# HG changeset patch # User Matthew Wild # Date 1661787319 -3600 # Node ID fd154db7c8fcd1b09316146b7db2a014b34b32a5 # Parent 1cb762f72a91c1094285e748055b299e353d56d6 mod_sasl2: Fix handling of various failure/error cases diff -r 1cb762f72a91 -r fd154db7c8fc mod_sasl2/mod_sasl2.lua --- a/mod_sasl2/mod_sasl2.lua Sun Aug 28 17:30:52 2022 +0100 +++ b/mod_sasl2/mod_sasl2.lua Mon Aug 29 16:35:19 2022 +0100 @@ -69,13 +69,25 @@ session = session, message = ret; error = err; + error_text = err_msg; }); end module:hook("sasl2/c2s/failure", function (event) + local session, condition, text = event.session, event.message, event.error_text; + local failure = st.stanza("failure", { xmlns = xmlns_sasl2 }) + :tag(condition):up(); + if text then + failure:text_tag("text", text); + end + session.send(failure); + return true; +end); + +module:hook("sasl2/c2s/error", function (event) local session = event.session session.send(st.stanza("failure", { xmlns = xmlns_sasl2 }) - :tag(event.error.condition)); + :tag(event.error and event.error.condition)); return true; end); @@ -120,7 +132,7 @@ if cdata then cdata = base64.decode(cdata); if not cdata then - return handle_status(session, "failure"); + return handle_status(session, "failure", "incorrect-encoding"); end end return handle_status(session, session.sasl_handler:process(cdata)); @@ -134,7 +146,7 @@ end local mechanism = assert(auth.attr.mechanism); if not sasl_handler:select(mechanism) then - return handle_status(session, "failure"); + return handle_status(session, "failure", "invalid-mechanism"); end local initial = auth:get_child_text("initial-response"); return process_cdata(session, initial); @@ -143,7 +155,7 @@ module:hook_tag(xmlns_sasl2, "response", function (session, response) local sasl_handler = session.sasl_handler; if not sasl_handler or not sasl_handler.selected then - return handle_status(session, "failure"); + return handle_status(session, "failure", "invalid-mechanism"); end return process_cdata(session, response:get_text()); end);