Wed, 08 Jul 2009 04:19:15 +0100
prosody: Record time the server started
894 | 1 | -- Prosody IM v0.4 |
760
90ce865eebd8
Update copyright notices for 2009
Matthew Wild <mwild1@gmail.com>
parents:
759
diff
changeset
|
2 | -- Copyright (C) 2008-2009 Matthew Wild |
90ce865eebd8
Update copyright notices for 2009
Matthew Wild <mwild1@gmail.com>
parents:
759
diff
changeset
|
3 | -- Copyright (C) 2008-2009 Waqas Hussain |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
4 | -- |
758 | 5 | -- This project is MIT/X11 licensed. Please see the |
6 | -- COPYING file in the source package for more information. | |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
7 | -- |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
8 | |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
9 | |
38 | 10 | |
11 | local st = require "util.stanza"; | |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
12 | local sm_bind_resource = require "core.sessionmanager".bind_resource; |
1042
a3d77353c18a
mod_*: Fix a load of global accesses
Matthew Wild <mwild1@gmail.com>
parents:
938
diff
changeset
|
13 | local sm_make_authenticated = require "core.sessionmanager".make_authenticated; |
447
c0dae734d3bf
Stopped using the lbase64 library
Waqas Hussain <waqas20@gmail.com>
parents:
438
diff
changeset
|
14 | local base64 = require "util.encodings".base64; |
38 | 15 | |
1042
a3d77353c18a
mod_*: Fix a load of global accesses
Matthew Wild <mwild1@gmail.com>
parents:
938
diff
changeset
|
16 | local datamanager_load = require "util.datamanager".load; |
38 | 17 | local usermanager_validate_credentials = require "core.usermanager".validate_credentials; |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
18 | local t_concat, t_insert = table.concat, table.insert; |
38 | 19 | local tostring = tostring; |
288
dc53343af9ac
Set username in a SASL object.
Tobias Markmann <tm@ayena.de>
parents:
286
diff
changeset
|
20 | local jid_split = require "util.jid".split |
449
c0a4a1e63d70
Completely switched to new hashes library from the old md5 library
Waqas Hussain <waqas20@gmail.com>
parents:
447
diff
changeset
|
21 | local md5 = require "util.hashes".md5; |
887
eef21d7bbe04
mod_saslauth: Disable SASL ANONYMOUS unless explicitly enabled with sasl_anonymous = true
Matthew Wild <mwild1@gmail.com>
parents:
799
diff
changeset
|
22 | local config = require "core.configmanager"; |
38 | 23 | |
1216
fd8ce71bc72b
mod_saslauth, mod_legacyauth: Deny logins to unsecure sessions when require_encryption config option is true
Matthew Wild <mwild1@gmail.com>
parents:
1186
diff
changeset
|
24 | local secure_auth_only = config.get(module:get_host(), "core", "require_encryption"); |
fd8ce71bc72b
mod_saslauth, mod_legacyauth: Deny logins to unsecure sessions when require_encryption config option is true
Matthew Wild <mwild1@gmail.com>
parents:
1186
diff
changeset
|
25 | |
1071
216f9a9001f1
mod_saslauth: Use module logger instead of creating a new one
Matthew Wild <mwild1@gmail.com>
parents:
1042
diff
changeset
|
26 | local log = module._log; |
38 | 27 | |
28 | local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; | |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
29 | local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
30 | local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas'; |
38 | 31 | |
32 | local new_sasl = require "util.sasl".new; | |
33 | ||
292
33175ad2f682
Started using realm in password hashing, and added support for error message replies from sasl
Waqas Hussain <waqas20@gmail.com>
parents:
291
diff
changeset
|
34 | local function build_reply(status, ret, err_msg) |
281
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
35 | local reply = st.stanza(status, {xmlns = xmlns_sasl}); |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
36 | if status == "challenge" then |
1072
c7967004b5d0
mod_saslauth: Various logging fixes
Matthew Wild <mwild1@gmail.com>
parents:
1071
diff
changeset
|
37 | log("debug", "%s", ret or ""); |
293
