aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_saslauth.lua
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/mod_saslauth.lua')
-rw-r--r--plugins/mod_saslauth.lua21
1 files changed, 19 insertions, 2 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 9f940c37..4ba0f1fd 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -15,10 +15,10 @@ local base64 = require "util.encodings".base64;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local datamanager_load = require "util.datamanager".load;
-local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods;
local usermanager_user_exists = require "core.usermanager".user_exists;
local usermanager_get_password = require "core.usermanager".get_password;
+local usermanager_test_password = require "core.usermanager".test_password;
local t_concat, t_insert = table.concat, table.insert;
local tostring = tostring;
local jid_split = require "util.jid".split;
@@ -81,6 +81,17 @@ local default_authentication_profile = {
end
};
+local hashpass_authentication_profile = {
+ plain_test = function(username, password, realm)
+ local prepped_username = nodeprep(username);
+ if not prepped_username then
+ log("debug", "NODEprep failed on username: %s", username);
+ return "", nil;
+ end
+ return usermanager_test_password(prepped_username, password, realm), true;
+ end
+};
+
local anonymous_authentication_profile = {
anonymous = function(username, realm)
return true; -- for normal usage you should always return true here
@@ -183,7 +194,13 @@ module:hook("stream-features", function(event)
if module:get_option("anonymous_login") then
origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile);
else
- origin.sasl_handler = new_sasl(realm, default_authentication_profile);
+ local authentication = module:get_option("authentication");
+ log("debug", "AUTH: creating handler for '%s' type", authentication);
+ if authentication == nil or authentication == "default" then
+ origin.sasl_handler = new_sasl(realm, default_authentication_profile);
+ elseif authentication == "hashpass" then
+ origin.sasl_handler = new_sasl(realm, hashpass_authentication_profile);
+ end
if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then
origin.sasl_handler:forbidden({"PLAIN"});
end