module:log("info", "SASL EXTERNAL with %s failed", session.to_host)
-- TODO: Log the failure reason
session.external_auth = "failed"
+ session:close();
+ return true;
end, 500)
-module:hook_stanza(xmlns_sasl, "failure", function (session, stanza)
- -- TODO: Dialback wasn't loaded. Do something useful.
-end, 90)
-
module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
if session.type ~= "s2sout_unauthed" or not session.secure then return; end
return s2s_external_auth(session, stanza)
end
- if session.type ~= "c2s_unauthed" then return; end
+ if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end
if session.sasl_handler and session.sasl_handler.selected then
session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one
if origin.encrypted then
-- check wether LuaSec has the nifty binding to the function needed for tls-unique
-- FIXME: would be nice to have this check only once and not for every socket
- if origin.conn:socket().getpeerfinished then
+ if origin.conn:socket().getpeerfinished and origin.sasl_handler.add_cb_handler then
origin.sasl_handler:add_cb_handler("tls-unique", function(self)
return self.userdata:getpeerfinished();
end);
local resource;
if stanza.attr.type == "set" then
local bind = stanza.tags[1];
- resource = bind:child_with_name("resource");
+ resource = bind:get_child("resource");
resource = resource and #resource.tags == 0 and resource[1] or nil;
end
local success, err_type, err, err_msg = sm_bind_resource(origin, resource);