projects / prosody.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a25509f)
mod_saslauth updated for digest-md5
authorWaqas Hussain <waqas20@gmail.com>
Sat, 15 Nov 2008 07:21:04 +0000 (12:21 +0500)
committerWaqas Hussain <waqas20@gmail.com>
Sat, 15 Nov 2008 07:21:04 +0000 (12:21 +0500)
plugins/mod_saslauth.lua patch | blob | history

diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 24c82a1c99a0ba9ac732eba04c054a65868a68ed..d8e27c4f1a0f57041109ebac864e302ce6494c90 100644 (file)
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -2,6 +2,7 @@
 local st = require "util.stanza";
 local send = require "core.sessionmanager".send_to_session;
 local sm_bind_resource = require "core.sessionmanager".bind_resource;
 local st = require "util.stanza";
 local send = require "core.sessionmanager".send_to_session;
 local sm_bind_resource = require "core.sessionmanager".bind_resource;
+local jid
 
 local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
 local t_concat, t_insert = table.concat, table.insert;
 
 local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
 local t_concat, t_insert = table.concat, table.insert;
@@ -15,10 +16,51 @@ local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas';
 
 local new_sasl = require "util.sasl".new;
 
 
 local new_sasl = require "util.sasl".new;
 
+local function build_reply(status, ret)
+       local reply = st.stanza(status, {xmlns = xmlns_sasl});
+       if status == "challenge" then
+               reply:text(ret or "");
+       elseif status == "failure" then
+               reply:tag(ret):up();
+       elseif status == "success" then
+               reply:text(ret or "");
+       else
+               error("Unknown sasl status: "..status);
+       end
+       return reply;
+end
+
+local function handle_status(session, status)
+       if status == "failure" then
+               session.sasl_handler = nil;
+       elseif status == "success" then
+               session.sasl_handler = nil;
+               session:reset_stream();
+       end
+end
+
+local function password_callback(jid, mechanism)
+       local node, host = jid_split(jid);
+       local password = (datamanager.load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords
+       local func = function(x) return x; end;
+       if password then
+               if mechanism == "PLAIN" then
+                       return func, password;
+               elseif mechanism == "DIGEST-MD5" then
+                       return func, require "hashes".md5(node.."::"..password);
+               end
+       end
+       return func, nil;
+end
+
 add_handler("c2s_unauthed", "auth", xmlns_sasl,
                function (session, stanza)
                        if not session.sasl_handler then
 add_handler("c2s_unauthed", "auth", xmlns_sasl,
                function (session, stanza)
                        if not session.sasl_handler then
-                               session.sasl_handler = new_sasl(stanza.attr.mechanism, 
+                               session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback);
+                               local status, ret = session.sasl_handler:feed(stanza[1]);
+                               handle_status(session, status);
+                               session.send(build_reply(status, ret));
+                               --[[session.sasl_handler = new_sasl(stanza.attr.mechanism, 
                                        function (username, password)
                                                -- onAuth
                                                require "core.usermanager"
                                        function (username, password)
                                                -- onAuth
                                                require "core.usermanager"
@@ -47,12 +89,27 @@ add_handler("c2s_unauthed", "auth", xmlns_sasl,
                                                send(session, stanza);
                                        end
                                );
                                                send(session, stanza);
                                        end
                                );
-                               session.sasl_handler:feed(stanza);      
+                               session.sasl_handler:feed(stanza);      ]]
                        else
                                error("Client tried to negotiate SASL again", 0);
                        end
                        else
                                error("Client tried to negotiate SASL again", 0);
                        end
-                       
                end);
                end);
+
+add_handler("c2s_unauthed", "abort", xmlns_sasl,
+       function(session, stanza)
+               if not session.sasl_handler then error("Attempt to abort when sasl has not started"); end
+               local status, ret = session.sasl_handler:feed(stanza[1]);
+               handle_status(session, status);
+               session.send(build_reply(status, ret));
+       end);
+
+add_handler("c2s_unauthed", "response", xmlns_sasl,
+       function(session, stanza)
+               if not session.sasl_handler then error("Attempt to respond when sasl has not started"); end
+               local status, ret = session.sasl_handler:feed(stanza[1]);
+               handle_status(session, status);
+               session.send(build_reply(status, ret));
+       end);
                
 add_event_hook("stream-features", 
                                        function (session, features)                                                                                            
                
 add_event_hook("stream-features", 
                                        function (session, features)