Mercurial Mercurial > prosody > prosody / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/mod_saslauth.lua
changeset 6493 8ad74f48b2aa
parent 6492 1f07c72112d2
child 6494 f71643256d50
equal deleted inserted replaced
6492:1f07c72112d2 6493:8ad74f48b2aa 
    16 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
 
    16 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
 
    17 local tostring = tostring;
 
    17 local tostring = tostring;
 
    18 
    18 
    19 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false));
 
    19 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false));
 
    20 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
 
    20 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
 
       
    21 local insecure_mechanisms = module:get_option_set("allow_unencrypted_sasl", allow_unencrypted_plain_auth and {} or {"PLAIN"});
 
    21 
    22 
    22 local log = module._log;
 
    23 local log = module._log;
 
    23 
    24 
    24 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
 
    25 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
 
    25 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind';
 
    26 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind';
 
   181 	end
 
   182 	end
 
   182 	if not session.sasl_handler then
 
   183 	if not session.sasl_handler then
 
   183 		session.sasl_handler = usermanager_get_sasl_handler(module.host, session);
 
   184 		session.sasl_handler = usermanager_get_sasl_handler(module.host, session);
 
   184 	end
 
   185 	end
 
   185 	local mechanism = stanza.attr.mechanism;
 
   186 	local mechanism = stanza.attr.mechanism;
 
   186 	if not session.secure and (secure_auth_only or (mechanism == "PLAIN" and not allow_unencrypted_plain_auth)) then
 
   187 	if not session.secure and (secure_auth_only or insecure_mechanisms:contains(mechanism)) then
 
   187 		session.send(build_reply("failure", "encryption-required"));
 
   188 		session.send(build_reply("failure", "encryption-required"));
 
   188 		return true;
 
   189 		return true;
 
   189 	end
 
   190 	end
 
   190 	local valid_mechanism = session.sasl_handler:select(mechanism);
 
   191 	local valid_mechanism = session.sasl_handler:select(mechanism);
 
   191 	if not valid_mechanism then
 
   192 	if not valid_mechanism then
 
   229 				origin.sasl_handler["userdata"] = origin.conn:socket();
 
   230 				origin.sasl_handler["userdata"] = origin.conn:socket();
 
   230 			end
 
   231 			end
 
   231 		end
 
   232 		end
 
   232 		local mechanisms = st.stanza("mechanisms", mechanisms_attr);
 
   233 		local mechanisms = st.stanza("mechanisms", mechanisms_attr);
 
   233 		for mechanism in pairs(origin.sasl_handler:mechanisms()) do
 
   234 		for mechanism in pairs(origin.sasl_handler:mechanisms()) do
 
   234 			if mechanism ~= "PLAIN" or origin.secure or allow_unencrypted_plain_auth then
 
   235 			if (origin.secure or not insecure_mechanisms:contains(mechanism)) then
 
   235 				mechanisms:tag("mechanism"):text(mechanism):up();
 
   236 				mechanisms:tag("mechanism"):text(mechanism):up();
 
   236 			end
 
   237 			end
 
   237 		end
 
   238 		end
 
   238 		if mechanisms[1] then
 
   239 		if mechanisms[1] then
 
   239 			features:add_child(mechanisms);
 
   240 			features:add_child(mechanisms);
prosody