diff options
Diffstat (limited to 'plugins/mod_saslauth.lua')
-rw-r--r-- | plugins/mod_saslauth.lua | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 9f940c37..4ba0f1fd 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -15,10 +15,10 @@ local base64 = require "util.encodings".base64; local nodeprep = require "util.encodings".stringprep.nodeprep; local datamanager_load = require "util.datamanager".load; -local usermanager_validate_credentials = require "core.usermanager".validate_credentials; local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_get_password = require "core.usermanager".get_password; +local usermanager_test_password = require "core.usermanager".test_password; local t_concat, t_insert = table.concat, table.insert; local tostring = tostring; local jid_split = require "util.jid".split; @@ -81,6 +81,17 @@ local default_authentication_profile = { end }; +local hashpass_authentication_profile = { + plain_test = function(username, password, realm) + local prepped_username = nodeprep(username); + if not prepped_username then + log("debug", "NODEprep failed on username: %s", username); + return "", nil; + end + return usermanager_test_password(prepped_username, password, realm), true; + end +}; + local anonymous_authentication_profile = { anonymous = function(username, realm) return true; -- for normal usage you should always return true here @@ -183,7 +194,13 @@ module:hook("stream-features", function(event) if module:get_option("anonymous_login") then origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); else - origin.sasl_handler = new_sasl(realm, default_authentication_profile); + local authentication = module:get_option("authentication"); + log("debug", "AUTH: creating handler for '%s' type", authentication); + if authentication == nil or authentication == "default" then + origin.sasl_handler = new_sasl(realm, default_authentication_profile); + elseif authentication == "hashpass" then + origin.sasl_handler = new_sasl(realm, hashpass_authentication_profile); + end if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then origin.sasl_handler:forbidden({"PLAIN"}); end |