Merging my new SASL code with Waqas' adjusted saslauth module.

2 files changed, 95 insertions, 41 deletions

diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua
index dd9704f2..c17cbcaf 100644
--- a/plugins/mod_dialback.lua
+++ b/plugins/mod_dialback.lua
@@ -22,6 +22,7 @@ add_handler({"s2sin_unauthed", "s2sin"}, "verify", xmlns_dialback,
 			type = "invalid"
 			log("warn", "Asked to verify a dialback key that was incorrect. An imposter is claiming to be %s?", attr.to);
 		end
+		log("debug", "verifyied dialback key... it is %s", type);
 		origin.sends2s(format("<db:verify from='%s' to='%s' id='%s' type='%s'>%s</db:verify>", attr.to, attr.from, attr.id, type, stanza[1]));
 	end);
 
@@ -38,7 +39,7 @@ add_handler("s2sin_unauthed", "result", xmlns_dialback,
 		send_s2s(origin.to_host, origin.from_host,
 			format("<db:verify from='%s' to='%s' id='%s'>%s</db:verify>", origin.to_host, origin.from_host,
 				origin.streamid, origin.dialback_key));
-		hosts[origin.from_host].dialback_verifying = origin;
+		hosts[origin.to_host].s2sout[origin.from_host].dialback_verifying = origin;
 	end);
 
 add_handler({ "s2sout_unauthed", "s2sout" }, "verify", xmlns_dialback,
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 4f4f29d4..dd268555 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -2,6 +2,7 @@
 local st = require "util.stanza";
 local send = require "core.sessionmanager".send_to_session;
 local sm_bind_resource = require "core.sessionmanager".bind_resource;
+local jid
 
 local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
 local t_concat, t_insert = table.concat, table.insert;
@@ -15,48 +16,100 @@ local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas';
 
 local new_sasl = require "util.sasl".new;
 
-add_handler("c2s_unauthed", "auth", xmlns_sasl, function (session, stanza)
-	if not session.sasl_handler then
-		session.sasl_handler = new_sasl(stanza.attr.mechanism, 
-			function (username, password)
-				-- onAuth
-				require "core.usermanager"
-				if usermanager_validate_credentials(session.host, username, password) then
-					return true;
-				end
-				return false;
-			end,
-			function (username)
-				-- onSuccess
-				local success, err = sessionmanager.make_authenticated(session, username);
-				if not success then
-					sessionmanager.destroy_session(session);
-					return;
-				end
-				session.sasl_handler = nil;
-				session:reset_stream();
-			end,
-			function (reason)
-				-- onFail
-				log("debug", "SASL failure, reason: %s", reason);
-			end,
-			function (stanza)
-				-- onWrite
-				log("debug", "SASL writes: %s", tostring(stanza));
-				send(session, stanza);
-			end
-		);
-		session.sasl_handler:feed(stanza);	
+local function build_reply(status, ret)
+	local reply = st.stanza(status, {xmlns = xmlns_sasl});
+	if status == "challenge" then
+		reply:text(ret or "");
+	elseif status == "failure" then
+		reply:tag(ret):up();
+	elseif status == "success" then
+		reply:text(ret or "");
 	else
-		error("Client tried to negotiate SASL again", 0);
-	end	
-end);
+		error("Unknown sasl status: "..status);
+	end
+	return reply;
+end
+
+local function handle_status(session, status)
+	if status == "failure" then
+		session.sasl_handler = nil;
+	elseif status == "success" then
+		session.sasl_handler = nil;
+		session:reset_stream();
+	end
+end
+
+local function password_callback(jid, mechanism)
+	local node, host = jid_split(jid);
+	local password = (datamanager.load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords
+	local func = function(x) return x; end;
+	if password then
+		if mechanism == "PLAIN" then
+			return func, password;
+		elseif mechanism == "DIGEST-MD5" then
+			return func, require "hashes".md5(node.."::"..password);
+		end
+	end
+	return func, nil;
+end
+
+add_handler("c2s_unauthed", "auth", xmlns_sasl,
+		function (session, stanza)
+			if not session.sasl_handler then
+				session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback);
+				local status, ret = session.sasl_handler:feed(stanza[1]);
+				handle_status(session, status);
+				session.send(build_reply(status, ret));
+				--[[session.sasl_handler = new_sasl(stanza.attr.mechanism, 
+					function (username, password)
+						-- onAuth
+						require "core.usermanager"
+						if usermanager_validate_credentials(session.host, username, password) then
+							return true;
+						end
+						return false;
+					end,
+					function (username)
+						-- onSuccess
+						local success, err = sessionmanager.make_authenticated(session, username);
+						if not success then
+							sessionmanager.destroy_session(session);
+							return;
+						end
+						session.sasl_handler = nil;
+						session:reset_stream();
+					end,
+					function (reason)
+						-- onFail
+						log("debug", "SASL failure, reason: %s", reason);
+					end,
+					function (stanza)
+						-- onWrite
+						log("debug", "SASL writes: %s", tostring(stanza));
+						send(session, stanza);
+					end
+				);
+				session.sasl_handler:feed(stanza);	]]
+			else
+				error("Client tried to negotiate SASL again", 0);
+			end
+		end);
+
+add_handler("c2s_unauthed", "abort", xmlns_sasl,
+	function(session, stanza)
+		if not session.sasl_handler then error("Attempt to abort when sasl has not started"); end
+		local status, ret = session.sasl_handler:feed(stanza[1]);
+		handle_status(session, status);
+		session.send(build_reply(status, ret));
+	end);
 
-add_handler("c2s_unauthed", "response", xmlns_sasl, function (session, stanza)
-	if session.sasl_handler then
-		session.sasl_handler:feed(stanza);	
-	end	
-end);
+add_handler("c2s_unauthed", "response", xmlns_sasl,
+	function(session, stanza)
+		if not session.sasl_handler then error("Attempt to respond when sasl has not started"); end
+		local status, ret = session.sasl_handler:feed(stanza[1]);
+		handle_status(session, status);
+		session.send(build_reply(status, ret));
+	end);
 		
 add_event_hook("stream-features", 
 					function (session, features)