Mercurial > prosody-hg
comparison plugins/mod_saslauth.lua @ 10487:02ccf2fbf000
mod_saslauth: Collect SASL EXTERNAL failures into an util.error object
Will be easier than that concatenated string to extract info out of for
use elsewhere.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 07 Dec 2019 22:51:43 +0100 |
| parents | 7a3c04789d5c |
| children | 03ff1e614b4d |
comparison
equal
deleted
inserted
replaced
| 10486:479e96e554c8 | 10487:02ccf2fbf000 |
|---|---|
| 11 local st = require "util.stanza"; | 11 local st = require "util.stanza"; |
| 12 local sm_bind_resource = require "core.sessionmanager".bind_resource; | 12 local sm_bind_resource = require "core.sessionmanager".bind_resource; |
| 13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; | 13 local sm_make_authenticated = require "core.sessionmanager".make_authenticated; |
| 14 local base64 = require "util.encodings".base64; | 14 local base64 = require "util.encodings".base64; |
| 15 local set = require "util.set"; | 15 local set = require "util.set"; |
| 16 local errors = require "util.error"; | |
| 16 | 17 |
| 17 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; | 18 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; |
| 18 | 19 |
| 19 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false)); | 20 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false)); |
| 20 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) | 21 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) |
| 100 if child.name ~= "text" then | 101 if child.name ~= "text" then |
| 101 condition = child.name; | 102 condition = child.name; |
| 102 break; | 103 break; |
| 103 end | 104 end |
| 104 end | 105 end |
| 105 if text and condition then | 106 local err = errors.new({ |
| 106 condition = condition .. ": " .. text; | 107 -- TODO type = what? |
| 107 end | 108 text = text, |
| 108 module:log("info", "SASL EXTERNAL with %s failed: %s", session.to_host, condition); | 109 condition = condition, |
| 110 }, { | |
| 111 session = session, | |
| 112 stanza = stanza, | |
| 113 }); | |
| 114 | |
| 115 module:log("info", "SASL EXTERNAL with %s failed: %s", session.to_host, err); | |
| 109 | 116 |
| 110 session.external_auth = "failed" | 117 session.external_auth = "failed" |
| 111 session.external_auth_failure_reason = condition; | 118 session.external_auth_failure_reason = err; |
| 112 end, 500) | 119 end, 500) |
| 113 | 120 |
| 114 module:hook_tag(xmlns_sasl, "failure", function (session, stanza) -- luacheck: ignore 212/stanza | 121 module:hook_tag(xmlns_sasl, "failure", function (session, stanza) -- luacheck: ignore 212/stanza |
| 115 session.log("debug", "No fallback from SASL EXTERNAL failure, giving up"); | 122 session.log("debug", "No fallback from SASL EXTERNAL failure, giving up"); |
| 116 session:close(nil, session.external_auth_failure_reason); | 123 session:close(nil, session.external_auth_failure_reason); |
