Annotate

mod_auth_external/mod_auth_external.lua @ 1086:50ee38e95e75

Don't store password in temporary file, pipe instead
author Mikael Nordfeldth <mmn@hethane.se>
date Mon, 24 Jun 2013 14:29:03 +0200
parent 902:490cb9161c81
child 1154:61f95bf51b35
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
1 --
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
2 -- NOTE: currently this uses lpc; when waqas fixes process, it can go back to that
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
3 --
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
4 -- Prosody IM
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
5 -- Copyright (C) 2010 Waqas Hussain
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
6 -- Copyright (C) 2010 Jeff Mitchell
1086
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
7 -- Copyright (C) 2013 Mikael Nordfeldth
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
8 --
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
9 -- This project is MIT/X11 licensed. Please see the
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
10 -- COPYING file in the source package for more information.
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
11 --
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
12
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
13
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
14 --local process = require "process";
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
15 local lpc; pcall(function() lpc = require "lpc"; end);
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
17 local config = require "core.configmanager";
168
cd8492748985 mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents: 166
diff changeset
18 local log = module._log;
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
19 local host = module.host;
168
cd8492748985 mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents: 166
diff changeset
20 local script_type = config.get(host, "core", "external_auth_protocol") or "generic";
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
21 assert(script_type == "ejabberd" or script_type == "generic");
168
cd8492748985 mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents: 166
diff changeset
22 local command = config.get(host, "core", "external_auth_command") or "";
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 assert(type(command) == "string");
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 assert(not host:find(":"));
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
25 local usermanager = require "core.usermanager";
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
26 local jid_bare = require "util.jid".bare;
166
75a85eac3c27 mod_extauth: Updated to provide a SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents: 158
diff changeset
27 local new_sasl = require "util.sasl".new;
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
28
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
29 local function send_query(text)
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
30 local tmpname = os.tmpname();
1086
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
31 local p = io.popen(command.." > "..tmpname, "w"); -- dump result to file
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
32 p:write(text); -- push colon-separated args through pipe to above command
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
33 p:close();
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
34 local tmpfile = io.open(tmpname, "r"); -- open file to read auth result
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
35 local result;
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
36 if script_type == "ejabberd" then
1086
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
37 result = tmpfile:read(4);
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
38 elseif script_type == "generic" then
1086
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
39 result = tmpfile:read();
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
40 end
1086
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
41 tmpfile:close();
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
42 os.remove(tmpname); -- clean up after us
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
43 return result;
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
44 end
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
45
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
46 if lpc then
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
47 --local proc;
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
48 local pid;
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
49 local readfile;
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
50 local writefile;
197
2686221255cf restart authorize command if crashed or ended; added example shell script
Bjoern Kalkbrenner <terminar@cyberphoria.org>
parents: 168
diff changeset
51
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
52 function send_query(text)
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
53 if pid and lpc.wait(pid,1) ~= nil then
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
54 log("debug","error, process died, force reopen");
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
55 pid=nil;
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
56 end
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
57 if not pid then
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
58 log("debug", "Opening process " .. command);
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
59 -- proc = process.popen(command);
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
60 pid, writefile, readfile = lpc.run(command);
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
61 end
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
62 -- if not proc then
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
63 if not pid then
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
64 log("debug", "Process failed to open");
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
65 return nil;
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
66 end
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
67 -- proc:write(text);
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
68 -- proc:flush();
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
69
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
70 writefile:write(text);
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
71 writefile:flush();
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
72 if script_type == "ejabberd" then
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
73 -- return proc:read(4); -- FIXME do properly
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
74 return readfile:read(4); -- FIXME do properly
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
75 elseif script_type == "generic" then
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
76 -- return proc:read(1);
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
77 return readfile:read();
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
78 end
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
79 end
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
80 end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
81
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
82 function do_query(kind, username, password)
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
83 if not username then return nil, "not-acceptable"; end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
84
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
85 local query = (password and "%s:%s:%s:%s" or "%s:%s:%s"):format(kind, username, host, password);
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
86 local len = #query
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
87 if len > 1000 then return nil, "policy-violation"; end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
88
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
89 if script_type == "ejabberd" then
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
90 local lo = len % 256;
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
91 local hi = (len - lo) / 256;
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
92 query = string.char(hi, lo)..query;
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
93 end
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
94 if script_type == "generic" then
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
95 query = query..'\n';
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
96 end
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
97
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
98 local response = send_query(query);
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
99 if (script_type == "ejabberd" and response == "\0\2\0\0") or
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
100 (script_type == "generic" and response == "0") then
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
101 return nil, "not-authorized";
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
102 elseif (script_type == "ejabberd" and response == "\0\2\0\1") or
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
103 (script_type == "generic" and response == "1") then
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
104 return true;
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
105 else
168
cd8492748985 mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents: 166
diff changeset
106 log("debug", "Nonsense back");
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
107 --proc:close();
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
108 --proc = nil;
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
109 return nil, "internal-server-error";
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
110 end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
111 end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
112
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
113 local host = module.host;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
114 local provider = {};
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
115
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
116 function provider.test_password(username, password)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
117 return do_query("auth", username, password);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
118 end
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
119
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
120 function provider.set_password(username, password)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
121 return do_query("setpass", username, password);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
122 end
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
123
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
124 function provider.user_exists(username)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
125 return do_query("isuser", username);
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
126 end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
127
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
128 function provider.create_user(username, password) return nil, "Account creation/modification not available."; end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
129
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
130 function provider.get_sasl_handler()
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
131 local testpass_authentication_profile = {
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
132 plain_test = function(sasl, username, password, realm)
902
490cb9161c81 mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents: 846
diff changeset
133 return usermanager.test_password(username, realm, password), true;
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
134 end,
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
135 };
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
136 return new_sasl(host, testpass_authentication_profile);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
137 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
138
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
139 function provider.is_admin(jid)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
140 local admins = config.get(host, "core", "admins");
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
141 if admins ~= config.get("*", "core", "admins") then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
142 if type(admins) == "table" then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
143 jid = jid_bare(jid);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
144 for _,admin in ipairs(admins) do
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
145 if admin == jid then return true; end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
146 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
147 elseif admins then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
148 log("error", "Option 'admins' for host '%s' is not a table", host);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
149 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
150 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
151 return usermanager.is_admin(jid); -- Test whether it's a global admin instead
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
152 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
153
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
154 module:provides("auth", provider);