diff options
Diffstat (limited to 'plugins/mod_saslauth.lua')
| -rw-r--r-- | plugins/mod_saslauth.lua | 41 |
1 files changed, 10 insertions, 31 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index d407e5da..a02c1ec4 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -14,19 +14,14 @@ local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; local nodeprep = require "util.encodings".stringprep.nodeprep; -local datamanager_load = require "util.datamanager".load; -local usermanager_validate_credentials = require "core.usermanager".validate_credentials; -local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; +local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; local usermanager_user_exists = require "core.usermanager".user_exists; -local usermanager_get_password = require "core.usermanager".get_password; local t_concat, t_insert = table.concat, table.insert; local tostring = tostring; -local jid_split = require "util.jid".split; -local md5 = require "util.hashes".md5; -local config = require "core.configmanager"; local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local sasl_backend = module:get_option("sasl_backend") or "builtin"; +local anonymous_login = module:get_option("anonymous_login"); -- Cyrus config options local require_provisioning = module:get_option("cyrus_require_provisioning") or false; @@ -66,21 +61,6 @@ else error("Unknown SASL backend"); end -local default_authentication_profile = { - plain = function(username, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - log("debug", "NODEprep failed on username: %s", username); - return "", nil; - end - local password = usermanager_get_password(prepped_username, realm); - if not password then - return "", nil; - end - return password, true; - end -}; - local anonymous_authentication_profile = { anonymous = function(username, realm) return true; -- for normal usage you should always return true here @@ -111,8 +91,8 @@ local function handle_status(session, status, ret, err_msg) local username = nodeprep(session.sasl_handler.username); if not(require_provisioning) or usermanager_user_exists(username, session.host) then - local aret, err = sm_make_authenticated(session, session.sasl_handler.username); - if aret then + local ok, err = sm_make_authenticated(session, session.sasl_handler.username); + if ok then session.sasl_handler = nil; session:reset_stream(); else @@ -132,7 +112,7 @@ end local function sasl_handler(session, stanza) if stanza.name == "auth" then -- FIXME ignoring duplicates because ejabberd does - if config.get(session.host or "*", "core", "anonymous_login") then + if anonymous_login then if stanza.attr.mechanism ~= "ANONYMOUS" then return session.send(build_reply("failure", "invalid-mechanism")); end @@ -179,18 +159,17 @@ module:hook("stream-features", function(event) if secure_auth_only and not origin.secure then return; end - local realm = module:get_option("sasl_realm") or origin.host; - if module:get_option("anonymous_login") then - origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); + if anonymous_login then + origin.sasl_handler = new_sasl(module.host, anonymous_authentication_profile); else - origin.sasl_handler = new_sasl(realm, default_authentication_profile); + origin.sasl_handler = usermanager_get_sasl_handler(module.host); if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then origin.sasl_handler:forbidden({"PLAIN"}); end end features:tag("mechanisms", mechanisms_attr); - for k, v in pairs(origin.sasl_handler:mechanisms()) do - features:tag("mechanism"):text(v):up(); + for k in pairs(origin.sasl_handler:mechanisms()) do + features:tag("mechanism"):text(k):up(); end features:up(); else |