get;
local nameprep = require "util.encodings".stringprep.nameprep;
local resourceprep = require "util.encodings".stringprep.resourceprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
local initialize_filters = require "util.filters".initialize;
local fire_event = require "core.eventmanager".fire_event;
@@ -122,6 +123,8 @@ function destroy_session(session, err)
end
function make_authenticated(session, username)
+ username = nodeprep(username);
+ if not username or #username == 0 then return nil, "Invalid username"; end
session.username = username;
if session.type == "c2s_unauthed" then
session.type = "c2s";
diff --git a/net/server_event.lua b/net/server_event.lua
index b286e8c2..0331e793 100644
--- a/net/server_event.lua
+++ b/net/server_event.lua
@@ -20,8 +20,8 @@ local LAST_MODIFIED = "2009/11/20"
local cfg = {
MAX_CONNECTIONS = 100000, -- max per server connections (use "ulimit -n" on *nix)
- MAX_HANDSHAKE_ATTEMPS = 1000, -- attempts to finish ssl handshake
- HANDSHAKE_TIMEOUT = 60, -- timout in seconds per handshake attempt
+ MAX_HANDSHAKE_ATTEMPTS= 1000, -- attempts to finish ssl handshake
+ HANDSHAKE_TIMEOUT = 60, -- timeout in seconds per handshake attempt
MAX_READ_LENGTH = 1024 * 1024 * 1024 * 1024, -- max bytes allowed to read from sockets
MAX_SEND_LENGTH = 1024 * 1024 * 1024 * 1024, -- max bytes size of write buffer (for writing on sockets)
ACCEPT_DELAY = 10, -- seconds to wait until the next attempt of a full server to accept
@@ -136,7 +136,7 @@ do
function interface_mt:_start_connection(plainssl) -- should be called from addclient
local callback = function( event )
- if EV_TIMEOUT == event then -- timout during connection
+ if EV_TIMEOUT == event then -- timeout during connection
self.fatalerror = "connection timeout"
self:ontimeout() -- call timeout listener
self:_close()
@@ -196,12 +196,12 @@ do
function( event )
local _, err
local attempt = 0
- local maxattempt = cfg.MAX_HANDSHAKE_ATTEMPS
+ local maxattempt = cfg.MAX_HANDSHAKE_ATTEMPTS
while attempt < maxattempt do -- no endless loop
attempt = attempt + 1
- debug( "ssl handshake of client with id:"..tostring(self).."attemp:"..attempt )
+ debug( "ssl handshake of client with id:"..tostring(self)..", attempt:"..attempt )
if attempt > maxattempt then
- self.fatalerror = "max handshake attemps exceeded"
+ self.fatalerror = "max handshake attempts exceeded"
elseif EV_TIMEOUT == event then
self.fatalerror = "timeout during handshake"
else
@@ -570,7 +570,7 @@ do
return -1;
end
interface.eventwritetimeout = addevent( base, nil, EV_TIMEOUT, callback, cfg.WRITE_TIMEOUT ) -- reg a new timeout event
- debug( "wantread during write attemp, reg it in readcallback but dont know what really happens next..." )
+ debug( "wantread during write attempt, reg it in readcallback but dont know what really happens next..." )
-- hopefully this works with luasec; its simply not possible to use 2 different write events on a socket in luaevent
return -1
end
@@ -631,7 +631,7 @@ do
interface:_close()
end, cfg.READ_TIMEOUT
)
- debug( "wantwrite during read attemp, reg it in writecallback but dont know what really happens next..." )
+ debug( "wantwrite during read attempt, reg it in writecallback but dont know what really happens next..." )
-- to be honest i dont know what happens next, if it is allowed to first read, the write etc...
else -- connection was closed or fatal error
interface.fatalerror = err
@@ -693,7 +693,7 @@ do
if interface._connections >= cfg.MAX_CONNECTIONS then
client:close( ) -- refuse connection
debug( "maximal connections reached, refuse client connection; accept delay:", delay )
- return EV_TIMEOUT, delay -- delay for next accept attemp
+ return EV_TIMEOUT, delay -- delay for next accept attempt
end
local client_ip, client_port = client:getpeername( )
interface._connections = interface._connections + 1 -- increase connection count
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 99be8c34..acfb57f6 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -95,17 +95,17 @@ local function handle_status(session, status, ret, err_msg)
session.sasl_handler = session.sasl_handler:clean_clone();
elseif status == "success" then
local username = nodeprep(session.sasl_handler.username);
- if not username then -- TODO move this to sessionmanager
- module:log("warn", "SASL succeeded but we didn't get a username!");
- session.sasl_handler = nil;
- session:reset_stream();
- return status, ret, err_msg;
- end
if not(require_provisioning) or usermanager_user_exists(username, session.host) then
- sm_make_authenticated(session, session.sasl_handler.username);
- session.sasl_handler = nil;
- session:reset_stream();
+ local aret, err = sm_make_authenticated(session, session.sasl_handler.username);
+ if aret then
+ session.sasl_handler = nil;
+ session:reset_stream();
+ else
+ module:log("warn", "SASL succeeded but username was invalid");
+ session.sasl_handler = session.sasl_handler:clean_clone();
+ return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
+ end
else
module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
session.sasl_handler = session.sasl_handler:clean_clone();