From 3dc5c26703b55ae5a24ba7757e18282e351425fd Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: mod_saslauth: Set secure socket as SASL object user data for secure sessions. --- plugins/mod_saslauth.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 1c0d0673..2b3b59a9 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -246,6 +246,10 @@ module:hook("stream-features", function(event) return; end origin.sasl_handler = usermanager_get_sasl_handler(module.host); + + if origin.secure then + origin.sasl_handler["userdata"] = origin.conn:socket(); + end features:tag("mechanisms", mechanisms_attr); for mechanism in pairs(origin.sasl_handler:mechanisms()) do if mechanism ~= "PLAIN" or origin.secure or allow_unencrypted_plain_auth then -- cgit v1.2.3 From a1c646ad48267cdfaefb27e77f335969c7c4cc3f Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: mod_saslauth: Add channel binding handler for tls-unique channel binding. --- plugins/mod_saslauth.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 2b3b59a9..822be62b 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -246,8 +246,10 @@ module:hook("stream-features", function(event) return; end origin.sasl_handler = usermanager_get_sasl_handler(module.host); - if origin.secure then + origin.sasl_handler:add_cb_handler("tls-unique", function(self) + return self.userdata:getpeerfinished(); + end); origin.sasl_handler["userdata"] = origin.conn:socket(); end features:tag("mechanisms", mechanisms_attr); -- cgit v1.2.3 From d07446041f3c2c72077de003db171bd2b5ecd0c6 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: mod_saslauth: Check whether LuaSec supports getpeerfinished() binding. --- plugins/mod_saslauth.lua | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 822be62b..422bc187 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -247,10 +247,14 @@ module:hook("stream-features", function(event) end origin.sasl_handler = usermanager_get_sasl_handler(module.host); if origin.secure then - origin.sasl_handler:add_cb_handler("tls-unique", function(self) - return self.userdata:getpeerfinished(); - end); - origin.sasl_handler["userdata"] = origin.conn:socket(); + -- check wether LuaSec has the nifty binding to the function needed for tls-unique + -- FIXME: would be nice to have this check only once and not for every socket + if origin.conn:socket().getpeerfinished then + origin.sasl_handler:add_cb_handler("tls-unique", function(self) + return self.userdata:getpeerfinished(); + end); + origin.sasl_handler["userdata"] = origin.conn:socket(); + end end features:tag("mechanisms", mechanisms_attr); for mechanism in pairs(origin.sasl_handler:mechanisms()) do -- cgit v1.2.3 From 1d833bb80779ed9c9e1d7ec6c7fab231ebf48182 Mon Sep 17 00:00:00 2001 From: Florian Zeitz Date: Fri, 9 Aug 2013 17:48:21 +0200 Subject: Remove all trailing whitespace --- plugins/mod_saslauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 201cc477..1bf6fb96 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -1,7 +1,7 @@ -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -- cgit v1.2.3 From c89ca6cad504e083f310f82177d32dea0e25f462 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 7 Oct 2013 12:56:21 +0200 Subject: mod_saslauth: Collect data for channel binding only if we know for sure that the stream is encrypted --- plugins/mod_saslauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index f24eacf8..4513c511 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -242,7 +242,7 @@ module:hook("stream-features", function(event) return; end origin.sasl_handler = usermanager_get_sasl_handler(module.host, origin); - if origin.secure then + if origin.encrypted then -- check wether LuaSec has the nifty binding to the function needed for tls-unique -- FIXME: would be nice to have this check only once and not for every socket if origin.conn:socket().getpeerfinished then -- cgit v1.2.3 From 4078dc07a2a867aa7e7f010c63a9a85b52c433ee Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 12 Feb 2014 19:25:15 +0100 Subject: mod_saslauth: Make sure sasl handler has add_cb_handler (fixes #392) --- plugins/mod_saslauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 4513c511..94c060b3 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -245,7 +245,7 @@ module:hook("stream-features", function(event) if origin.encrypted then -- check wether LuaSec has the nifty binding to the function needed for tls-unique -- FIXME: would be nice to have this check only once and not for every socket - if origin.conn:socket().getpeerfinished then + if origin.conn:socket().getpeerfinished and origin.sasl_handler.add_cb_handler then origin.sasl_handler:add_cb_handler("tls-unique", function(self) return self.userdata:getpeerfinished(); end); -- cgit v1.2.3