Mercurial > prosody-modules
annotate mod_sasl2/mod_sasl2.lua @ 5029:56b9f0b1409f
mod_sasl2_bind: Support for Bind 2.0 with SASL2
This is based on an experimental in-progress derivative of the current
XEP-0386.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 02 Sep 2022 16:22:11 +0100 |
parents | 1f2d2bfd29dd |
children | 88980b2dd986 |
rev | line source |
---|---|
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Prosody IM |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- Copyright (C) 2019 Kim Alvefur |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- This project is MIT/X11 licensed. Please see the |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- COPYING file in the source package for more information. |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- XEP-0388: Extensible SASL Profile |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 -- |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local st = require "util.stanza"; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local errors = require "util.error"; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local base64 = require "util.encodings".base64; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local jid_join = require "util.jid".join; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local xmlns_sasl2 = "urn:xmpp:sasl:1"; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 local host = module.host; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 module:hook("stream-features", function(event) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 local origin, features = event.origin, event.features; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 local log = origin.log or module._log; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 if origin.type ~= "c2s_unauthed" then |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 log("debug", "Already authenticated"); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 return |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 local sasl_handler = usermanager_get_sasl_handler(host, origin) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 origin.sasl_handler = sasl_handler; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
4796
9c7635911c56
mod_sasl2: Silence [luacheck] warning
Kim Alvefur <zash@zash.se>
parents:
4792
diff
changeset
|
38 if sasl_handler.add_cb_handler then -- luacheck: ignore 542 |
4792
9d57aa79c5d9
mod_sasl2: Remove channel binding
Kim Alvefur <zash@zash.se>
parents:
3905
diff
changeset
|
39 -- FIXME bring back channel binding |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 local mechanisms = st.stanza("mechanisms", { xmlns = xmlns_sasl2 }); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 local available_mechanisms = sasl_handler:mechanisms() |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 for mechanism in pairs(available_mechanisms) do |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 if disabled_mechanisms:contains(mechanism) then |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 log("debug", "Not offering disabled mechanism %s", mechanism); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 elseif not origin.secure and insecure_mechanisms:contains(mechanism) then |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 log("debug", "Not offering mechanism %s on insecure connection", mechanism); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 else |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 log("debug", "Offering mechanism %s", mechanism); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 mechanisms:text_tag("mechanism", mechanism); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 features:add_direct_child(mechanisms); |
5028
1f2d2bfd29dd
mod_sasl2: Add event for other modules to advertise inline features
Matthew Wild <mwild1@gmail.com>
parents:
5025
diff
changeset
|
57 |
1f2d2bfd29dd
mod_sasl2: Add event for other modules to advertise inline features
Matthew Wild <mwild1@gmail.com>
parents:
5025
diff
changeset
|
58 local inline = st.stanza("inline", { xmlns = xmlns_sasl2 }); |
1f2d2bfd29dd
mod_sasl2: Add event for other modules to advertise inline features
Matthew Wild <mwild1@gmail.com>
parents:
5025
diff
changeset
|
59 module:fire_event("advertise-sasl-features", { session = origin, features = inline }); |
1f2d2bfd29dd
mod_sasl2: Add event for other modules to advertise inline features
Matthew Wild <mwild1@gmail.com>
parents:
5025
diff
changeset
|
60 features:add_direct_child(inline); |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 end, 1); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 local function handle_status(session, status, ret, err_msg) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 local err = nil; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 if status == "error" then |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 ret, err = nil, ret; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 if not errors.is_err(err) then |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 err = errors.new({ condition = err, text = err_msg }, { session = session }); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
5018
ed2a9a4c4f01
mod_sasl2: Return status from event handlers
Matthew Wild <mwild1@gmail.com>
parents:
4796
diff
changeset
|
72 return module:fire_event("sasl2/"..session.base_type.."/"..status, { |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 session = session, |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 message = ret; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 error = err; |
5025
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
76 error_text = err_msg; |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 }); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 module:hook("sasl2/c2s/failure", function (event) |
5025
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
81 local session, condition, text = event.session, event.message, event.error_text; |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
82 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 }) |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
83 :tag(condition):up(); |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
84 if text then |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
85 failure:text_tag("text", text); |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
86 end |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
87 session.send(failure); |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
88 return true; |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
89 end); |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
90 |
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
