Software /
code /
prosody-modules
Annotate
mod_auth_ha1/mod_auth_ha1.lua @ 5345:3390bb2f9f6c
mod_auth_oauth_external: Support PLAIN via resource owner password grant
Might not be supported by the backend but PLAIN is the lowest common
denominator, so not having it would lock out a lot of clients.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 16 Mar 2023 12:45:52 +0100 |
parent | 1473:31c4d92a81e5 |
rev | line source |
---|---|
1472
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 -- Prosody IM |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2014 Matthew Wild |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 -- |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 -- This project is MIT/X11 licensed. Please see the |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 -- COPYING file in the source package for more information. |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 -- |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 local usermanager = require "core.usermanager"; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local new_sasl = require "util.sasl".new; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local nodeprep = require "util.encodings".stringprep.nodeprep; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local nameprep = require "util.encodings".stringprep.nameprep; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local md5 = require "util.hashes".md5; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local host = module.host; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local auth_filename = module:get_option_string("auth_ha1_file", "auth.txt"); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 local auth_data = {}; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 function reload_auth_data() |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 local f, err = io.open(auth_filename); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 if not f then |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 module:log("error", "Failed to read from auth file: %s", err); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 return; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 auth_data = {}; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local line_number, imported_count, not_authorized_count = 0, 0, 0; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 for line in f:lines() do |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 line_number = line_number + 1; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local username, hash, realm, state = line:match("^([^:]+):(%x+):([^:]+):(.+)$"); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 if not username then |
1473
31c4d92a81e5
mod_auth_ha1: Skip commented lines
Matthew Wild <mwild1@gmail.com>
parents:
1472
diff
changeset
|
32 if line:sub(1,1) ~= "#" then |
31c4d92a81e5
mod_auth_ha1: Skip commented lines
Matthew Wild <mwild1@gmail.com>
parents:
1472
diff
changeset
|
33 module:log("error", "Unable to parse line %d of auth file, skipping", line_number); |
31c4d92a81e5
mod_auth_ha1: Skip commented lines
Matthew Wild <mwild1@gmail.com>
parents:
1472
diff
changeset
|
34 end |
1472
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 else |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 username, realm = nodeprep(username), nameprep(realm); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 if not username then |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 module:log("error", "Invalid username on line %d of auth file, skipping", line_number); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 elseif not realm then |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 module:log("error", "Invalid hostname/realm on line %d of auth file, skipping", line_number); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 elseif state ~= "authorized" then |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 not_authorized_count = not_authorized_count + 1; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 elseif realm == host then |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 auth_data[username] = hash; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 imported_count = imported_count + 1; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 f:close(); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 module:log("debug", "Loaded %d accounts from auth file (%d authorized)", imported_count, imported_count-not_authorized_count); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 function module.load() |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 reload_auth_data(); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 module:hook_global("config-reloaded", reload_auth_data); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 -- define auth provider |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 local provider = {}; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 function provider.test_password(username, password) |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 module:log("debug", "test password for user %s at host %s, %s", username, host, password); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 local test_hash = md5(username..":"..host..":"..password, true); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 if test_hash == auth_data[username] then |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 return true; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 else |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 return nil, "Auth failed. Invalid username or password."; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 function provider.set_password(username, password) |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 return nil, "Changing passwords not supported"; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 function provider.user_exists(username) |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 if not auth_data[username] then |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 module:log("debug", "account not found for username '%s' at host '%s'", username, host); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 return nil, "Auth failed. Invalid username"; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 return true; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 function provider.create_user(username, password) |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 return nil, "User creation not supported"; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 function provider.delete_user(username) |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 return nil , "User deletion not supported"; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 function provider.get_sasl_handler() |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 return new_sasl(host, { |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 plain_test = function(sasl, username, password, realm) |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 return usermanager.test_password(username, realm, password), true; |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 }); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 end |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 module:provides("auth", provider); |
d44926f39f00
mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 |