X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_saslauth.lua;h=24c82a1c99a0ba9ac732eba04c054a65868a68ed;hb=2f6c4ec5d09d841ec41c57c1c7c84d8a73a09ccb;hp=dc6f3645e3ed74d1da15e44d6bec26f110079554;hpb=a38112234c1da8c0af38f5798e7ce2f39be93598;p=prosody.git
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index dc6f3645..24c82a1c 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -1,19 +1,21 @@
local st = require "util.stanza";
local send = require "core.sessionmanager".send_to_session;
+local sm_bind_resource = require "core.sessionmanager".bind_resource;
local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
-local t_concat = table.concat;
+local t_concat, t_insert = table.concat, table.insert;
local tostring = tostring;
local log = require "util.logger".init("mod_saslauth");
local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
+local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind';
+local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas';
-local new_connhandler = require "net.connhandlers".new;
local new_sasl = require "util.sasl".new;
-add_handler("c2s_unauthed", "auth",
+add_handler("c2s_unauthed", "auth", xmlns_sasl,
function (session, stanza)
if not session.sasl_handler then
session.sasl_handler = new_sasl(stanza.attr.mechanism,
@@ -30,10 +32,10 @@ add_handler("c2s_unauthed", "auth",
local success, err = sessionmanager.make_authenticated(session, username);
if not success then
sessionmanager.destroy_session(session);
+ return;
end
session.sasl_handler = nil;
- session.connhandler = new_connhandler("xmpp-client", session);
- session.notopen = true;
+ session:reset_stream();
end,
function (reason)
-- onFail
@@ -50,4 +52,60 @@ add_handler("c2s_unauthed", "auth",
error("Client tried to negotiate SASL again", 0);
end
- end);
\ No newline at end of file
+ end);
+
+add_event_hook("stream-features",
+ function (session, features)
+ if not session.username then
+ t_insert(features, "");
+ t_insert(features, "PLAIN");
+ t_insert(features, "");
+ else
+ t_insert(features, "");
+ t_insert(features, "");
+ end
+ --send [[ ]]
+ end);
+
+add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind",
+ function (session, stanza)
+ log("debug", "Client tried to bind to a resource");
+ local resource;
+ if stanza.attr.type == "set" then
+ local bind = stanza.tags[1];
+
+ if bind and bind.attr.xmlns == xmlns_bind then
+ resource = bind:child_with_name("resource");
+ if resource then
+ resource = resource[1];
+ end
+ end
+ end
+ local success, err = sm_bind_resource(session, resource);
+ if not success then
+ local reply = st.reply(stanza);
+ reply.attr.type = "error";
+ if err == "conflict" then
+ reply:tag("error", { type = "modify" })
+ :tag("conflict", { xmlns = xmlns_stanzas });
+ elseif err == "constraint" then
+ reply:tag("error", { type = "cancel" })
+ :tag("resource-constraint", { xmlns = xmlns_stanzas });
+ elseif err == "auth" then
+ reply:tag("error", { type = "cancel" })
+ :tag("not-allowed", { xmlns = xmlns_stanzas });
+ end
+ send(session, reply);
+ else
+ local reply = st.reply(stanza);
+ reply:tag("bind", { xmlns = xmlns_bind})
+ :tag("jid"):text(session.full_jid);
+ send(session, reply);
+ end
+ end);
+
+add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session",
+ function (session, stanza)
+ log("debug", "Client tried to bind to a resource");
+ send(session, st.reply(stanza));
+ end);