aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_saslauth.lua
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/mod_saslauth.lua')
-rw-r--r--plugins/mod_saslauth.lua63
1 files changed, 61 insertions, 2 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index dc6f3645..7eed8f35 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -1,14 +1,17 @@
local st = require "util.stanza";
local send = require "core.sessionmanager".send_to_session;
+local sm_bind_resource = require "core.sessionmanager".bind_resource;
local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
-local t_concat = table.concat;
+local t_concat, t_insert = table.concat, table.insert;
local tostring = tostring;
local log = require "util.logger".init("mod_saslauth");
local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
+local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind';
+local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas';
local new_connhandler = require "net.connhandlers".new;
local new_sasl = require "util.sasl".new;
@@ -50,4 +53,60 @@ add_handler("c2s_unauthed", "auth",
error("Client tried to negotiate SASL again", 0);
end
- end); \ No newline at end of file
+ end);
+
+add_event_hook("stream-features",
+ function (session, features)
+ if not session.username then
+ t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>");
+ t_insert(features, "<mechanism>PLAIN</mechanism>");
+ t_insert(features, "</mechanisms>");
+ else
+ t_insert(features, "<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><required/></bind>");
+ t_insert(features, "<session xmlns='urn:ietf:params:xml:ns:xmpp-session'/>");
+ end
+ --send [[<register xmlns="http://jabber.org/features/iq-register"/> ]]
+ end);
+
+add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind",
+ function (session, stanza)
+ log("debug", "Client tried to bind to a resource");
+ local resource;
+ if stanza.attr.type == "set" then
+ local bind = stanza.tags[1];
+
+ if bind and bind.attr.xmlns == xmlns_bind then
+ resource = bind:child_with_name("resource");
+ if resource then
+ resource = resource[1];
+ end
+ end
+ end
+ local success, err = sm_bind_resource(session, resource);
+ if not success then
+ local reply = st.reply(stanza);
+ reply.attr.type = "error";
+ if err == "conflict" then
+ reply:tag("error", { type = "modify" })
+ :tag("conflict", { xmlns = xmlns_stanzas });
+ elseif err == "constraint" then
+ reply:tag("error", { type = "cancel" })
+ :tag("resource-constraint", { xmlns = xmlns_stanzas });
+ elseif err == "auth" then
+ reply:tag("error", { type = "cancel" })
+ :tag("not-allowed", { xmlns = xmlns_stanzas });
+ end
+ send(session, reply);
+ else
+ local reply = st.reply(stanza);
+ reply:tag("bind", { xmlns = xmlns_bind})
+ :tag("jid"):text(session.full_jid);
+ send(session, reply);
+ end
+ end);
+
+add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session",
+ function (session, stanza)
+ log("debug", "Client tried to bind to a resource");
+ send(session, st.reply(stanza));
+ end);