1 |
1 |
2 local st = require "util.stanza"; |
2 local st = require "util.stanza"; |
3 local send = require "core.sessionmanager".send_to_session; |
3 local send = require "core.sessionmanager".send_to_session; |
|
4 local sm_bind_resource = require "core.sessionmanager".bind_resource; |
4 |
5 |
5 local usermanager_validate_credentials = require "core.usermanager".validate_credentials; |
6 local usermanager_validate_credentials = require "core.usermanager".validate_credentials; |
6 local t_concat = table.concat; |
7 local t_concat, t_insert = table.concat, table.insert; |
7 local tostring = tostring; |
8 local tostring = tostring; |
8 |
9 |
9 local log = require "util.logger".init("mod_saslauth"); |
10 local log = require "util.logger".init("mod_saslauth"); |
10 |
11 |
11 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; |
12 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; |
|
13 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; |
|
14 local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas'; |
12 |
15 |
13 local new_connhandler = require "net.connhandlers".new; |
16 local new_connhandler = require "net.connhandlers".new; |
14 local new_sasl = require "util.sasl".new; |
17 local new_sasl = require "util.sasl".new; |
15 |
18 |
16 add_handler("c2s_unauthed", "auth", |
19 add_handler("c2s_unauthed", "auth", |
49 else |
52 else |
50 error("Client tried to negotiate SASL again", 0); |
53 error("Client tried to negotiate SASL again", 0); |
51 end |
54 end |
52 |
55 |
53 end); |
56 end); |
|
57 |
|
58 add_event_hook("stream-features", |
|
59 function (session, features) |
|
60 if not session.username then |
|
61 t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"); |
|
62 t_insert(features, "<mechanism>PLAIN</mechanism>"); |
|
63 t_insert(features, "</mechanisms>"); |
|
64 else |
|
65 t_insert(features, "<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><required/></bind>"); |
|
66 t_insert(features, "<session xmlns='urn:ietf:params:xml:ns:xmpp-session'/>"); |
|
67 end |
|
68 --send [[<register xmlns="http://jabber.org/features/iq-register"/> ]] |
|
69 end); |
|
70 |
|
71 add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", |
|
72 function (session, stanza) |
|
73 log("debug", "Client tried to bind to a resource"); |
|
74 local resource; |
|
75 if stanza.attr.type == "set" then |
|
76 local bind = stanza.tags[1]; |
|
77 |
|
78 if bind and bind.attr.xmlns == xmlns_bind then |
|
79 resource = bind:child_with_name("resource"); |
|
80 if resource then |
|
81 resource = resource[1]; |
|
82 end |
|
83 end |
|
84 end |
|
85 local success, err = sm_bind_resource(session, resource); |
|
86 if not success then |
|
87 local reply = st.reply(stanza); |
|
88 reply.attr.type = "error"; |
|
89 if err == "conflict" then |
|
90 reply:tag("error", { type = "modify" }) |
|
91 :tag("conflict", { xmlns = xmlns_stanzas }); |
|
92 elseif err == "constraint" then |
|
93 reply:tag("error", { type = "cancel" }) |
|
94 :tag("resource-constraint", { xmlns = xmlns_stanzas }); |
|
95 elseif err == "auth" then |
|
96 reply:tag("error", { type = "cancel" }) |
|
97 :tag("not-allowed", { xmlns = xmlns_stanzas }); |
|
98 end |
|
99 send(session, reply); |
|
100 else |
|
101 local reply = st.reply(stanza); |
|
102 reply:tag("bind", { xmlns = xmlns_bind}) |
|
103 :tag("jid"):text(session.full_jid); |
|
104 send(session, reply); |
|
105 end |
|
106 end); |
|
107 |
|
108 add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", |
|
109 function (session, stanza) |
|
110 log("debug", "Client tried to bind to a resource"); |
|
111 send(session, st.reply(stanza)); |
|
112 end); |