Mercurial > lxmppd-hg-xmllex / file comparison
comparison: plugins/mod_saslauth.lua
plugins/mod_saslauth.lua
- changeset 3385
- 192ffdaef491
- parent 3363
- a4bb658d3fcb
- child 3386
- 526b86cfbb17
equal
deleted
inserted
replaced
| 3384:b7600dd7cd42 | 3385:192ffdaef491 |
|---|---|
| 26 local md5 = require "util.hashes".md5; | 26 local md5 = require "util.hashes".md5; |
| 27 local config = require "core.configmanager"; | 27 local config = require "core.configmanager"; |
| 28 | 28 |
| 29 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 29 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 30 local sasl_backend = module:get_option("sasl_backend") or "builtin"; | 30 local sasl_backend = module:get_option("sasl_backend") or "builtin"; |
| 31 local anonymous_login = module:get_option("anonymous_login"); | |
| 31 | 32 |
| 32 -- Cyrus config options | 33 -- Cyrus config options |
| 33 local require_provisioning = module:get_option("cyrus_require_provisioning") or false; | 34 local require_provisioning = module:get_option("cyrus_require_provisioning") or false; |
| 34 local cyrus_service_realm = module:get_option("cyrus_service_realm"); | 35 local cyrus_service_realm = module:get_option("cyrus_service_realm"); |
| 35 local cyrus_service_name = module:get_option("cyrus_service_name"); | 36 local cyrus_service_name = module:get_option("cyrus_service_name"); |
| 116 end | 117 end |
| 117 | 118 |
| 118 local function sasl_handler(session, stanza) | 119 local function sasl_handler(session, stanza) |
| 119 if stanza.name == "auth" then | 120 if stanza.name == "auth" then |
| 120 -- FIXME ignoring duplicates because ejabberd does | 121 -- FIXME ignoring duplicates because ejabberd does |
| 121 if config.get(session.host or "*", "core", "anonymous_login") then | 122 if anonymous_login then |
| 122 if stanza.attr.mechanism ~= "ANONYMOUS" then | 123 if stanza.attr.mechanism ~= "ANONYMOUS" then |
| 123 return session.send(build_reply("failure", "invalid-mechanism")); | 124 return session.send(build_reply("failure", "invalid-mechanism")); |
| 124 end | 125 end |
| 125 elseif stanza.attr.mechanism == "ANONYMOUS" then | 126 elseif stanza.attr.mechanism == "ANONYMOUS" then |
| 126 return session.send(build_reply("failure", "mechanism-too-weak")); | 127 return session.send(build_reply("failure", "mechanism-too-weak")); |
| 164 if not origin.username then | 165 if not origin.username then |
| 165 if secure_auth_only and not origin.secure then | 166 if secure_auth_only and not origin.secure then |
| 166 return; | 167 return; |
| 167 end | 168 end |
| 168 local realm = module:get_option("sasl_realm") or origin.host; | 169 local realm = module:get_option("sasl_realm") or origin.host; |
| 169 if module:get_option("anonymous_login") then | 170 if anonymous_login then |
| 170 origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); | 171 origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); |
| 171 else | 172 else |
| 172 origin.sasl_handler = usermanager_get_sasl_handler(module.host); | 173 origin.sasl_handler = usermanager_get_sasl_handler(module.host); |
| 173 if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then | 174 if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then |
| 174 origin.sasl_handler:forbidden({"PLAIN"}); | 175 origin.sasl_handler:forbidden({"PLAIN"}); |