b446de4e258e
base64 encode the sasl responses
Waqas Hussain <waqas20@gmail.com>
parents:
292
diff
changeset
|
38 | reply:text(base64.encode(ret or "")); |
281
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
39 | elseif status == "failure" then |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
40 | reply:tag(ret):up(); |
293
b446de4e258e
base64 encode the sasl responses
Waqas Hussain <waqas20@gmail.com>
parents:
292
diff
changeset
|
41 | if err_msg then reply:tag("text"):text(err_msg); end |
281
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
42 | elseif status == "success" then |
1072
c7967004b5d0
mod_saslauth: Various logging fixes
Matthew Wild <mwild1@gmail.com>
parents:
1071
diff
changeset
|
43 | log("debug", "%s", ret or ""); |
293
b446de4e258e
base64 encode the sasl responses
Waqas Hussain <waqas20@gmail.com>
parents:
292
diff
changeset
|
44 | reply:text(base64.encode(ret or "")); |
281
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
45 | else |
1073
7c20373d4451
mod_saslauth: Remove 2 instances of raising errors and replacing with more graceful handling
Matthew Wild <mwild1@gmail.com>
parents:
1072
diff
changeset
|
46 | module:log("error", "Unknown sasl status: %s", status); |
281
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
47 | end |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
48 | return reply; |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
49 | end |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
50 | |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
51 | local function handle_status(session, status) |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
52 | if status == "failure" then |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
53 | session.sasl_handler = nil; |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
54 | elseif status == "success" then |
1073
7c20373d4451
mod_saslauth: Remove 2 instances of raising errors and replacing with more graceful handling
Matthew Wild <mwild1@gmail.com>
parents:
1072
diff
changeset
|
55 | if not session.sasl_handler.username then -- TODO move this to sessionmanager |
7c20373d4451
mod_saslauth: Remove 2 instances of raising errors and replacing with more graceful handling
Matthew Wild <mwild1@gmail.com>
parents:
1072
diff
changeset
|
56 | module:log("warn", "SASL succeeded but we didn't get a username!"); |
7c20373d4451
mod_saslauth: Remove 2 instances of raising errors and replacing with more graceful handling
Matthew Wild <mwild1@gmail.com>
parents:
1072
diff
changeset
|
57 | session.sasl_handler = nil; |
7c20373d4451
mod_saslauth: Remove 2 instances of raising errors and replacing with more graceful handling
Matthew Wild <mwild1@gmail.com>
parents:
1072
diff
changeset
|
58 | session:reset_stream(); |
7c20373d4451
mod_saslauth: Remove 2 instances of raising errors and replacing with more graceful handling
Matthew Wild <mwild1@gmail.com>
parents:
1072
diff
changeset
|
59 | return; |
7c20373d4451
mod_saslauth: Remove 2 instances of raising errors and replacing with more graceful handling
Matthew Wild <mwild1@gmail.com>
parents:
1072
diff
changeset
|
60 | end |
1042
a3d77353c18a
mod_*: Fix a load of global accesses
Matthew Wild <mwild1@gmail.com>
parents:
938
diff
changeset
|
61 | sm_make_authenticated(session, session.sasl_handler.username); |
281
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
62 | session.sasl_handler = nil; |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
63 | session:reset_stream(); |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
64 | end |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
65 | end |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
66 | |
1375
50ee4b327f86
Adding a parameter for realm to the password_callback.
Tobias Markmann <tm@ayena.de>
parents:
1217
diff
changeset
|
67 | local function password_callback(node, hostname, realm, mechanism, decoder) |
1486
3e04efa8af7e
Remove to-unicode conversion because it's done in sasl.lua now.
