Mercurial > prosody-modules
comparison mod_sasl2/mod_sasl2.lua @ 5025:fd154db7c8fc
mod_sasl2: Fix handling of various failure/error cases
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 29 Aug 2022 16:35:19 +0100 |
parents | 90772a9c92a0 |
children | 1f2d2bfd29dd |
comparison
equal
deleted
inserted
replaced
5024:1cb762f72a91 | 5025:fd154db7c8fc |
---|---|
67 | 67 |
68 return module:fire_event("sasl2/"..session.base_type.."/"..status, { | 68 return module:fire_event("sasl2/"..session.base_type.."/"..status, { |
69 session = session, | 69 session = session, |
70 message = ret; | 70 message = ret; |
71 error = err; | 71 error = err; |
72 error_text = err_msg; | |
72 }); | 73 }); |
73 end | 74 end |
74 | 75 |
75 module:hook("sasl2/c2s/failure", function (event) | 76 module:hook("sasl2/c2s/failure", function (event) |
77 local session, condition, text = event.session, event.message, event.error_text; | |
78 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 }) | |
79 :tag(condition):up(); | |
80 if text then | |
81 failure:text_tag("text", text); | |
82 end | |
83 session.send(failure); | |
84 return true; | |
85 end); | |
86 | |
87 module:hook("sasl2/c2s/error", function (event) | |
76 local session = event.session | 88 local session = event.session |
77 session.send(st.stanza("failure", { xmlns = xmlns_sasl2 }) | 89 session.send(st.stanza("failure", { xmlns = xmlns_sasl2 }) |
78 :tag(event.error.condition)); | 90 :tag(event.error and event.error.condition)); |
79 return true; | 91 return true; |
80 end); | 92 end); |
81 | 93 |
82 module:hook("sasl2/c2s/challenge", function (event) | 94 module:hook("sasl2/c2s/challenge", function (event) |
83 local session = event.session; | 95 local session = event.session; |
118 | 130 |
119 local function process_cdata(session, cdata) | 131 local function process_cdata(session, cdata) |
120 if cdata then | 132 if cdata then |
121 cdata = base64.decode(cdata); | 133 cdata = base64.decode(cdata); |
122 if not cdata then | 134 if not cdata then |
123 return handle_status(session, "failure"); | 135 return handle_status(session, "failure", "incorrect-encoding"); |
124 end | 136 end |
125 end | 137 end |
126 return handle_status(session, session.sasl_handler:process(cdata)); | 138 return handle_status(session, session.sasl_handler:process(cdata)); |
127 end | 139 end |
128 | 140 |
132 sasl_handler = usermanager_get_sasl_handler(host, session); | 144 sasl_handler = usermanager_get_sasl_handler(host, session); |
133 session.sasl_handler = sasl_handler; | 145 session.sasl_handler = sasl_handler; |
134 end | 146 end |
135 local mechanism = assert(auth.attr.mechanism); | 147 local mechanism = assert(auth.attr.mechanism); |
136 if not sasl_handler:select(mechanism) then | 148 if not sasl_handler:select(mechanism) then |
137 return handle_status(session, "failure"); | 149 return handle_status(session, "failure", "invalid-mechanism"); |
138 end | 150 end |
139 local initial = auth:get_child_text("initial-response"); | 151 local initial = auth:get_child_text("initial-response"); |
140 return process_cdata(session, initial); | 152 return process_cdata(session, initial); |
141 end); | 153 end); |
142 | 154 |
143 module:hook_tag(xmlns_sasl2, "response", function (session, response) | 155 module:hook_tag(xmlns_sasl2, "response", function (session, response) |
144 local sasl_handler = session.sasl_handler; | 156 local sasl_handler = session.sasl_handler; |
145 if not sasl_handler or not sasl_handler.selected then | 157 if not sasl_handler or not sasl_handler.selected then |
146 return handle_status(session, "failure"); | 158 return handle_status(session, "failure", "invalid-mechanism"); |
147 end | 159 end |
148 return process_cdata(session, response:get_text()); | 160 return process_cdata(session, response:get_text()); |
149 end); | 161 end); |