From 3dc5c26703b55ae5a24ba7757e18282e351425fd Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: mod_saslauth: Set secure socket as SASL object user data for secure sessions. --- plugins/mod_saslauth.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 1c0d0673..2b3b59a9 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -246,6 +246,10 @@ module:hook("stream-features", function(event) return; end origin.sasl_handler = usermanager_get_sasl_handler(module.host); + + if origin.secure then + origin.sasl_handler["userdata"] = origin.conn:socket(); + end features:tag("mechanisms", mechanisms_attr); for mechanism in pairs(origin.sasl_handler:mechanisms()) do if mechanism ~= "PLAIN" or origin.secure or allow_unencrypted_plain_auth then -- cgit v1.2.3 From a1c646ad48267cdfaefb27e77f335969c7c4cc3f Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: mod_saslauth: Add channel binding handler for tls-unique channel binding. --- plugins/mod_saslauth.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 2b3b59a9..822be62b 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -246,8 +246,10 @@ module:hook("stream-features", function(event) return; end origin.sasl_handler = usermanager_get_sasl_handler(module.host); - if origin.secure then + origin.sasl_handler:add_cb_handler("tls-unique", function(self) + return self.userdata:getpeerfinished(); + end); origin.sasl_handler["userdata"] = origin.conn:socket(); end features:tag("mechanisms", mechanisms_attr); -- cgit v1.2.3 From d07446041f3c2c72077de003db171bd2b5ecd0c6 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 17 Jan 2011 16:50:21 +0100 Subject: mod_saslauth: Check whether LuaSec supports getpeerfinished() binding. --- plugins/mod_saslauth.lua | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 822be62b..422bc187 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -247,10 +247,14 @@ module:hook("stream-features", function(event) end origin.sasl_handler = usermanager_get_sasl_handler(module.host); if origin.secure then - origin.sasl_handler:add_cb_handler("tls-unique", function(self) - return self.userdata:getpeerfinished(); - end); - origin.sasl_handler["userdata"] = origin.conn:socket(); + -- check wether LuaSec has the nifty binding to the function needed for tls-unique + -- FIXME: would be nice to have this check only once and not for every socket + if origin.conn:socket().getpeerfinished then + origin.sasl_handler:add_cb_handler("tls-unique", function(self) + return self.userdata:getpeerfinished(); + end); + origin.sasl_handler["userdata"] = origin.conn:socket(); + end end features:tag("mechanisms", mechanisms_attr); for mechanism in pairs(origin.sasl_handler:mechanisms()) do -- cgit v1.2.3