91 module:hook("sasl2/c2s/error", function (event) |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 local session = event.session |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 session.send(st.stanza("failure", { xmlns = xmlns_sasl2 }) |
5025
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
94 :tag(event.error and event.error.condition)); |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 return true; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 end); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 module:hook("sasl2/c2s/challenge", function (event) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 local session = event.session; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 session.send(st.stanza("challenge", { xmlns = xmlns_sasl2 }) |
5019
c83ce822f105
mod_sasl2: Fix <challenge> generation
Matthew Wild <mwild1@gmail.com>
parents:
5018
diff
changeset
|
101 :text(base64.encode(event.message))); |
5020
6a36dae4a88d
mod_sasl2: Return true to indicate challenge was handled successfully
Matthew Wild <mwild1@gmail.com>
parents:
5019
diff
changeset
|
102 return true; |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 end); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 module:hook("sasl2/c2s/success", function (event) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 local session = event.session |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 local ok, err = sm_make_authenticated(session, session.sasl_handler.username); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 if not ok then |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
109 handle_status(session, "failure", err); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
110 return true; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 event.success = st.stanza("success", { xmlns = xmlns_sasl2 }); |
5023
90772a9c92a0
mod_sasl2: Include additional-data in SASL success response
Matthew Wild <mwild1@gmail.com>
parents:
5021
diff
changeset
|
113 if event.message then |
90772a9c92a0
mod_sasl2: Include additional-data in SASL success response
Matthew Wild <mwild1@gmail.com>
parents:
5021
diff
changeset
|
114 event.success:text_tag("additional-data", base64.encode(event.message)); |
90772a9c92a0
mod_sasl2: Include additional-data in SASL success response
Matthew Wild <mwild1@gmail.com>
parents:
5021
diff
changeset
|
115 end |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 end, 1000); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 module:hook("sasl2/c2s/success", function (event) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 local session = event.session |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 event.success:text_tag("authorization-identifier", jid_join(session.username, session.host, session.resource)); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 session.send(event.success); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
122 local features = st.stanza("stream:features"); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
123 module:fire_event("stream-features", { origin = session, features = features }); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
124 session.send(features); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
125 end, -1000); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
126 |
5021
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5020
diff
changeset
|
127 -- The gap here is to allow modules to do stuff to the stream after the stanza |
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5020
diff
changeset
|
128 -- is sent, but before we proceed with anything else. This is expected to be |
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5020
diff
changeset
|
129 -- a common pattern with SASL2, which allows atomic negotiation of a bunch of |
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5020
diff
changeset
|
130 -- stream features. |
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5020
diff
changeset
|
131 module:hook("sasl2/c2s/success", function (event) --luacheck: ignore 212/event |
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5020
diff
changeset
|
132 return true; |
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5020
diff
changeset
|
133 end, -2000); |
f62b091b1c81
mod_sasl2: Eventually return true from success handler
Matthew Wild <mwild1@gmail.com>
parents:
5020
diff
changeset
|
134 |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 local function process_cdata(session, cdata) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 if cdata then |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 cdata = base64.decode(cdata); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 if not cdata then |
5025
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
139 return handle_status(session, "failure", "incorrect-encoding"); |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 return handle_status(session, session.sasl_handler:process(cdata)); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 local sasl_handler = session.sasl_handler; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 if not sasl_handler then |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 sasl_handler = usermanager_get_sasl_handler(host, session); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
149 session.sasl_handler = sasl_handler; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 local mechanism = assert(auth.attr.mechanism); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
152 if not sasl_handler:select(mechanism) then |
5025
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
153 return handle_status(session, "failure", "invalid-mechanism"); |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
154 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
155 local initial = auth:get_child_text("initial-response"); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
156 return process_cdata(session, initial); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 end); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 module:hook_tag(xmlns_sasl2, "response", function (session, response) |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 local sasl_handler = session.sasl_handler; |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 if not sasl_handler or not sasl_handler.selected then |
5025
fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
Matthew Wild <mwild1@gmail.com>
parents:
5023
diff
changeset
|
162 return handle_status(session, "failure", "invalid-mechanism"); |
3905
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
163 end |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
164 return process_cdata(session, response:get_text()); |
5ae2e865eea0
mod_sasl2: Experimental implementation of XEP-0388
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
165 end); |