Tobias Markmann <tm@ayena.de>
parents:
1484
diff
changeset
|
68 | local password = (datamanager_load(node, hostname, "accounts") or {}).password; -- FIXME handle hashed passwords |
281
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
69 | local func = function(x) return x; end; |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
70 | if password then |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
71 | if mechanism == "PLAIN" then |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
72 | return func, password; |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
73 | elseif mechanism == "DIGEST-MD5" then |
1484
80e4f1d731c2
Fixed decoding of parameters.
Tobias Markmann <tm@ayena.de>
parents:
1449
diff
changeset
|
74 | if decoder then node, realm, password = decoder(node), decoder(realm), decoder(password); end |
1375
50ee4b327f86
Adding a parameter for realm to the password_callback.
Tobias Markmann <tm@ayena.de>
parents:
1217
diff
changeset
|
75 | return func, md5(node..":"..realm..":"..password); |
281
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
76 | end |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
77 | end |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
78 | return func, nil; |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
79 | end |
826308c07627
mod_saslauth updated for digest-md5
Waqas Hussain <waqas20@gmail.com>
parents:
120
diff
changeset
|
80 | |
705
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
81 | local function sasl_handler(session, stanza) |
295
bb078eb1f1de
mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
293
diff
changeset
|
82 | if stanza.name == "auth" then |
bb078eb1f1de
mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
293
diff
changeset
|
83 | -- FIXME ignoring duplicates because ejabberd does |
1186
078eb3b109e9
mod_saslauth: Fix logic error which prevented SASL ANONYMOUS from working
Matthew Wild <mwild1@gmail.com>
parents:
1073
diff
changeset
|
84 | if config.get(session.host or "*", "core", "anonymous_login") then |
078eb3b109e9
mod_saslauth: Fix logic error which prevented SASL ANONYMOUS from working
Matthew Wild <mwild1@gmail.com>
parents:
1073
diff
changeset
|
85 | if stanza.attr.mechanism ~= "ANONYMOUS" then |
078eb3b109e9
mod_saslauth: Fix logic error which prevented SASL ANONYMOUS from working
Matthew Wild <mwild1@gmail.com>
parents:
1073
diff
changeset
|
86 | return session.send(build_reply("failure", "invalid-mechanism")); |
078eb3b109e9
mod_saslauth: Fix logic error which prevented SASL ANONYMOUS from working
Matthew Wild <mwild1@gmail.com>
parents:
1073
diff
changeset
|
87 | end |
938
663f75dd7b42
Fixed: Some nil access bugs
Waqas Hussain <waqas20@gmail.com>
parents:
935
diff
changeset
|
88 | elseif stanza.attr.mechanism == "ANONYMOUS" then |
935
efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents:
934
diff
changeset
|
89 | return session.send(build_reply("failure", "mechanism-too-weak")); |
efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents:
934
diff
changeset
|
90 | end |
295
bb078eb1f1de
mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
293
diff
changeset
|
91 | session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); |
935
efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents:
934
diff
changeset
|
92 | if not session.sasl_handler then |
efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents:
934
diff
changeset
|
93 | return session.send(build_reply("failure", "invalid-mechanism")); |
efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents:
934
diff
changeset
|
94 | end |
295
bb078eb1f1de
mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
293
diff
changeset
|
95 | elseif not session.sasl_handler then |
bb078eb1f1de
mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
293
diff
changeset
|
96 | return; -- FIXME ignoring out of order stanzas because ejabberd does |
bb078eb1f1de
mod_saslauth: Code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
293
diff
changeset
|
97 | end |
284
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
98 | local text = stanza[1]; |
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
99 | if text then |
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
100 | text = base64.decode(text); |
1072
c7967004b5d0
mod_saslauth: Various logging fixes
Matthew Wild <mwild1@gmail.com>
parents:
1071
diff
changeset
|
101 | log("debug", "%s", text); |
284
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
102 | if not text then |
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
103 | session.sasl_handler = nil; |
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
104 | session.send(build_reply("failure", "incorrect-encoding")); |
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
105 | return; |
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
106 | end |
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
107 | end |
292
33175ad2f682
Started using realm in password hashing, and added support for error message replies from sasl
Waqas Hussain <waqas20@gmail.com>
parents:
291
diff
changeset
|
108 | local status, ret, err_msg = session.sasl_handler:feed(text); |
284
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
109 | handle_status(session, status); |
292
33175ad2f682
Started using realm in password hashing, and added support for error message replies from sasl
Waqas Hussain <waqas20@gmail.com>
parents:
291
diff
changeset
|
110 | local s = build_reply(status, ret, err_msg); |
1072
c7967004b5d0
mod_saslauth: Various logging fixes
Matthew Wild <mwild1@gmail.com>
parents:
1071
diff
changeset
|
111 | log("debug", "sasl reply: %s", tostring(s)); |
288
dc53343af9ac
Set username in a SASL object.
