projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mod_adhoc: Add support for commands only executable by global administrators
[prosody.git] / util / sasl_cyrus.lua
diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua
index 2e5b96c0e0fca84262de9fc620179c6ac2858158..002118fdc07c86f14b8f0c0686e8c70537e73db0 100644 (file)
--- a/util/sasl_cyrus.lua
+++ b/util/sasl_cyrus.lua
@@ -100,6 +100,12 @@ function new(realm, service_name, app_name)
        end
 
        cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff)
+       local mechanisms = {};
+       local cyrus_mechs = cyrussasl.listmech(sasl_i.cyrus, nil, "", " ", "");
+       for w in s_gmatch(cyrus_mechs, "[^ ]+") do
+               mechanisms[w] = true;
+       end
+       sasl_i.mechs = mechanisms;
        return setmetatable(sasl_i, method);
 end
 
@@ -110,22 +116,15 @@ end
 
 -- get a list of possible SASL mechanims to use
 function method:mechanisms()
-       local mechanisms = self.mechs;
-       if not mechanisms then
-               mechanisms = {}
-               local cyrus_mechs = cyrussasl.listmech(self.cyrus, nil, "", " ", "")
-               for w in s_gmatch(cyrus_mechs, "[^ ]+") do
-                       mechanisms[w] = true;
-               end
-               self.mechs = mechanisms
-       end
-       return mechanisms;
+       return self.mechs;
 end
 
 -- select a mechanism to use
 function method:select(mechanism)
-       self.mechanism = mechanism;
-       return self:mechanisms()[mechanism];
+       if not self.selected and self.mechs[mechanism] then
+               self.selected = mechanism;
+               return true;
+       end
 end
 
 -- feed new messages to process into the library
@@ -134,7 +133,7 @@ function method:process(message)
        local data;
 
        if not self.first_step_done then
-               err, data = cyrussasl.server_start(self.cyrus, self.mechanism, message or "")
+               err, data = cyrussasl.server_start(self.cyrus, self.selected, message or "")
                self.first_step_done = true;
        else
                err, data = cyrussasl.server_step(self.cyrus, message or "")
@@ -143,17 +142,20 @@ function method:process(message)
        self.username = cyrussasl.get_username(self.cyrus)
 
        if (err == 0) then -- SASL_OK
-          return "success", data
+               if self.require_provisioning and not self.require_provisioning(self.username) then
+                       return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
+               end
+               return "success", data
        elseif (err == 1) then -- SASL_CONTINUE
-          return "challenge", data
+               return "challenge", data
        elseif (err == -4) then -- SASL_NOMECH
-          log("debug", "SASL mechanism not available from remote end")
-          return "failure", "invalid-mechanism", "SASL mechanism not available"
+               log("debug", "SASL mechanism not available from remote end")
+               return "failure", "invalid-mechanism", "SASL mechanism not available"
        elseif (err == -13) then -- SASL_BADAUTH
-          return "failure", "not-authorized", sasl_errstring[err];
+               return "failure", "not-authorized", sasl_errstring[err];
        else
-          log("debug", "Got SASL error condition %d: %s", err, sasl_errstring[err]);
-          return "failure", "undefined-condition", sasl_errstring[err];
+               log("debug", "Got SASL error condition %d: %s", err, sasl_errstring[err]);
+               return "failure", "undefined-condition", sasl_errstring[err];
        end
 end