projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge 0.6->0.7
[prosody.git] / plugins / mod_saslauth.lua
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index c16a14dad70c62491938cd8e29cb55adf4e3fd06..d407e5da8588ff5bc8787e05fb5232c34326b03e 100644 (file)
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -15,11 +15,10 @@ local base64 = require "util.encodings".base64;
 
 local nodeprep = require "util.encodings".stringprep.nodeprep;
 local datamanager_load = require "util.datamanager".load;
-local usermanager_get_provider = require "core.usermanager".get_provider;
+local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods;
 local usermanager_user_exists = require "core.usermanager".user_exists;
 local usermanager_get_password = require "core.usermanager".get_password;
-local usermanager_test_password = require "core.usermanager".test_password;
 local t_concat, t_insert = table.concat, table.insert;
 local tostring = tostring;
 local jid_split = require "util.jid".split;
@@ -67,7 +66,7 @@ else
        error("Unknown SASL backend");
 end
 
-local getpass_authentication_profile = {
+local default_authentication_profile = {
        plain = function(username, realm)
                local prepped_username = nodeprep(username);
                if not prepped_username then
@@ -82,17 +81,6 @@ local getpass_authentication_profile = {
        end
 };
 
-local testpass_authentication_profile = {
-       plain_test =    function(username, password, realm)
-                       local prepped_username = nodeprep(username);
-                       if not prepped_username then
-                               log("debug", "NODEprep failed on username: %s", username);
-                               return "", nil;
-                       end
-                       return usermanager_test_password(prepped_username, password, realm), true;
-                       end
-};
-
 local anonymous_authentication_profile = {
        anonymous = function(username, realm)
                return true; -- for normal usage you should always return true here
@@ -121,17 +109,17 @@ local function handle_status(session, status, ret, err_msg)
                session.sasl_handler = session.sasl_handler:clean_clone();
        elseif status == "success" then
                local username = nodeprep(session.sasl_handler.username);
-               if not username then -- TODO move this to sessionmanager
-                       module:log("warn", "SASL succeeded but we didn't get a username!");
-                       session.sasl_handler = nil;
-                       session:reset_stream();
-                       return status, ret, err_msg;
-               end
 
                if not(require_provisioning) or usermanager_user_exists(username, session.host) then
-                       sm_make_authenticated(session, session.sasl_handler.username);
-                       session.sasl_handler = nil;
-                       session:reset_stream();
+                       local aret, err = sm_make_authenticated(session, session.sasl_handler.username);
+                       if aret then
+                               session.sasl_handler = nil;
+                               session:reset_stream();
+                       else
+                               module:log("warn", "SASL succeeded but username was invalid");
+                               session.sasl_handler = session.sasl_handler:clean_clone();
+                               return "failure", "not-authorized", "User authenticated successfully, but username was invalid";
+                       end
                else
                        module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
                        session.sasl_handler = session.sasl_handler:clean_clone();
@@ -195,13 +183,7 @@ module:hook("stream-features", function(event)
                if module:get_option("anonymous_login") then
                        origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile);
                else
-                       if usermanager_get_provider(realm).get_password then
-                               origin.sasl_handler = new_sasl(realm, getpass_authentication_profile);
-                       elseif usermanager_get_provider(realm).test_password then
-                               origin.sasl_handler = new_sasl(realm, testpass_authentication_profile);
-                       else
-                               log("warn", "AUTH: Could not load an authentication profile for the given provider.");
-                       end
+                       origin.sasl_handler = new_sasl(realm, default_authentication_profile);
                        if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then
                                origin.sasl_handler:forbidden({"PLAIN"});
                        end