From 373662e4a695ef9d75381173eb4efb439e91d91b Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Mon, 23 Aug 2010 16:54:56 +0500
Subject: mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account
 provisioning check out of mod_saslauth.

---
 plugins/mod_auth_cyrus.lua | 14 +++++++++++++-
 plugins/mod_saslauth.lua   | 22 ++++++----------------
 util/sasl_cyrus.lua        |  3 +++
 3 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/plugins/mod_auth_cyrus.lua b/plugins/mod_auth_cyrus.lua
index c1315e7f..ed3d5408 100644
--- a/plugins/mod_auth_cyrus.lua
+++ b/plugins/mod_auth_cyrus.lua
@@ -8,9 +8,12 @@
 
 local log = require "util.logger".init("auth_cyrus");
 
+local usermanager_user_exists = require "core.usermanager".user_exists;
+
 local cyrus_service_realm = module:get_option("cyrus_service_realm");
 local cyrus_service_name = module:get_option("cyrus_service_name");
 local cyrus_application_name = module:get_option("cyrus_application_name");
+local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
 
 prosody.unlock_globals(); --FIXME: Figure out why this is needed and
 						  -- why cyrussasl isn't caught by the sandbox
@@ -41,6 +44,9 @@ function new_default_provider(host)
 	end
 
 	function provider.user_exists(username)
+		if require_provisioning then
+			return usermanager_user_exists(username, module.host);
+		end
 		return true;
 	end
 
@@ -50,7 +56,13 @@ function new_default_provider(host)
 
 	function provider.get_sasl_handler()
 		local realm = module:get_option("sasl_realm") or module.host;
-		return new_sasl(realm);
+		local handler = new_sasl(realm);
+		if require_provisioning then
+			function handler.require_provisioning(username)
+				return usermanager_user_exists(username, module.host);
+			end
+		end
+		return handler;
 	end
 
 	return provider;
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 78420212..732d5d91 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -15,7 +15,6 @@ local base64 = require "util.encodings".base64;
 
 local nodeprep = require "util.encodings".stringprep.nodeprep;
 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
-local usermanager_user_exists = require "core.usermanager".user_exists;
 local t_concat, t_insert = table.concat, table.insert;
 local tostring = tostring;
 
@@ -23,9 +22,6 @@ local secure_auth_only = module:get_option("c2s_require_encryption") or module:g
 local anonymous_login = module:get_option("anonymous_login");
 local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth")
 
--- Cyrus config options
-local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
-
 local log = module._log;
 
 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
@@ -63,20 +59,14 @@ local function handle_status(session, status, ret, err_msg)
 	elseif status == "success" then
 		local username = nodeprep(session.sasl_handler.username);
 
-		if not(require_provisioning) or usermanager_user_exists(username, session.host) then
-			local ok, err = sm_make_authenticated(session, session.sasl_handler.username);
-			if ok then
-				session.sasl_handler = nil;
-				session:reset_stream();
-			else
-				module:log("warn", "SASL succeeded but username was invalid");
-				session.sasl_handler = session.sasl_handler:clean_clone();
-				return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
-			end
+		local ok, err = sm_make_authenticated(session, session.sasl_handler.username);
+		if ok then
+			session.sasl_handler = nil;
+			session:reset_stream();
 		else
-			module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
+			module:log("warn", "SASL succeeded but username was invalid");
 			session.sasl_handler = session.sasl_handler:clean_clone();
-			return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
+			return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
 		end
 	end
 	return status, ret, err_msg;
diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua
index 3ec8adca..aafd5455 100644
--- a/util/sasl_cyrus.lua
+++ b/util/sasl_cyrus.lua
@@ -143,6 +143,9 @@ function method:process(message)
 	self.username = cyrussasl.get_username(self.cyrus)
 
 	if (err == 0) then -- SASL_OK
+		if self.require_provisioning and not self.require_provisioning(self.username) then
+			return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
+		end
 		return "success", data
 	elseif (err == 1) then -- SASL_CONTINUE
 		return "challenge", data
-- 
cgit v1.2.3