apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
IMPORTANT: due to a drive failure, as of 13-Mar-2021, the Mercurial repository had to be re-mirrored, which changed every commit SHA. The old SHAs and trees are backed up in the vault branches. Please migrate to the new branches as soon as you can.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13887 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
prosody/plugins/mod_legacyauth.lua

91 lines
3.4 KiB
Raw Permalink Normal View History Unescape

Remove version number from copyright headers
17 years ago
-- Prosody IM
Update copyright headers for 2010
16 years ago
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
Remove all trailing whitespace
13 years ago
--
GPL->MIT!
17 years ago
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
Insert copyright/license headers
17 years ago
--
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface
17 years ago
plugins: Prefix module imports with prosody namespace
3 years ago
local st = require "prosody.util.stanza";
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface
17 years ago
local t_concat = table.concat;
mod_legacyauth, mod_saslauth, mod_tls: Pass require_encryption as default option to s2s_require_encryption so the later overrides the former
11 years ago
local secure_auth_only = module:get_option("c2s_require_encryption",
mod_legacyauth: Default to require encryption
4 years ago
module:get_option("require_encryption", true))
mod_legacyauth: Disallow on unencrypted connections by default, heed allow_unencrypted_plain_auth config option (thanks Maranda/Zash)
15 years ago
or not(module:get_option("allow_unencrypted_plain_auth"));
mod_saslauth, mod_legacyauth: Deny logins to unsecure sessions when require_encryption config option is true
17 years ago
plugins: Prefix module imports with prosody namespace
3 years ago
local sessionmanager = require "prosody.core.sessionmanager";
local usermanager = require "prosody.core.usermanager";
local nodeprep = require "prosody.util.encodings".stringprep.nodeprep;
local resourceprep = require "prosody.util.encodings".stringprep.resourceprep;
mod_*: Fix a load of global accesses
17 years ago
Change modules to use the new add_feature module API method. This also fixes the bug causing disco features being added to every disco reply for every host.
17 years ago
module:add_feature("jabber:iq:auth");
mod_legacyauth: Hook stream-features event using new events API.
16 years ago
module:hook("stream-features", function(event)
local origin, features = event.origin, event.features;
if secure_auth_only and not origin.secure then
mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn't secure
17 years ago
-- Sorry, not offering to insecure streams!
return;
mod_legacyauth: Hook stream-features event using new events API.
16 years ago
elseif not origin.username then
mod_legacyauth: Hide stream feature when secure auth is enabled, and session isn't secure
17 years ago
features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up();
end
mod_legacyauth: Added stream feature: <auth xmlns='http://jabber.org/features/iq-auth'/>
17 years ago
end);
Modules now sending disco replies
17 years ago
mod_legacyauth: Updated to use the new events API.
15 years ago
module:hook("stanza/iq/jabber:iq:auth:query", function(event)
local session, stanza = event.origin, event.stanza;
mod_legacyauth: Limit authentication to unauthenticated client connections.
15 years ago
if session.type ~= "c2s_unauthed" then
mod_legacyauth: Split a long line [luacheck]
8 years ago
(session.sends2s or session.send)(st.error_reply(stanza, "cancel", "service-unavailable",
"Legacy authentication is only allowed for unauthenticated client connections."));
mod_legacyauth: Limit authentication to unauthenticated client connections.
15 years ago
return true;
end
mod_legacyauth: Updated to use the new events API.
15 years ago
if secure_auth_only and not session.secure then
session.send(st.error_reply(stanza, "modify", "not-acceptable", "Encryption (SSL or TLS) is required to connect to this server"));
return true;
end
Remove all trailing whitespace
13 years ago
mod_lastactivity, mod_legacyauth, mod_presence, mod_saslauth, mod_tls: Use the newer stanza:get_child APIs and optimize away some table lookups
12 years ago
local query = stanza.tags[1];
local username = query:get_child("username");
local password = query:get_child("password");
local resource = query:get_child("resource");
mod_legacyauth: Updated to use the new events API.
15 years ago
if not (username and password and resource) then
local reply = st.reply(stanza);
session.send(reply:query("jabber:iq:auth")
:tag("username"):up()
:tag("password"):up()
:tag("resource"):up());
else
username, password, resource = t_concat(username), t_concat(password), t_concat(resource);
username = nodeprep(username);
resource = resourceprep(resource)
mod_legacyauth: Return an error if username or resource fails stringprep (thanks iron)
14 years ago
if not (username and resource) then
session.send(st.error_reply(stanza, "modify", "bad-request"));
return true;
end
mod_legacyauth: Updated to use the new events API.
15 years ago
if usermanager.test_password(username, session.host, password) then
-- Authentication successful!
local success, err = sessionmanager.make_authenticated(session, username);
if success then
local err_type, err_msg;
success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource);
if not success then
session.send(st.error_reply(stanza, err_type, err, err_msg));
session.username, session.type = nil, "c2s_unauthed"; -- FIXME should this be placed in sessionmanager?
return true;
elseif resource ~= session.resource then -- server changed resource, not supported by legacy auth
session.send(st.error_reply(stanza, "cancel", "conflict", "The requested resource could not be assigned to this session."));
session:close(); -- FIXME undo resource bind and auth instead of closing the session?
return true;
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface
17 years ago
end
mod_legacyauth: Report failure from sessionmanager (mostly invalid username)
6 years ago
session.send(st.reply(stanza));
else
session.send(st.error_reply(stanza, "auth", "not-authorized", err));
Huge commit to: * Break stanza routing (to be restored in a future commit) * Remove the old stanza_dispatcher code, which was never going to be maintainable nor extendable :) * Bring us plugins, starting with mod_legacyauth and mod_roster * Sessions are now created/destroyed using a standard sessionmanager interface
17 years ago
end
mod_legacyauth: Updated to use the new events API.
15 years ago
else
session.send(st.error_reply(stanza, "auth", "not-authorized"));
end
end
return true;
end);