Software /
code /
prosody-modules
Annotate
mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua @ 698:3a3293f37139
mod_client_certs: Fix the checking of valid id_on_xmppAddr fields.
author | Thijs Alkemade <thijsalkemade@gmail.com> |
---|---|
date | Tue, 05 Jun 2012 20:47:02 +0200 |
parent | 474:942738953ff3 |
child | 700:0c130c45b7c1 |
rev | line source |
---|---|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Dovecot authentication backend for Prosody |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- Copyright (C) 2010-2011 Waqas Hussain |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- Copyright (C) 2011 Kim Alvefur |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local name = "Dovecot SASL"; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local log = require "util.logger".init("auth_dovecot"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local socket_path = module:get_option_string("dovecot_auth_socket", "/var/run/dovecot/auth-login"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local socket_host = module:get_option_string("dovecot_auth_host", "127.0.0.1"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local socket_port = module:get_option_string("dovecot_auth_port"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local service_realm = module:get_option("realm"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local service_name = module:get_option("service_name"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 local append_host = module:get_option_boolean("auth_append_host"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local validate_domain = module:get_option_boolean("validate_append_host"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local handle_appended = module:get_option_string("handle_appended"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 local util_sasl_new = require "util.sasl".new; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 local new_dovecot_sasl = module:require "sasl_dovecot".new; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 local new_sasl = function(realm) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 return new_dovecot_sasl( |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 service_realm or realm, |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 service_name or "xmpp", |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 socket_port and { socket_path, socket_port } or socket_path, |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 { --config |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 handle_domain = handle_appended or |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 (append_host and "split" or "escape"), |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 validate_domain = validate_domain, |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 } |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 ); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 do |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 local s = new_sasl(module.host) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 assert(s, "Could not create a new SASL object"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 assert(s.mechanisms, "SASL object has no mechanims method"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 local m, _m = {}, s:mechanisms(); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 assert(not append_host or _m.PLAIN, "auth_append_host requires PLAIN, but it is unavailable"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 for k in pairs(_m) do |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 table.insert(m, k); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 log("debug", "Mechanims found: %s", table.concat(m, ", ")); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 provider = { |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 name = module.name:gsub("^auth_",""); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 }; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 function provider.test_password(username, password) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 return new_sasl(module.host):plain_test(username, password); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 if append_host then |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 new_sasl = function(realm) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 return util_sasl_new(realm, { |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 plain_test = function(sasl, username, password, realm) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 local prepped_username = nodeprep(username); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 if not prepped_username then |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 log("debug", "NODEprep failed on username: %s", username); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 return "", nil; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 prepped_username = prepped_username .. "@" .. module.host; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 return provider.test_password(prepped_username, password), true; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end, |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 }); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 function provider.get_password(username) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 return nil, "Passwords unavailable for "..name; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 function provider.set_password(username, password) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 return nil, "Passwords unavailable for "..name; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 function provider.user_exists(username) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 local user_test = new_sasl(module.host); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 user_test:select("PLAIN"); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 user_test:process(("\0%s\0"):format(username)); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 return user_test.username == username; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 function provider.create_user(username, password) |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 return nil, "Account creation/modification not available with "..name; |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 function provider.get_sasl_handler() |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 return new_sasl(module.host); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 end |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 module:add_item("auth-provider", provider); |
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 |