# HG changeset patch # User Waqas Hussain # Date 1282564496 -18000 # Node ID d50e2c937717d899926a85ea48192efc99e3e7cb # Parent c9f4c3aa14a1d6a49c59fae5d9aa8c31c4acfb5e mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth. diff -r c9f4c3aa14a1 -r d50e2c937717 plugins/mod_auth_cyrus.lua --- a/plugins/mod_auth_cyrus.lua Mon Aug 23 16:42:27 2010 +0500 +++ b/plugins/mod_auth_cyrus.lua Mon Aug 23 16:54:56 2010 +0500 @@ -8,9 +8,12 @@ local log = require "util.logger".init("auth_cyrus"); +local usermanager_user_exists = require "core.usermanager".user_exists; + local cyrus_service_realm = module:get_option("cyrus_service_realm"); local cyrus_service_name = module:get_option("cyrus_service_name"); local cyrus_application_name = module:get_option("cyrus_application_name"); +local require_provisioning = module:get_option("cyrus_require_provisioning") or false; prosody.unlock_globals(); --FIXME: Figure out why this is needed and -- why cyrussasl isn't caught by the sandbox @@ -41,6 +44,9 @@ end function provider.user_exists(username) + if require_provisioning then + return usermanager_user_exists(username, module.host); + end return true; end @@ -50,7 +56,13 @@ function provider.get_sasl_handler() local realm = module:get_option("sasl_realm") or module.host; - return new_sasl(realm); + local handler = new_sasl(realm); + if require_provisioning then + function handler.require_provisioning(username) + return usermanager_user_exists(username, module.host); + end + end + return handler; end return provider; diff -r c9f4c3aa14a1 -r d50e2c937717 plugins/mod_saslauth.lua --- a/plugins/mod_saslauth.lua Mon Aug 23 16:42:27 2010 +0500 +++ b/plugins/mod_saslauth.lua Mon Aug 23 16:54:56 2010 +0500 @@ -15,7 +15,6 @@ local nodeprep = require "util.encodings".stringprep.nodeprep; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; -local usermanager_user_exists = require "core.usermanager".user_exists; local t_concat, t_insert = table.concat, table.insert; local tostring = tostring; @@ -23,9 +22,6 @@ local anonymous_login = module:get_option("anonymous_login"); local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth") --- Cyrus config options -local require_provisioning = module:get_option("cyrus_require_provisioning") or false; - local log = module._log; local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; @@ -63,20 +59,14 @@ elseif status == "success" then local username = nodeprep(session.sasl_handler.username); - if not(require_provisioning) or usermanager_user_exists(username, session.host) then - local ok, err = sm_make_authenticated(session, session.sasl_handler.username); - if ok then - session.sasl_handler = nil; - session:reset_stream(); - else - module:log("warn", "SASL succeeded but username was invalid"); - session.sasl_handler = session.sasl_handler:clean_clone(); - return "failure", "not-authorized", "User authenticated successfully, but username was invalid"; - end + local ok, err = sm_make_authenticated(session, session.sasl_handler.username); + if ok then + session.sasl_handler = nil; + session:reset_stream(); else - module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username); + module:log("warn", "SASL succeeded but username was invalid"); session.sasl_handler = session.sasl_handler:clean_clone(); - return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP"; + return "failure", "not-authorized", "User authenticated successfully, but username was invalid"; end end return status, ret, err_msg; diff -r c9f4c3aa14a1 -r d50e2c937717 util/sasl_cyrus.lua --- a/util/sasl_cyrus.lua Mon Aug 23 16:42:27 2010 +0500 +++ b/util/sasl_cyrus.lua Mon Aug 23 16:54:56 2010 +0500 @@ -143,6 +143,9 @@ self.username = cyrussasl.get_username(self.cyrus) if (err == 0) then -- SASL_OK + if self.require_provisioning and not self.require_provisioning(self.username) then + return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP"; + end return "success", data elseif (err == 1) then -- SASL_CONTINUE return "challenge", data