| author | Matthew Wild <mwild1@gmail.com> |
| Mon, 29 Aug 2022 16:35:19 +0100 | |
| changeset 5029 | fd154db7c8fc |
| parent 5027 | 90772a9c92a0 |
| child 5032 | 1f2d2bfd29dd |
| permissions | -rw-r--r-- |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
-- Prosody IM |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
-- Copyright (C) 2019 Kim Alvefur |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
-- |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
-- This project is MIT/X11 licensed. Please see the |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
-- COPYING file in the source package for more information. |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
-- |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
-- XEP-0388: Extensible SASL Profile |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
-- |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
local st = require "util.stanza"; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
local errors = require "util.error"; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
local base64 = require "util.encodings".base64; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
local jid_join = require "util.jid".join; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
local sm_make_authenticated = require "core.sessionmanager".make_authenticated; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
local xmlns_sasl2 = "urn:xmpp:sasl:1"; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
local host = module.host; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
module:hook("stream-features", function(event) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
local origin, features = event.origin, event.features; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
local log = origin.log or module._log; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
if origin.type ~= "c2s_unauthed" then |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
log("debug", "Already authenticated"); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
return |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
local sasl_handler = usermanager_get_sasl_handler(host, origin) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
origin.sasl_handler = sasl_handler; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
|
|
4800
9c7635911c56
mod_sasl2: Silence [luacheck] warning
Kim Alvefur <zash@zash.se>
parents:
4796
diff
changeset
|
38 |
if sasl_handler.add_cb_handler then -- luacheck: ignore 542 |
|
4796
9d57aa79c5d9
mod_sasl2: Remove channel binding
Kim Alvefur <zash@zash.se>
parents:
3909
diff
changeset
|
39 |
-- FIXME bring back channel binding |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
local mechanisms = st.stanza("mechanisms", { xmlns = xmlns_sasl2 }); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
local available_mechanisms = sasl_handler:mechanisms() |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
for mechanism in pairs(available_mechanisms) do |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
if disabled_mechanisms:contains(mechanism) then |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
log("debug", "Not offering disabled mechanism %s", mechanism); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
elseif not origin.secure and insecure_mechanisms:contains(mechanism) then |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
log("debug", "Not offering mechanism %s on insecure connection", mechanism); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
else |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
log("debug", "Offering mechanism %s", mechanism); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
mechanisms:text_tag("mechanism", mechanism); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 |
features:add_direct_child(mechanisms); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
end, 1); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
local function handle_status(session, status, ret, err_msg) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
local err = nil; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 |
if status == "error" then |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
ret, err = nil, ret; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
if not errors.is_err(err) then |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 |
err = errors.new({ condition = err, text = err_msg }, { session = session }); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 |
|
|
5022
ed2a9a4c4f01
mod_sasl2: Return status from event handlers
Matthew Wild <mwild1@gmail.com>
parents:
4800
diff
changeset
|
68 |
return module:fire_event("sasl2/"..session.base_type.."/"..status, { |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
session = session, |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 |
message = ret; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
error = err; |
|
5029
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
72 |
error_text = err_msg; |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
}); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 |
module:hook("sasl2/c2s/failure", function (event) |
|
5029
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
77 |
local session, condition, text = event.session, event.message, event.error_text; |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
78 |
local failure = st.stanza("failure", { xmlns = xmlns_sasl2 }) |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
79 |
:tag(condition):up(); |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
80 |
if text then |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
81 |
failure:text_tag("text", text); |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
82 |
end |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
83 |
session.send(failure); |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
84 |
return true; |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
85 |
end); |
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
86 |
|
|
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
87 |
module:hook("sasl2/c2s/error", function (event) |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 |
local session = event.session |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 |
session.send(st.stanza("failure", { xmlns = xmlns_sasl2 }) |
|
5029
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
90 |
