X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_auth_anonymous.lua;h=a327f43816d12e356bd8e16df52ad4bde3daa931;hb=99b003b1917a8ab0b561f7fb98d28d1fad8f8dc8;hp=8d790508d4d880f19a4442d41438bed8dd046fce;hpb=1dec61cd083533414808feffce00728739b9f5d5;p=prosody.git

diff --git a/plugins/mod_auth_anonymous.lua b/plugins/mod_auth_anonymous.lua
index 8d790508..a327f438 100644
--- a/plugins/mod_auth_anonymous.lua
+++ b/plugins/mod_auth_anonymous.lua
@@ -6,62 +6,65 @@
 -- COPYING file in the source package for more information.
 --
 
-local log = require "util.logger".init("auth_anonymous");
 local new_sasl = require "util.sasl".new;
 local datamanager = require "util.datamanager";
 
-function new_default_provider(host)
-	local provider = { name = "anonymous" };
+-- define auth provider
+local provider = {};
 
-	function provider.test_password(username, password)
-		return nil, "Password based auth not supported.";
-	end
+function provider.test_password(username, password)
+	return nil, "Password based auth not supported.";
+end
 
-	function provider.get_password(username)
-		return nil, "Password not available.";
-	end
+function provider.get_password(username)
+	return nil, "Password not available.";
+end
 
-	function provider.set_password(username, password)
-		return nil, "Password based auth not supported.";
-	end
+function provider.set_password(username, password)
+	return nil, "Password based auth not supported.";
+end
 
-	function provider.user_exists(username)
-		return nil, "Only anonymous users are supported."; -- FIXME check if anonymous user is connected?
-	end
+function provider.user_exists(username)
+	return nil, "Only anonymous users are supported."; -- FIXME check if anonymous user is connected?
+end
 
-	function provider.create_user(username, password)
-		return nil, "Account creation/modification not supported.";
-	end
+function provider.create_user(username, password)
+	return nil, "Account creation/modification not supported.";
+end
 
-	function provider.get_sasl_handler()
-		local anonymous_authentication_profile = {
-			anonymous = function(sasl, username, realm)
-				return true; -- for normal usage you should always return true here
-			end
-		};
-		return new_sasl(module.host, anonymous_authentication_profile);
-	end
+function provider.get_sasl_handler()
+	local anonymous_authentication_profile = {
+		anonymous = function(sasl, username, realm)
+			return true; -- for normal usage you should always return true here
+		end
+	};
+	return new_sasl(module.host, anonymous_authentication_profile);
+end
 
-	return provider;
+function provider.users()
+	return next, hosts[host].sessions, nil;
 end
 
+-- datamanager callback to disable writes
 local function dm_callback(username, host, datastore, data)
 	if host == module.host then
 		return false;
 	end
 	return username, host, datastore, data;
 end
-local host = hosts[module.host];
-local _saved_disallow_s2s = host.disallow_s2s;
+
+if not module:get_option_boolean("allow_anonymous_s2s", false) then
+	module:hook("route/remote", function (event)
+		return false; -- Block outgoing s2s from anonymous users
+	end, 300);
+end
+
 function module.load()
-	_saved_disallow_s2s = host.disallow_s2s;
-	host.disallow_s2s = module:get_option("disallow_s2s") ~= false;
 	datamanager.add_callback(dm_callback);
 end
 function module.unload()
-	host.disallow_s2s = _saved_disallow_s2s;
 	datamanager.remove_callback(dm_callback);
 end
 
-module:add_item("auth-provider", new_default_provider(module.host));
+module:provides("auth", provider);