From bb5877bcfa52a29d70f6521b8d77596dfdfa9819 Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Fri, 11 Jun 2010 21:01:17 +0500
Subject: mod_saslauth: Return proper error on invalid usernames.

---
 plugins/mod_saslauth.lua | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'plugins')

diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 9f940c37..d407e5da 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -109,17 +109,17 @@ local function handle_status(session, status, ret, err_msg)
 		session.sasl_handler = session.sasl_handler:clean_clone();
 	elseif status == "success" then
 		local username = nodeprep(session.sasl_handler.username);
-		if not username then -- TODO move this to sessionmanager
-			module:log("warn", "SASL succeeded but we didn't get a username!");
-			session.sasl_handler = nil;
-			session:reset_stream();
-			return status, ret, err_msg;
-		end
 
 		if not(require_provisioning) or usermanager_user_exists(username, session.host) then
-			sm_make_authenticated(session, session.sasl_handler.username);
-			session.sasl_handler = nil;
-			session:reset_stream();
+			local aret, err = sm_make_authenticated(session, session.sasl_handler.username);
+			if aret then
+				session.sasl_handler = nil;
+				session:reset_stream();
+			else
+				module:log("warn", "SASL succeeded but username was invalid");
+				session.sasl_handler = session.sasl_handler:clean_clone();
+				return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
+			end
 		else
 			module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
 			session.sasl_handler = session.sasl_handler:clean_clone();
-- 
cgit v1.2.3