On 06 Aug 2008, at 19:34, Artur Bergman wrote:
AFAIR if you return from a hook like that, it is supposed to
terminate the hook chain and proceed.
So in this case, as long as the password matches when
StaticPassword returns, then you are good to go.
Solution would be not to use StaticPassword
After a short IM conversation, it turns out that this is more a
documentation issue and
perhaps needing a slight tweak to AllowedUsers (to also register a
GetPassword hook) rather
than a serious issue.
I suggest the below text as a doc patch to explain the situation.
Please correct me if my
assumptions are wrong:
=== lib/DJabberd/Authen/StaticPassword.pm
==================================================================
--- lib/DJabberd/Authen/StaticPassword.pm (revision 6909)
+++ lib/DJabberd/Authen/StaticPassword.pm (local)
@@ -7,13 +7,31 @@
$self->{password} = $pass;
}
+# If can_retrieve_cleartext is set to true,
+# Authen.pm will register the GetPassword hook.
+# That hook is then called from IQ.pm when a password
+# needs to be checked.
+#
+# The hook then invokes the get_password routine below,
+# which will return the static password and return it via
+# the ->set method on the callback.
+#
+# IQ.pm will then validate that password and accept/reject
+# it. This means no other hooks will get called in this chain.
+# Also, none of the CheckCleartext/CheckDigest hooks will be
+# called.
+#
+# See the documentation in HookDocs about 'GetPassword' for
+# more details.
sub can_retrieve_cleartext { 1 }
+# will be called if can_retrieve_cleartext returns 1
sub get_password {
my ($self, $cb, %args) = @_;
$cb->set($self->{password});
}
+# will be called if can_retrieve_cleartext returns 0
sub check_cleartext {
my ($self, $cb, %args) = @_;
if ($args{password} eq $self->{password}) {
=== lib/DJabberd/HookDocs.pm
==================================================================
--- lib/DJabberd/HookDocs.pm (revision 6909)
+++ lib/DJabberd/HookDocs.pm (local)
@@ -19,9 +19,9 @@
$hook{'filter_incoming_server'} = {};
$hook{'switch_incoming_server'} = {};
-
+# q[ ] since we use ' and non-interpolated variables
$hook{'GetPassword'} = {
- des => "Lookup a user's plaintext password",
+ des => q[Called when a client tries to authenticate. The hook is
asked to lookup and return a user's plaintext password via $cb->set
( $pass ). If the hook returns the password, DJabberd::IQ will
validate the password and either accept or reject the authentication.
If you want to do your own validation, do not allow a GetPassword
hook to be registered that returns the password via the callback, and
use the CheckCleartext or CheckDigest hooks instead],
args => [ "username" => '$username', "conn" => 'Connection', ],
callbacks => {
set => ['password'],
--
Jos
Boumans
http://www.linkedin.com/in/josboumans
How do I prove I'm not crazy to people who are?