Tobias Markmann <tm@ayena.de>
parents:
286
diff
changeset
|
112 | session.send(s); |
284
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
113 | end |
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
114 | |
438
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
357
diff
changeset
|
115 | module:add_handler("c2s_unauthed", "auth", xmlns_sasl, sasl_handler); |
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
357
diff
changeset
|
116 | module:add_handler("c2s_unauthed", "abort", xmlns_sasl, sasl_handler); |
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
357
diff
changeset
|
117 | module:add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler); |
284
4f540755260c
mod_saslauth: Added base64 decoding, encoding check, and cleaned the code up.
Waqas Hussain <waqas20@gmail.com>
parents:
281
diff
changeset
|
118 | |
357
17bcecb06420
Use a stanza for c2s stream features instead of an array of strings. Removes a FIXME.
Matthew Wild <mwild1@gmail.com>
parents:
313
diff
changeset
|
119 | local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
17bcecb06420
Use a stanza for c2s stream features instead of an array of strings. Removes a FIXME.
Matthew Wild <mwild1@gmail.com>
parents:
313
diff
changeset
|
120 | local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
17bcecb06420
Use a stanza for c2s stream features instead of an array of strings. Removes a FIXME.
Matthew Wild <mwild1@gmail.com>
parents:
313
diff
changeset
|
121 | local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
438
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
357
diff
changeset
|
122 | module:add_event_hook("stream-features", |
705
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
123 | function (session, features) |
1217
844ef764ef0e
mod_saslauth: Don't offer bind/session when they aren't authenticated yet :) [thanks albert, again...]
Matthew Wild <mwild1@gmail.com>
parents:
1216
diff
changeset
|
124 | if not session.username then |
844ef764ef0e
mod_saslauth: Don't offer bind/session when they aren't authenticated yet :) [thanks albert, again...]
Matthew Wild <mwild1@gmail.com>
parents:
1216
diff
changeset
|
125 | if secure_auth_only and not session.secure then |
844ef764ef0e
mod_saslauth: Don't offer bind/session when they aren't authenticated yet :) [thanks albert, again...]
Matthew Wild <mwild1@gmail.com>
parents:
1216
diff
changeset
|
126 | return; |
844ef764ef0e
mod_saslauth: Don't offer bind/session when they aren't authenticated yet :) [thanks albert, again...]
