projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge 0.10->trunk
[prosody.git] / plugins / mod_legacyauth.lua
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index 95f361104383fcedf28059663096c9b807082488..5edc26bb2567604348e42d33b00854f4f24db921 100644 (file)
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -1,7 +1,7 @@
 -- Prosody IM
 -- Copyright (C) 2008-2010 Matthew Wild
 -- Copyright (C) 2008-2010 Waqas Hussain
--- 
+--
 -- This project is MIT/X11 licensed. Please see the
 -- COPYING file in the source package for more information.
 --
@@ -11,7 +11,9 @@
 local st = require "util.stanza";
 local t_concat = table.concat;
 
-local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
+local secure_auth_only = module:get_option("c2s_require_encryption",
+       module:get_option("require_encryption"))
+       or not(module:get_option("allow_unencrypted_plain_auth"));
 
 local sessionmanager = require "core.sessionmanager";
 local usermanager = require "core.usermanager";
@@ -32,14 +34,20 @@ end);
 module:hook("stanza/iq/jabber:iq:auth:query", function(event)
        local session, stanza = event.origin, event.stanza;
 
+       if session.type ~= "c2s_unauthed" then
+               (session.sends2s or session.send)(st.error_reply(stanza, "cancel", "service-unavailable", "Legacy authentication is only allowed for unauthenticated client connections."));
+               return true;
+       end
+
        if secure_auth_only and not session.secure then
                session.send(st.error_reply(stanza, "modify", "not-acceptable", "Encryption (SSL or TLS) is required to connect to this server"));
                return true;
        end
-       
-       local username = stanza.tags[1]:child_with_name("username");
-       local password = stanza.tags[1]:child_with_name("password");
-       local resource = stanza.tags[1]:child_with_name("resource");
+
+       local query = stanza.tags[1];
+       local username = query:get_child("username");
+       local password = query:get_child("password");
+       local resource = query:get_child("resource");
        if not (username and password and resource) then
                local reply = st.reply(stanza);
                session.send(reply:query("jabber:iq:auth")
@@ -50,7 +58,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event)
                username, password, resource = t_concat(username), t_concat(password), t_concat(resource);
                username = nodeprep(username);
                resource = resourceprep(resource)
-               local reply = st.reply(stanza);
+               if not (username and resource) then
+                       session.send(st.error_reply(stanza, "modify", "bad-request"));
+                       return true;
+               end
                if usermanager.test_password(username, session.host, password) then
                        -- Authentication successful!
                        local success, err = sessionmanager.make_authenticated(session, username);