Mercurial > prosody-modules
annotate mod_sasl2_sm/mod_sasl2_sm.lua @ 5787:e79f9dec35c0
mod_c2s_conn_throttle: Reduce log level from error->info
Our general policy is that "error" should never be triggerable by remote
entities, and that it is always about something that requires admin
intervention. This satisfies neither condition.
The "warn" level can be used for unexpected events/behaviour triggered by
remote entities, and this could qualify. However I don't think failed auth
attempts are unexpected enough.
I selected "info" because it is what is also used for other notable session
lifecycle events.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 07 Dec 2023 15:46:50 +0000 |
| parents | 92ce3859df63 |
| children |
| rev | line source |
|---|---|
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 local mod_smacks = module:depends("smacks"); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
|
5039
c0d243b27e64
mod_sasl2, mod_sasl_bind2, mod_sasl2_sm: Bump XEP-0388 namespace
Matthew Wild <mwild1@gmail.com>
parents:
5037
diff
changeset
|
5 local xmlns_sasl2 = "urn:xmpp:sasl:2"; |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local xmlns_sm = "urn:xmpp:sm:3"; |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
|
5094
c92c87daa09e
mod_sasl2_sm: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5060
diff
changeset
|
8 module:depends("sasl2"); |
|
c92c87daa09e
mod_sasl2_sm: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5060
diff
changeset
|
9 |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
10 -- Advertise what we can do |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
11 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
12 module:hook("advertise-sasl-features", function (event) |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local features = event.features; |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
14 features:tag("sm", { xmlns = xmlns_sm }):up(); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
15 end); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
16 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
17 module:hook("advertise-bind-features", function (event) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
18 local features = event.features; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
19 features:tag("feature", { var = xmlns_sm }):up(); |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 module:hook_tag(xmlns_sasl2, "authenticate", function (session, auth) |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 -- Cache action for future processing (after auth success) |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
24 session.sasl2_sm_request = auth:child_with_ns(xmlns_sm); |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 end, 100); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
27 -- SASL 2 integration (for resume) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
28 |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 module:hook("sasl2/c2s/success", function (event) |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local session = event.session; |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
31 local sm_request = session.sasl2_sm_request; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
32 if not sm_request then return; end |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
33 session.sasl2_sm_request = nil; |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 local sm_result; |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
35 if sm_request.name ~= "resume" then return; end |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
36 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
37 local resumed, err = mod_smacks.do_resume(session, sm_request); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
38 if not resumed then |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
39 local h = err.context and err.context.h; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
40 sm_result = st.stanza("failed", { xmlns = xmlns_sm, h = h and ("%d"):format(h) or nil }) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
41 :add_error(err); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
42 else |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
43 event.session = resumed.session; -- Update to resumed session |
|
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5035
diff
changeset
|
44 event.session.sasl2_sm_success = resumed; -- To be called after sending final SASL response |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
45 sm_result = st.stanza("resumed", { xmlns = xmlns_sm, |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
46 h = ("%d"):format(event.session.handled_stanza_count); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
47 previd = resumed.id; }); |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 end |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
49 |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 if sm_result then |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 event.success:add_child(sm_result); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 end |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
53 end, 110); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
54 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
55 -- Bind 2 integration (for enable) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
56 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
57 module:hook("enable-bind-features", function (event) |
|
5060
bc491065c221
mod_sasl2_bind2, mod_sasl2_sm: Remove bind2 <features/> wrapper element
Matthew Wild <mwild1@gmail.com>
parents:
5039
diff
changeset
|
58 local sm_enable = event.request:get_child("enable", xmlns_sm); |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
59 if not sm_enable then return; end |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
60 |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
61 local sm_result; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
62 local enabled, err = mod_smacks.do_enable(event.session, sm_enable); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
63 if not enabled then |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
64 sm_result = st.stanza("failed", { xmlns = xmlns_sm }) |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
65 :add_error(err); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
66 else |
|
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5035
diff
changeset
|
67 event.session.sasl2_sm_success = enabled; -- To be called after sending final SASL response |
| 5034 | 68 sm_result = st.stanza("enabled", { |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
69 xmlns = xmlns_sm; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
70 id = enabled.id; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
71 resume = enabled.id and "1" or nil; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
72 max = enabled.resume_max; |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
73 }); |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
74 end |
|
5035
baebe7452903
mod_sasl2_sm: Fix event field name
Matthew Wild <mwild1@gmail.com>
parents:
5034
diff
changeset
|
75 event.result:add_child(sm_result); |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 end, 100); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
78 -- Finish and/or clean up after SASL 2 completed |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
79 |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 module:hook("sasl2/c2s/success", function (event) |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 -- The authenticate response has already been sent at this point |
|
5037
8a8100fff580
mod_sasl2_bind2, mod_sasl2_sm: Move sasl2_sm_success to session
Matthew Wild <mwild1@gmail.com>
parents:
5035
diff
changeset
|
82 local success = event.session.sasl2_sm_success; |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
83 if success then |
|
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
84 success.finish(); -- Finish enable/resume and sync stanzas |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 end |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 end, -1100); |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 |
|
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 module:hook("sasl2/c2s/failure", function (event) |
|
5030
3e79876d135b
mod_sasl2_sm: Integration with mod_sasl2_bind2
Matthew Wild <mwild1@gmail.com>
parents:
5027
diff
changeset
|
89 event.session.sasl2_sm_request = nil; |
|
5026
e3248d025d34
mod_sasl2_sm: Experimental mod_isr alternative
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 end); |