# HG changeset patch # User Matthew Wild # Date 1276306758 -3600 # Node ID 9782a222e941c475dce6c715ba10949a82087614 # Parent 651139e831b1356dca831a5f8f5843923d2326cf# Parent 5ea90ee96022b9c106e7e79b4a1d8b2ee99d45dc Merge 0.7->trunk diff -r 651139e831b1 -r 9782a222e941 core/sessionmanager.lua --- a/core/sessionmanager.lua Fri Jun 11 20:45:00 2010 +0500 +++ b/core/sessionmanager.lua Sat Jun 12 02:39:18 2010 +0100 @@ -25,6 +25,7 @@ local config_get = require "core.configmanager".get; local nameprep = require "util.encodings".stringprep.nameprep; local resourceprep = require "util.encodings".stringprep.resourceprep; +local nodeprep = require "util.encodings".stringprep.nodeprep; local initialize_filters = require "util.filters".initialize; local fire_event = require "core.eventmanager".fire_event; @@ -122,6 +123,8 @@ end function make_authenticated(session, username) + username = nodeprep(username); + if not username or #username == 0 then return nil, "Invalid username"; end session.username = username; if session.type == "c2s_unauthed" then session.type = "c2s"; diff -r 651139e831b1 -r 9782a222e941 net/server_event.lua --- a/net/server_event.lua Fri Jun 11 20:45:00 2010 +0500 +++ b/net/server_event.lua Sat Jun 12 02:39:18 2010 +0100 @@ -20,8 +20,8 @@ local cfg = { MAX_CONNECTIONS = 100000, -- max per server connections (use "ulimit -n" on *nix) - MAX_HANDSHAKE_ATTEMPS = 1000, -- attempts to finish ssl handshake - HANDSHAKE_TIMEOUT = 60, -- timout in seconds per handshake attempt + MAX_HANDSHAKE_ATTEMPTS= 1000, -- attempts to finish ssl handshake + HANDSHAKE_TIMEOUT = 60, -- timeout in seconds per handshake attempt MAX_READ_LENGTH = 1024 * 1024 * 1024 * 1024, -- max bytes allowed to read from sockets MAX_SEND_LENGTH = 1024 * 1024 * 1024 * 1024, -- max bytes size of write buffer (for writing on sockets) ACCEPT_DELAY = 10, -- seconds to wait until the next attempt of a full server to accept @@ -136,7 +136,7 @@ function interface_mt:_start_connection(plainssl) -- should be called from addclient local callback = function( event ) - if EV_TIMEOUT == event then -- timout during connection + if EV_TIMEOUT == event then -- timeout during connection self.fatalerror = "connection timeout" self:ontimeout() -- call timeout listener self:_close() @@ -196,12 +196,12 @@ function( event ) local _, err local attempt = 0 - local maxattempt = cfg.MAX_HANDSHAKE_ATTEMPS + local maxattempt = cfg.MAX_HANDSHAKE_ATTEMPTS while attempt < maxattempt do -- no endless loop attempt = attempt + 1 - debug( "ssl handshake of client with id:"..tostring(self).."attemp:"..attempt ) + debug( "ssl handshake of client with id:"..tostring(self)..", attempt:"..attempt ) if attempt > maxattempt then - self.fatalerror = "max handshake attemps exceeded" + self.fatalerror = "max handshake attempts exceeded" elseif EV_TIMEOUT == event then self.fatalerror = "timeout during handshake" else @@ -570,7 +570,7 @@ return -1; end interface.eventwritetimeout = addevent( base, nil, EV_TIMEOUT, callback, cfg.WRITE_TIMEOUT ) -- reg a new timeout event - debug( "wantread during write attemp, reg it in readcallback but dont know what really happens next..." ) + debug( "wantread during write attempt, reg it in readcallback but dont know what really happens next..." ) -- hopefully this works with luasec; its simply not possible to use 2 different write events on a socket in luaevent return -1 end @@ -631,7 +631,7 @@ interface:_close() end, cfg.READ_TIMEOUT ) - debug( "wantwrite during read attemp, reg it in writecallback but dont know what really happens next..." ) + debug( "wantwrite during read attempt, reg it in writecallback but dont know what really happens next..." ) -- to be honest i dont know what happens next, if it is allowed to first read, the write etc... else -- connection was closed or fatal error interface.fatalerror = err @@ -693,7 +693,7 @@ if interface._connections >= cfg.MAX_CONNECTIONS then client:close( ) -- refuse connection debug( "maximal connections reached, refuse client connection; accept delay:", delay ) - return EV_TIMEOUT, delay -- delay for next accept attemp + return EV_TIMEOUT, delay -- delay for next accept attempt end local client_ip, client_port = client:getpeername( ) interface._connections = interface._connections + 1 -- increase connection count diff -r 651139e831b1 -r 9782a222e941 plugins/mod_saslauth.lua --- a/plugins/mod_saslauth.lua Fri Jun 11 20:45:00 2010 +0500 +++ b/plugins/mod_saslauth.lua Sat Jun 12 02:39:18 2010 +0100 @@ -95,17 +95,17 @@ session.sasl_handler = session.sasl_handler:clean_clone(); elseif status == "success" then local username = nodeprep(session.sasl_handler.username); - if not username then -- TODO move this to sessionmanager - module:log("warn", "SASL succeeded but we didn't get a username!"); - session.sasl_handler = nil; - session:reset_stream(); - return status, ret, err_msg; - end if not(require_provisioning) or usermanager_user_exists(username, session.host) then - sm_make_authenticated(session, session.sasl_handler.username); - session.sasl_handler = nil; - session:reset_stream(); + local aret, err = sm_make_authenticated(session, session.sasl_handler.username); + if aret then + session.sasl_handler = nil; + session:reset_stream(); + else + module:log("warn", "SASL succeeded but username was invalid"); + session.sasl_handler = session.sasl_handler:clean_clone(); + return "failure", "not-authorized", "User authenticated successfully, but username was invalid"; + end else module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username); session.sasl_handler = session.sasl_handler:clean_clone();