89 log("debug", "sasl reply: %s", tostring(s)); |
89 log("debug", "sasl reply: %s", tostring(s)); |
90 session.send(s); |
90 session.send(s); |
91 return true; |
91 return true; |
92 end |
92 end |
93 |
93 |
94 local function sasl_handler(event) |
94 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function(event) |
95 local session, stanza = event.origin, event.stanza; |
95 local session, stanza = event.origin, event.stanza; |
96 if session.type ~= "c2s_unauthed" then return; end |
96 if session.type ~= "c2s_unauthed" then return; end |
97 |
97 |
98 if stanza.name == "auth" then |
98 -- FIXME ignoring duplicates because ejabberd does |
99 -- FIXME ignoring duplicates because ejabberd does |
99 local mechanism = stanza.attr.mechanism; |
100 local mechanism = stanza.attr.mechanism; |
100 if anonymous_login then |
101 if anonymous_login then |
101 if mechanism ~= "ANONYMOUS" then |
102 if mechanism ~= "ANONYMOUS" then |
|
103 session.send(build_reply("failure", "invalid-mechanism")); |
|
104 return true; |
|
105 end |
|
106 elseif mechanism == "ANONYMOUS" then |
|
107 session.send(build_reply("failure", "mechanism-too-weak")); |
|
108 return true; |
|
109 end |
|
110 if not session.secure and (secure_auth_only or (mechanism == "PLAIN" and not allow_unencrypted_plain_auth)) then |
|
111 session.send(build_reply("failure", "encryption-required")); |
|
112 return true; |
|
113 end |
|
114 local valid_mechanism = session.sasl_handler:select(mechanism); |
|
115 if not valid_mechanism then |
|
116 session.send(build_reply("failure", "invalid-mechanism")); |
102 session.send(build_reply("failure", "invalid-mechanism")); |
117 return true; |
103 return true; |
118 end |
104 end |
119 elseif not session.sasl_handler then |
105 elseif mechanism == "ANONYMOUS" then |
120 return true; -- FIXME ignoring out of order stanzas because ejabberd does |
106 session.send(build_reply("failure", "mechanism-too-weak")); |
|
107 return true; |
|
108 end |
|
109 if not session.secure and (secure_auth_only or (mechanism == "PLAIN" and not allow_unencrypted_plain_auth)) then |
|
110 session.send(build_reply("failure", "encryption-required")); |
|
111 return true; |
|
112 end |
|
113 local valid_mechanism = session.sasl_handler:select(mechanism); |
|
114 if not valid_mechanism then |
|
115 session.send(build_reply("failure", "invalid-mechanism")); |
|
116 return true; |
121 end |
117 end |
122 return sasl_process_cdata(session, stanza); |
118 return sasl_process_cdata(session, stanza); |
123 end |
119 end); |
124 |
120 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:response", function(event) |
125 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", sasl_handler); |
121 local session = event.origin; |
126 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:response", sasl_handler); |
122 if not(session.sasl_handler and session.sasl_handler.selected) then |
|
123 session.send(build_reply("failure", "not-authorized", "Out of order SASL element")); |
|
124 return true; |
|
125 end |
|
126 return sasl_process_cdata(session, event.stanza); |
|
127 end); |
127 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:abort", function(event) |
128 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:abort", function(event) |
128 local session = event.origin; |
129 local session = event.origin; |
129 session.sasl_handler = nil; |
130 session.sasl_handler = nil; |
130 session.send(build_reply("failure", "aborted")); |
131 session.send(build_reply("failure", "aborted")); |
131 return true; |
132 return true; |