Mercurial > prosody-hg
comparison plugins/mod_legacyauth.lua @ 1216:fd8ce71bc72b
mod_saslauth, mod_legacyauth: Deny logins to unsecure sessions when require_encryption config option is true
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 29 May 2009 14:33:55 +0100 |
| parents | a3d77353c18a |
| children | 8e02c10c9e60 |
comparison
equal
deleted
inserted
replaced
| 1215:d3534badd748 | 1216:fd8ce71bc72b |
|---|---|
| 9 | 9 |
| 10 | 10 |
| 11 local st = require "util.stanza"; | 11 local st = require "util.stanza"; |
| 12 local t_concat = table.concat; | 12 local t_concat = table.concat; |
| 13 | 13 |
| 14 local config = require "core.configmanager"; | |
| 15 local secure_auth_only = config.get(module:get_host(), "core", "require_encryption"); | |
| 16 | |
| 14 local sessionmanager = require "core.sessionmanager"; | 17 local sessionmanager = require "core.sessionmanager"; |
| 15 local usermanager = require "core.usermanager"; | 18 local usermanager = require "core.usermanager"; |
| 16 | 19 |
| 17 module:add_feature("jabber:iq:auth"); | 20 module:add_feature("jabber:iq:auth"); |
| 18 module:add_event_hook("stream-features", function (session, features) | 21 module:add_event_hook("stream-features", function (session, features) |
| 19 if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end | 22 if not session.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end |
| 20 end); | 23 end); |
| 21 | 24 |
| 22 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", | 25 module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", |
| 23 function (session, stanza) | 26 function (session, stanza) |
| 27 if secure_auth_only and not session.secure then | |
| 28 session.send(st.error_reply(stanza, "modify", "not-acceptable", "Encryption (SSL or TLS) is required to connect to this server")); | |
| 29 return true; | |
| 30 end | |
| 31 | |
| 24 local username = stanza.tags[1]:child_with_name("username"); | 32 local username = stanza.tags[1]:child_with_name("username"); |
| 25 local password = stanza.tags[1]:child_with_name("password"); | 33 local password = stanza.tags[1]:child_with_name("password"); |
| 26 local resource = stanza.tags[1]:child_with_name("resource"); | 34 local resource = stanza.tags[1]:child_with_name("resource"); |
| 27 if not (username and password and resource) then | 35 if not (username and password and resource) then |
| 28 local reply = st.reply(stanza); | 36 local reply = st.reply(stanza); |
