14 local base64 = require "util.encodings".base64; |
14 local base64 = require "util.encodings".base64; |
15 |
15 |
16 local datamanager_load = require "util.datamanager".load; |
16 local datamanager_load = require "util.datamanager".load; |
17 local usermanager_validate_credentials = require "core.usermanager".validate_credentials; |
17 local usermanager_validate_credentials = require "core.usermanager".validate_credentials; |
18 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; |
18 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; |
|
19 local usermanager_user_exists = require "core.usermanager".user_exists; |
|
20 local usermanager_get_password = require "core.usermanager".get_password; |
19 local t_concat, t_insert = table.concat, table.insert; |
21 local t_concat, t_insert = table.concat, table.insert; |
20 local tostring = tostring; |
22 local tostring = tostring; |
21 local jid_split = require "util.jid".split |
23 local jid_split = require "util.jid".split |
22 local md5 = require "util.hashes".md5; |
24 local md5 = require "util.hashes".md5; |
23 local config = require "core.configmanager"; |
25 local config = require "core.configmanager"; |
63 session.sasl_handler = nil; |
65 session.sasl_handler = nil; |
64 session:reset_stream(); |
66 session:reset_stream(); |
65 end |
67 end |
66 end |
68 end |
67 |
69 |
68 local function password_callback(node, hostname, realm, mechanism, decoder) |
70 local function credentials_callback(mechanism, ...) |
69 local password = (datamanager_load(node, hostname, "accounts") or {}).password; -- FIXME handle hashed passwords |
71 if mechanism == "PLAIN" then |
70 local func = function(x) return x; end; |
72 local username, hostname, password = arg[1], arg[2], arg[3]; |
71 if password then |
73 local response = usermanager_validate_credentials(hostname, username, password, mechanism) |
72 if mechanism == "PLAIN" then |
74 if response == nil then return false |
73 return func, password; |
75 else return response end |
74 elseif mechanism == "DIGEST-MD5" then |
76 elseif mechanism == "DIGEST-MD5" then |
75 if decoder then node, realm, password = decoder(node), decoder(realm), decoder(password); end |
77 function func(x) return x; end |
76 return func, md5(node..":"..realm..":"..password); |
78 local node, domain, realm, decoder = arg[1], arg[2], arg[3], arg[4]; |
77 end |
79 local password = usermanager_get_password(node, domain) |
78 end |
80 if decoder then node, realm, password = decoder(node), decoder(realm), decoder(password); end |
79 return func, nil; |
81 return func, md5(node..":"..realm..":"..password); |
|
82 end |
80 end |
83 end |
81 |
84 |
82 local function sasl_handler(session, stanza) |
85 local function sasl_handler(session, stanza) |
83 if stanza.name == "auth" then |
86 if stanza.name == "auth" then |
84 -- FIXME ignoring duplicates because ejabberd does |
87 -- FIXME ignoring duplicates because ejabberd does |
87 return session.send(build_reply("failure", "invalid-mechanism")); |
90 return session.send(build_reply("failure", "invalid-mechanism")); |
88 end |
91 end |
89 elseif stanza.attr.mechanism == "ANONYMOUS" then |
92 elseif stanza.attr.mechanism == "ANONYMOUS" then |
90 return session.send(build_reply("failure", "mechanism-too-weak")); |
93 return session.send(build_reply("failure", "mechanism-too-weak")); |
91 end |
94 end |
92 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); |
95 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, credentials_callback); |
93 if not session.sasl_handler then |
96 if not session.sasl_handler then |
94 return session.send(build_reply("failure", "invalid-mechanism")); |
97 return session.send(build_reply("failure", "invalid-mechanism")); |
95 end |
98 end |
96 elseif not session.sasl_handler then |
99 elseif not session.sasl_handler then |
97 return; -- FIXME ignoring out of order stanzas because ejabberd does |
100 return; -- FIXME ignoring out of order stanzas because ejabberd does |