diff options
Diffstat (limited to 'plugins/mod_saslauth.lua')
| -rw-r--r-- | plugins/mod_saslauth.lua | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 9f940c37..c16a14da 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -15,10 +15,11 @@ local base64 = require "util.encodings".base64; local nodeprep = require "util.encodings".stringprep.nodeprep; local datamanager_load = require "util.datamanager".load; -local usermanager_validate_credentials = require "core.usermanager".validate_credentials; +local usermanager_get_provider = require "core.usermanager".get_provider; local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_get_password = require "core.usermanager".get_password; +local usermanager_test_password = require "core.usermanager".test_password; local t_concat, t_insert = table.concat, table.insert; local tostring = tostring; local jid_split = require "util.jid".split; @@ -66,7 +67,7 @@ else error("Unknown SASL backend"); end -local default_authentication_profile = { +local getpass_authentication_profile = { plain = function(username, realm) local prepped_username = nodeprep(username); if not prepped_username then @@ -81,6 +82,17 @@ local default_authentication_profile = { end }; +local testpass_authentication_profile = { + plain_test = function(username, password, realm) + local prepped_username = nodeprep(username); + if not prepped_username then + log("debug", "NODEprep failed on username: %s", username); + return "", nil; + end + return usermanager_test_password(prepped_username, password, realm), true; + end +}; + local anonymous_authentication_profile = { anonymous = function(username, realm) return true; -- for normal usage you should always return true here @@ -183,7 +195,13 @@ module:hook("stream-features", function(event) if module:get_option("anonymous_login") then origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); else - origin.sasl_handler = new_sasl(realm, default_authentication_profile); + if usermanager_get_provider(realm).get_password then + origin.sasl_handler = new_sasl(realm, getpass_authentication_profile); + elseif usermanager_get_provider(realm).test_password then + origin.sasl_handler = new_sasl(realm, testpass_authentication_profile); + else + log("warn", "AUTH: Could not load an authentication profile for the given provider."); + end if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then origin.sasl_handler:forbidden({"PLAIN"}); end |