#294 mod_auth_cyrus doesn't support cyrus_require_provisioning
Reporter
MattJ
Owner
MattJ
Created
Updated
Stars
★ (1)
Tags
Priority-Medium
Component-Community
Status-Accepted
Type-Defect
MattJ
on
The code loops back to usermanager, which now falls straight through to the current auth provider.
Not sure what the solution is, stacked auth providers?
MattJ
on
Need to come up with some solution or workaround for 0.9.
Changes
tags Milestone-0.9
Waqas
on
I'm thinking perhaps we can just do this for now:
cyrus_require_provisioning = "internal_plain"
And mod_auth_cyrus then loads mod_auth_internal_plain and talks with that.
Stacked auth providers is something we want, but not in 0.9.
MattJ
on
I'm fine with that.
MattJ
on
This is as important as ever, but we don't have dev resources to work on it without delaying the 0.9 release further. At the same time, it can be done fairly simply through module changes after the release if necessary.
Removing the 0.9 milestone
Changes
tagsMilestone-0.9
x0r
on
Wouldn't it be better to use "datamanager.users" for check user account existance?
x0r
on
I wrote a patch for core/usermanager.lua, and it succsessfully works, but Miranda make two authentication attempts, and second is misteriously succsessful!
First: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">BASE64ENCODEDSTRING=</auth>
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<not-authorized />
<text>User authenticated successfully, but not provisioned for XMPP</text>
</failure>
Second: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">LONGBASE64ENCODEDSTRING=</auth>
<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
It seems, there is a bug.
Patch for core/usermanager.lua:
function user_exists(username, host)
-- return hosts[host].users.user_exists(username);
return storagemanager.open(host, "accounts"):get(username);
end
x0r
on
I found that "session.sasl_hanlder = session.sasl_hanlder:clean_clone();" from mod_saslauth.lua removes function "handler.require_provisioning" on second call.
The code loops back to usermanager, which now falls straight through to the current auth provider. Not sure what the solution is, stacked auth providers?
Need to come up with some solution or workaround for 0.9.
ChangesI'm thinking perhaps we can just do this for now: cyrus_require_provisioning = "internal_plain" And mod_auth_cyrus then loads mod_auth_internal_plain and talks with that. Stacked auth providers is something we want, but not in 0.9.
I'm fine with that.
This is as important as ever, but we don't have dev resources to work on it without delaying the 0.9 release further. At the same time, it can be done fairly simply through module changes after the release if necessary. Removing the 0.9 milestone
ChangesMilestone-0.9Wouldn't it be better to use "datamanager.users" for check user account existance?
I wrote a patch for core/usermanager.lua, and it succsessfully works, but Miranda make two authentication attempts, and second is misteriously succsessful! First: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">BASE64ENCODEDSTRING=</auth>  <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> <not-authorized /> <text>User authenticated successfully, but not provisioned for XMPP</text> </failure> Second: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">LONGBASE64ENCODEDSTRING=</auth>  <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" /> It seems, there is a bug. Patch for core/usermanager.lua: function user_exists(username, host) -- return hosts[host].users.user_exists(username); return storagemanager.open(host, "accounts"):get(username); end
I found that "session.sasl_hanlder = session.sasl_hanlder:clean_clone();" from mod_saslauth.lua removes function "handler.require_provisioning" on second call.
mod_auth_cyrus was moved out of Prosody into the community modules repo. https://modules.prosody.im/mod_auth_cyrus.html
Changes