70 end |
70 end |
71 |
71 |
72 local function sasl_handler(session, stanza) |
72 local function sasl_handler(session, stanza) |
73 if stanza.name == "auth" then |
73 if stanza.name == "auth" then |
74 -- FIXME ignoring duplicates because ejabberd does |
74 -- FIXME ignoring duplicates because ejabberd does |
|
75 if config.get(session.host or "*", "core", "anonymous_login") and stanza.attr.mechanism ~= "ANONYMOUS" then |
|
76 return session.send(build_reply("failure", "invalid-mechanism")); |
|
77 elseif mechanism == "ANONYMOUS" then |
|
78 return session.send(build_reply("failure", "mechanism-too-weak")); |
|
79 end |
75 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); |
80 session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); |
|
81 if not session.sasl_handler then |
|
82 return session.send(build_reply("failure", "invalid-mechanism")); |
|
83 end |
76 elseif not session.sasl_handler then |
84 elseif not session.sasl_handler then |
77 return; -- FIXME ignoring out of order stanzas because ejabberd does |
85 return; -- FIXME ignoring out of order stanzas because ejabberd does |
78 end |
86 end |
79 local text = stanza[1]; |
87 local text = stanza[1]; |
80 if text then |
88 if text then |
103 module:add_event_hook("stream-features", |
111 module:add_event_hook("stream-features", |
104 function (session, features) |
112 function (session, features) |
105 if not session.username then |
113 if not session.username then |
106 features:tag("mechanisms", mechanisms_attr); |
114 features:tag("mechanisms", mechanisms_attr); |
107 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
115 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
108 features:tag("mechanism"):text("PLAIN"):up(); |
|
109 features:tag("mechanism"):text("DIGEST-MD5"):up(); |
|
110 if config.get(session.host or "*", "core", "anonymous_login") then |
116 if config.get(session.host or "*", "core", "anonymous_login") then |
111 features:tag("mechanism"):text("ANONYMOUS"):up(); |
117 features:tag("mechanism"):text("ANONYMOUS"):up(); |
|
118 else |
|
119 features:tag("mechanism"):text("DIGEST-MD5"):up(); |
|
120 features:tag("mechanism"):text("PLAIN"):up(); |
112 end |
121 end |
113 features:up(); |
122 features:up(); |
114 else |
123 else |
115 features:tag("bind", bind_attr):tag("required"):up():up(); |
124 features:tag("bind", bind_attr):tag("required"):up():up(); |
116 features:tag("session", xmpp_session_attr):up(); |
125 features:tag("session", xmpp_session_attr):up(); |