26 local md5 = require "util.hashes".md5; |
26 local md5 = require "util.hashes".md5; |
27 local config = require "core.configmanager"; |
27 local config = require "core.configmanager"; |
28 |
28 |
29 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
29 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
30 local sasl_backend = module:get_option("sasl_backend") or "builtin"; |
30 local sasl_backend = module:get_option("sasl_backend") or "builtin"; |
|
31 local anonymous_login = module:get_option("anonymous_login"); |
31 |
32 |
32 -- Cyrus config options |
33 -- Cyrus config options |
33 local require_provisioning = module:get_option("cyrus_require_provisioning") or false; |
34 local require_provisioning = module:get_option("cyrus_require_provisioning") or false; |
34 local cyrus_service_realm = module:get_option("cyrus_service_realm"); |
35 local cyrus_service_realm = module:get_option("cyrus_service_realm"); |
35 local cyrus_service_name = module:get_option("cyrus_service_name"); |
36 local cyrus_service_name = module:get_option("cyrus_service_name"); |
116 end |
117 end |
117 |
118 |
118 local function sasl_handler(session, stanza) |
119 local function sasl_handler(session, stanza) |
119 if stanza.name == "auth" then |
120 if stanza.name == "auth" then |
120 -- FIXME ignoring duplicates because ejabberd does |
121 -- FIXME ignoring duplicates because ejabberd does |
121 if config.get(session.host or "*", "core", "anonymous_login") then |
122 if anonymous_login then |
122 if stanza.attr.mechanism ~= "ANONYMOUS" then |
123 if stanza.attr.mechanism ~= "ANONYMOUS" then |
123 return session.send(build_reply("failure", "invalid-mechanism")); |
124 return session.send(build_reply("failure", "invalid-mechanism")); |
124 end |
125 end |
125 elseif stanza.attr.mechanism == "ANONYMOUS" then |
126 elseif stanza.attr.mechanism == "ANONYMOUS" then |
126 return session.send(build_reply("failure", "mechanism-too-weak")); |
127 return session.send(build_reply("failure", "mechanism-too-weak")); |
164 if not origin.username then |
165 if not origin.username then |
165 if secure_auth_only and not origin.secure then |
166 if secure_auth_only and not origin.secure then |
166 return; |
167 return; |
167 end |
168 end |
168 local realm = module:get_option("sasl_realm") or origin.host; |
169 local realm = module:get_option("sasl_realm") or origin.host; |
169 if module:get_option("anonymous_login") then |
170 if anonymous_login then |
170 origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); |
171 origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); |
171 else |
172 else |
172 origin.sasl_handler = usermanager_get_sasl_handler(module.host); |
173 origin.sasl_handler = usermanager_get_sasl_handler(module.host); |
173 if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then |
174 if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then |
174 origin.sasl_handler:forbidden({"PLAIN"}); |
175 origin.sasl_handler:forbidden({"PLAIN"}); |