Matthew Wild <mwild1@gmail.com>
parents:
1216
diff
changeset
|
127 | end |
705
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
128 | features:tag("mechanisms", mechanisms_attr); |
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
129 | -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
934
0bda9b5b6a06
Fixed: mod_saslauth: Changed anonymous host option from "sasl_anonymous" to "anonymous_login"
Waqas Hussain <waqas20@gmail.com>
parents:
894
diff
changeset
|
130 | if config.get(session.host or "*", "core", "anonymous_login") then |
887
eef21d7bbe04
mod_saslauth: Disable SASL ANONYMOUS unless explicitly enabled with sasl_anonymous = true
Matthew Wild <mwild1@gmail.com>
parents:
799
diff
changeset
|
131 | features:tag("mechanism"):text("ANONYMOUS"):up(); |
935
efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents:
934
diff
changeset
|
132 | else |
efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents:
934
diff
changeset
|
133 | features:tag("mechanism"):text("DIGEST-MD5"):up(); |
efe3eaaeff34
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Waqas Hussain <waqas20@gmail.com>
parents:
934
diff
changeset
|
134 | features:tag("mechanism"):text("PLAIN"):up(); |
887
eef21d7bbe04
mod_saslauth: Disable SASL ANONYMOUS unless explicitly enabled with sasl_anonymous = true
Matthew Wild <mwild1@gmail.com>
parents:
799
diff
changeset
|
135 | end |
705
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
136 | features:up(); |
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
137 | else |
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
138 | features:tag("bind", bind_attr):tag("required"):up():up(); |
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
139 | features:tag("session", xmpp_session_attr):up(); |
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
140 | end |
11afa1d88c55
mod_saslauth, mod_tls: minor code cleanup
Waqas Hussain <waqas20@gmail.com>
parents:
615
diff
changeset
|
141 | end); |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
142 | |
438
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
357
diff
changeset
|
143 | module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
144 | function (session, stanza) |
1072
c7967004b5d0
mod_saslauth: Various logging fixes
Matthew Wild <mwild1@gmail.com>
parents:
1071
diff
changeset
|
145 | log("debug", "Client requesting a resource bind"); |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
146 | local resource; |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
147 | if stanza.attr.type == "set" then |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
148 | local bind = stanza.tags[1]; |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
149 | if bind and bind.attr.xmlns == xmlns_bind then |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
150 | resource = bind:child_with_name("resource"); |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
151 | if resource then |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
152 | resource = resource[1]; |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
153 | end |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
154 | end |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
155 | end |
304
7b28fa8bbfe5
Code cleanup for resource binding
Waqas Hussain <waqas20@gmail.com>
parents:
297
diff
changeset
|
156 | local success, err_type, err, err_msg = sm_bind_resource(session, resource); |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
157 | if not success then |
304
7b28fa8bbfe5
Code cleanup for resource binding
Waqas Hussain <waqas20@gmail.com>
parents:
297
diff
changeset
|
158 | session.send(st.error_reply(stanza, err_type, err, err_msg)); |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
159 | else |
304
7b28fa8bbfe5
Code cleanup for resource binding
Waqas Hussain <waqas20@gmail.com>
parents:
297
diff
changeset
|
160 | session.send(st.reply(stanza) |
7b28fa8bbfe5
Code cleanup for resource binding
Waqas Hussain <waqas20@gmail.com>
parents:
297
diff
changeset
|
161 | :tag("bind", { xmlns = xmlns_bind}) |
7b28fa8bbfe5
Code cleanup for resource binding
Waqas Hussain <waqas20@gmail.com>
parents:
297
diff
changeset
|
162 | :tag("jid"):text(session.full_jid)); |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
163 | end |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
164 | end); |
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
165 | |
438
193f9dd64f17
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
Matthew Wild <mwild1@gmail.com>
parents:
357
diff
changeset
|
166 | module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
167 | function (session, stanza) |
1072
c7967004b5d0
mod_saslauth: Various logging fixes
Matthew Wild <mwild1@gmail.com>
parents:
1071
diff
changeset
|
168 | log("debug", "Client requesting a session"); |
313
a273f3a7b8f8
Fixed mod_saslauth to use session.send for sending stanzas
Waqas Hussain <waqas20@gmail.com>
parents:
304
diff
changeset
|
169 | session.send(st.reply(stanza)); |
46
d6b3f9dbb624
Resource binding, XMPP sessions (whatever they're for...)
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
170 | end); |