verse: comparison plugins/sasl.lua

-:8cd05c3d0f1f
+:58cd27b74ba5
-local base64 = require "mime".b64;
+-- local verse = require"verse";
+local base64, unbase64 = require "mime".b64, require"mime".unb64;
 local xmlns_sasl = "urn:ietf:params:xml:ns:xmpp-sasl";
 function verse.plugins.sasl(stream)
 	local function handle_features(features_stanza)
 		if stream.authenticated then return; end
 		stream:debug("Authenticating with SASL...");
-		--stream.sasl_state, initial_data = sasl_new({"PLAIN"}, stream.username, stream.password, stream.jid);
+		local sasl_mechanisms = features_stanza:get_child("mechanisms", xmlns_sasl);
-		local mechanism , initial_data
+		if not sasl_mechanisms then return end
-		if stream.username then
-			mechanism = "PLAIN"
+		local mechanisms = {};
-			initial_data = base64("\0"..stream.username.."\0"..stream.password);
+		local preference = {};
-		else
-			mechanism = "ANONYMOUS"
+		for mech in sasl_mechanisms:childtags("mechanism") do
+			mech = mech:get_text();
+			stream:debug("Server offers %s", mech);
+			if not mechanisms[mech] then
+				local name = mech:match("[^-]+");
+				local ok, impl = pcall(require, "util.sasl."..name:lower());
+				if ok then
+					stream:debug("Loaded SASL %s module", name);
+					impl(stream, mechanisms, preference);
+				elseif not tostring(impl):match("not found") then
+					stream:debug("Loading failed: %s", tostring(impl));
+				end
+			end
 		end
-		stream:debug("Selecting %s mechanism...",mechanism);
+		local supported = {}; -- by the server
+		for mech in pairs(mechanisms) do
+			table.insert(supported, mech);
+		end
+		if not supported[1] then
+			stream:event("authentication-failure", { condition = "no-supported-sasl-mechanisms" });
+			stream:close();
+			return;
+		end
+		table.sort(supported, function (a, b) return preference[a] > preference[b]; end);
+		local mechanism, initial_data = supported[1];
+		stream:debug("Selecting %s mechanism...", mechanism);
+		stream.sasl_mechanism = coroutine.wrap(mechanisms[mechanism]);
+		initial_data = stream:sasl_mechanism(mechanism);
 		local auth_stanza = verse.stanza("auth", { xmlns = xmlns_sasl, mechanism = mechanism });
 		if initial_data then
-			auth_stanza:text(initial_data);
+			auth_stanza:text(base64(initial_data));
 		end
 		stream:send(auth_stanza);
 		return true;
 	end
 	local function handle_sasl(sasl_stanza)
-		if sasl_stanza.name == "success" then
+		if sasl_stanza.name == "failure" then
-			stream.authenticated = true;
-			stream:event("authentication-success");
-		elseif sasl_stanza.name == "failure" then
 			local err = sasl_stanza.tags[1];
 			local text = sasl_stanza:get_child_text("text");
 			stream:event("authentication-failure", { condition = err.name, text = text });
+			stream:close();
+			return false;
 		end
-		stream:reopen();
+		local ok, err = stream.sasl_mechanism(sasl_stanza.name, unbase64(sasl_stanza:get_text()));
+		if not ok then
+			stream:event("authentication-failure", { condition = err });
+			stream:close();
+			return false;
+		elseif ok == true then
+			stream:event("authentication-success");
+			stream.authenticated = true
+			stream:reopen();
+		else
+			stream:send(verse.stanza("response", { xmlns = xmlns_sasl }):text(base64(ok)));
+		end
 		return true;
 	end
 	stream:hook("stream-features", handle_features, 300);
 	stream:hook("stream/"..xmlns_sasl, handle_sasl);

Mercurial > verse / file comparison

comparison: plugins/sasl.lua

plugins/sasl.lua