comparison mod_sasl2/mod_sasl2.lua @ 5025:fd154db7c8fc

mod_sasl2: Fix handling of various failure/error cases
author Matthew Wild <mwild1@gmail.com>
date Mon, 29 Aug 2022 16:35:19 +0100
parents 90772a9c92a0
children 1f2d2bfd29dd
comparison
equal deleted inserted replaced
5024:1cb762f72a91 5025:fd154db7c8fc
67 67
68 return module:fire_event("sasl2/"..session.base_type.."/"..status, { 68 return module:fire_event("sasl2/"..session.base_type.."/"..status, {
69 session = session, 69 session = session,
70 message = ret; 70 message = ret;
71 error = err; 71 error = err;
72 error_text = err_msg;
72 }); 73 });
73 end 74 end
74 75
75 module:hook("sasl2/c2s/failure", function (event) 76 module:hook("sasl2/c2s/failure", function (event)
77 local session, condition, text = event.session, event.message, event.error_text;
78 local failure = st.stanza("failure", { xmlns = xmlns_sasl2 })
79 :tag(condition):up();
80 if text then
81 failure:text_tag("text", text);
82 end
83 session.send(failure);
84 return true;
85 end);
86
87 module:hook("sasl2/c2s/error", function (event)
76 local session = event.session 88 local session = event.session
77 session.send(st.stanza("failure", { xmlns = xmlns_sasl2 }) 89 session.send(st.stanza("failure", { xmlns = xmlns_sasl2 })
78 :tag(event.error.condition)); 90 :tag(event.error and event.error.condition));
79 return true; 91 return true;
80 end); 92 end);
81 93
82 module:hook("sasl2/c2s/challenge", function (event) 94 module:hook("sasl2/c2s/challenge", function (event)
83 local session = event.session; 95 local session = event.session;
118 130
119 local function process_cdata(session, cdata) 131 local function process_cdata(session, cdata)
120 if cdata then 132 if cdata then
121 cdata = base64.decode(cdata); 133 cdata = base64.decode(cdata);
122 if not cdata then 134 if not cdata then
123 return handle_status(session, "failure"); 135 return handle_status(session, "failure", "incorrect-encoding");
124 end 136 end
125 end 137 end
126 return handle_status(session, session.sasl_handler:process(cdata)); 138 return handle_status(session, session.sasl_handler:process(cdata));
127 end 139 end
128 140
132 sasl_handler = usermanager_get_sasl_handler(host, session); 144 sasl_handler = usermanager_get_sasl_handler(host, session);
133 session.sasl_handler = sasl_handler; 145 session.sasl_handler = sasl_handler;
134 end 146 end
135 local mechanism = assert(auth.attr.mechanism); 147 local mechanism = assert(auth.attr.mechanism);
136 if not sasl_handler:select(mechanism) then 148 if not sasl_handler:select(mechanism) then
137 return handle_status(session, "failure"); 149 return handle_status(session, "failure", "invalid-mechanism");
138 end 150 end
139 local initial = auth:get_child_text("initial-response"); 151 local initial = auth:get_child_text("initial-response");
140 return process_cdata(session, initial); 152 return process_cdata(session, initial);
141 end); 153 end);
142 154
143 module:hook_tag(xmlns_sasl2, "response", function (session, response) 155 module:hook_tag(xmlns_sasl2, "response", function (session, response)
144 local sasl_handler = session.sasl_handler; 156 local sasl_handler = session.sasl_handler;
145 if not sasl_handler or not sasl_handler.selected then 157 if not sasl_handler or not sasl_handler.selected then
146 return handle_status(session, "failure"); 158 return handle_status(session, "failure", "invalid-mechanism");
147 end 159 end
148 return process_cdata(session, response:get_text()); 160 return process_cdata(session, response:get_text());
149 end); 161 end);