:tag(event.error and event.error.condition)); |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 |
return true; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 |
end); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
module:hook("sasl2/c2s/challenge", function (event) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 |
local session = event.session; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 |
session.send(st.stanza("challenge", { xmlns = xmlns_sasl2 }) |
|
5023
c83ce822f105
mod_sasl2: Fix <challenge> generation
Matthew Wild <mwild1@gmail.com>
parents:
5022
diff
changeset
|
97 |
:text(base64.encode(event.message))); |
|
5024
6a36dae4a88d
mod_sasl2: Return true to indicate challenge was handled successfully
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
98 |
return true; |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 |
end); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |
module:hook("sasl2/c2s/success", function (event) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 |
local session = event.session |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 |
local ok, err = sm_make_authenticated(session, session.sasl_handler.username); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 |
if not ok then |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 |
handle_status(session, "failure", err); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 |
return true; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 |
event.success = st.stanza("success", { xmlns = xmlns_sasl2 }); |
|
5027
90772a9c92a0
mod_sasl2: Include additional-data in SASL success response
Matthew Wild <mwild1@gmail.com>
parents:
5025
diff
changeset
|
109 |
if event.message then |
|
90772a9c92a0
mod_sasl2: Include additional-data in SASL success response
Matthew Wild <mwild1@gmail.com>
parents:
5025
diff
changeset
|
110 |
event.success:text_tag("additional-data", base64.encode(event.message)); |
|
90772a9c92a0
mod_sasl2: Include additional-data in SASL success response
Matthew Wild <mwild1@gmail.com>
parents:
5025
diff
changeset
|
111 |
end |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 |
end, 1000); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 |
module:hook("sasl2/c2s/success", function (event) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 |
local session = event.session |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 |
event.success:text_tag("authorization-identifier", jid_join(session.username, session.host, session.resource)); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 |
session.send(event.success); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 |
local features = st.stanza("stream:features"); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 |
module:fire_event("stream-features", { origin = session, features = features }); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 |
session.send(features); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 |
end, -1000); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
122 |
|
|
5025
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5024
diff
changeset
|
123 |
-- The gap here is to allow modules to do stuff to the stream after the stanza |
|
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5024
diff
changeset
|
124 |
-- is sent, but before we proceed with anything else. This is expected to be |
|
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5024
diff
changeset
|
125 |
-- a common pattern with SASL2, which allows atomic negotiation of a bunch of |
|
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5024
diff
changeset
|
126 |
-- stream features. |
|
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5024
diff
changeset
|
127 |
module:hook("sasl2/c2s/success", function (event) --luacheck: ignore 212/event |
|
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5024
diff
changeset
|
128 |
return true; |
|
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5024
diff
changeset
|
129 |
end, -2000); |
|
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5024
diff
changeset
|
130 |
|
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
131 |
local function process_cdata(session, cdata) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
132 |
if cdata then |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 |
cdata = base64.decode(cdata); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 |
if not cdata then |
|
5029
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
135 |
return handle_status(session, "failure", "incorrect-encoding"); |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 |
return handle_status(session, session.sasl_handler:process(cdata)); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 |
module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 |
local sasl_handler = session.sasl_handler; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 |
if not sasl_handler then |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 |
sasl_handler = usermanager_get_sasl_handler(host, session); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 |
session.sasl_handler = sasl_handler; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 |
local mechanism = assert(auth.attr.mechanism); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 |
if not sasl_handler:select(mechanism) then |
|
5029
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
149 |
return handle_status(session, "failure", "invalid-mechanism"); |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 |
local initial = auth:get_child_text("initial-response"); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
152 |
return process_cdata(session, initial); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
153 |
end); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
154 |
|
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
155 |
module:hook_tag(xmlns_sasl2, "response", function (session, response) |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
156 |
local sasl_handler = session.sasl_handler; |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 |
if not sasl_handler or not sasl_handler.selected then |
|
5029
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
158 |
return handle_status(session, "failure", "invalid-mechanism"); |
|
3909
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 |
end |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 |
return process_cdata(session, response:get_text()); |
|
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 |
end); |