X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_legacyauth.lua;h=8bff51fef7be460b2dd21a69e2e17ead81b47d71;hb=3f9a02bee5e142846bf7da49dd2c6a1be72c86d5;hp=ed698bf2450de3263c4d77f05b0133a8d7e23f74;hpb=ae91e14892b0243551c07b773b77d5fac5f81543;p=prosody.git diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index ed698bf2..8bff51fe 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -1,16 +1,45 @@ +-- Prosody IM v0.4 +-- Copyright (C) 2008-2009 Matthew Wild +-- Copyright (C) 2008-2009 Waqas Hussain +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + + local st = require "util.stanza"; -local send = require "core.sessionmanager".send_to_session; local t_concat = table.concat; -add_iq_handler("c2s_unauthed", "jabber:iq:auth", +local config = require "core.configmanager"; +local secure_auth_only = config.get(module:get_host(), "core", "require_encryption"); + +local sessionmanager = require "core.sessionmanager"; +local usermanager = require "core.usermanager"; + +module:add_feature("jabber:iq:auth"); +module:add_event_hook("stream-features", function (session, features) + if secure_auth_only and not session.secure then + -- Sorry, not offering to insecure streams! + return; + elseif not session.username then + features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); + end +end); + +module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", function (session, stanza) + if secure_auth_only and not session.secure then + session.send(st.error_reply(stanza, "modify", "not-acceptable", "Encryption (SSL or TLS) is required to connect to this server")); + return true; + end + local username = stanza.tags[1]:child_with_name("username"); local password = stanza.tags[1]:child_with_name("password"); local resource = stanza.tags[1]:child_with_name("resource"); if not (username and password and resource) then local reply = st.reply(stanza); - send(session, reply:query("jabber:iq:auth") + session.send(reply:query("jabber:iq:auth") :tag("username"):up() :tag("password"):up() :tag("resource"):up()); @@ -23,35 +52,23 @@ add_iq_handler("c2s_unauthed", "jabber:iq:auth", -- Authentication successful! local success, err = sessionmanager.make_authenticated(session, username); if success then - success, err = sessionmanager.bind_resource(session, resource); - --FIXME: Reply with error + local err_type, err_msg; + success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource); if not success then - local reply = st.reply(stanza); - reply.attr.type = "error"; - if err == "conflict" then - reply:tag("error", { code = "409", type = "cancel" }) - :tag("conflict", { xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas" }); - elseif err == "constraint" then - reply:tag("error", { code = "409", type = "cancel" }) - :tag("already-bound", { xmlns = "x-lxmppd:extensions:legacyauth" }); - elseif err == "auth" then - reply:tag("error", { code = "401", type = "auth" }) - :tag("not-authorized", { xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas" }); - end - send(session, reply); + session.send(st.error_reply(stanza, err_type, err, err_msg)); return true; end end - send(session, st.reply(stanza)); + session.send(st.reply(stanza)); return true; else local reply = st.reply(stanza); reply.attr.type = "error"; reply:tag("error", { code = "401", type = "auth" }) :tag("not-authorized", { xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas" }); - send(session, reply); + session.send(reply); return true; end end - end); \ No newline at end of file + end);