mod_saslauth: Fire event at start of authentication attempt
As extension point for rate limiting and similar checks, so they can
hook a single event instead of <{sasl1}auth> or stream features, which
might not be fired in case of SASL2 or e.g. HTTP based login.
--- a/plugins/mod_saslauth.lua Fri Dec 01 22:00:18 2023 +0100
+++ b/plugins/mod_saslauth.lua Fri Dec 01 23:43:18 2023 +0100
@@ -215,6 +215,12 @@
if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end
+ -- event for preemptive checks, rate limiting etc
+ module:fire_event("authentication-attempt", event);
+ if event.allowed == false then
+ session.send(build_reply("failure", event.error_condition or "not-authorized", event.error_text));
+ return true;
+ end
if session.sasl_handler and session.sasl_handler.selected then
session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one
end