Software /
code /
prosody-modules
Annotate
mod_auth_external/mod_auth_external.lua @ 1086:50ee38e95e75
Don't store password in temporary file, pipe instead
author | Mikael Nordfeldth <mmn@hethane.se> |
---|---|
date | Mon, 24 Jun 2013 14:29:03 +0200 |
parent | 902:490cb9161c81 |
child | 1154:61f95bf51b35 |
rev | line source |
---|---|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
1 -- |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
2 -- NOTE: currently this uses lpc; when waqas fixes process, it can go back to that |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
3 -- |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
4 -- Prosody IM |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
5 -- Copyright (C) 2010 Waqas Hussain |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
6 -- Copyright (C) 2010 Jeff Mitchell |
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
7 -- Copyright (C) 2013 Mikael Nordfeldth |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
8 -- |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
9 -- This project is MIT/X11 licensed. Please see the |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
10 -- COPYING file in the source package for more information. |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
11 -- |
152 | 12 |
13 | |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
14 --local process = require "process"; |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
15 local lpc; pcall(function() lpc = require "lpc"; end); |
152 | 16 |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
17 local config = require "core.configmanager"; |
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
18 local log = module._log; |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
19 local host = module.host; |
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
20 local script_type = config.get(host, "core", "external_auth_protocol") or "generic"; |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
21 assert(script_type == "ejabberd" or script_type == "generic"); |
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
22 local command = config.get(host, "core", "external_auth_command") or ""; |
152 | 23 assert(type(command) == "string"); |
24 assert(not host:find(":")); | |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
25 local usermanager = require "core.usermanager"; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
26 local jid_bare = require "util.jid".bare; |
166
75a85eac3c27
mod_extauth: Updated to provide a SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents:
158
diff
changeset
|
27 local new_sasl = require "util.sasl".new; |
152 | 28 |
29 local function send_query(text) | |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
30 local tmpname = os.tmpname(); |
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
31 local p = io.popen(command.." > "..tmpname, "w"); -- dump result to file |
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
32 p:write(text); -- push colon-separated args through pipe to above command |
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
33 p:close(); |
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
34 local tmpfile = io.open(tmpname, "r"); -- open file to read auth result |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
35 local result; |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
36 if script_type == "ejabberd" then |
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
37 result = tmpfile:read(4); |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
38 elseif script_type == "generic" then |
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
39 result = tmpfile:read(); |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
40 end |
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
41 tmpfile:close(); |
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
42 os.remove(tmpname); -- clean up after us |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
43 return result; |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
44 end |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
45 |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
46 if lpc then |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
47 --local proc; |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
48 local pid; |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
49 local readfile; |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
50 local writefile; |
197
2686221255cf
restart authorize command if crashed or ended; added example shell script
Bjoern Kalkbrenner <terminar@cyberphoria.org>
parents:
168
diff
changeset
|
51 |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
52 function send_query(text) |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
53 if pid and lpc.wait(pid,1) ~= nil then |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
54 log("debug","error, process died, force reopen"); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
55 pid=nil; |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
56 end |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
57 if not pid then |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
58 log("debug", "Opening process " .. command); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
59 -- proc = process.popen(command); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
60 pid, writefile, readfile = lpc.run(command); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
61 end |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
62 -- if not proc then |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
63 if not pid then |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
64 log("debug", "Process failed to open"); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
65 return nil; |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
66 end |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
67 -- proc:write(text); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
68 -- proc:flush(); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
69 |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
70 writefile:write(text); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
71 writefile:flush(); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
72 if script_type == "ejabberd" then |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
73 -- return proc:read(4); -- FIXME do properly |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
74 return readfile:read(4); -- FIXME do properly |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
75 elseif script_type == "generic" then |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
76 -- return proc:read(1); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
77 return readfile:read(); |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
78 end |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
79 end |
152 | 80 end |
81 | |
82 function do_query(kind, username, password) | |
83 if not username then return nil, "not-acceptable"; end | |
84 | |
85 local query = (password and "%s:%s:%s:%s" or "%s:%s:%s"):format(kind, username, host, password); | |
86 local len = #query | |
87 if len > 1000 then return nil, "policy-violation"; end | |
88 | |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
89 if script_type == "ejabberd" then |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
90 local lo = len % 256; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
91 local hi = (len - lo) / 256; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
92 query = string.char(hi, lo)..query; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
93 end |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
94 if script_type == "generic" then |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
95 query = query..'\n'; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
96 end |
152 | 97 |
98 local response = send_query(query); | |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
99 if (script_type == "ejabberd" and response == "\0\2\0\0") or |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
100 (script_type == "generic" and response == "0") then |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
101 return nil, "not-authorized"; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
102 elseif (script_type == "ejabberd" and response == "\0\2\0\1") or |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
103 (script_type == "generic" and response == "1") then |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
104 return true; |
152 | 105 else |
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
106 log("debug", "Nonsense back"); |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
107 --proc:close(); |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
108 --proc = nil; |
152 | 109 return nil, "internal-server-error"; |
110 end | |
111 end | |
112 | |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
113 local host = module.host; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
114 local provider = {}; |
152 | 115 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
116 function provider.test_password(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
117 return do_query("auth", username, password); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
118 end |
152 | 119 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
120 function provider.set_password(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
121 return do_query("setpass", username, password); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
122 end |
152 | 123 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
124 function provider.user_exists(username) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
125 return do_query("isuser", username); |
152 | 126 end |
127 | |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
128 function provider.create_user(username, password) return nil, "Account creation/modification not available."; end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
129 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
130 function provider.get_sasl_handler() |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
131 local testpass_authentication_profile = { |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
132 plain_test = function(sasl, username, password, realm) |
902
490cb9161c81
mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents:
846
diff
changeset
|
133 return usermanager.test_password(username, realm, password), true; |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
134 end, |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
135 }; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
136 return new_sasl(host, testpass_authentication_profile); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
137 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
138 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
139 function provider.is_admin(jid) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
140 local admins = config.get(host, "core", "admins"); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
141 if admins ~= config.get("*", "core", "admins") then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
142 if type(admins) == "table" then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
143 jid = jid_bare(jid); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
144 for _,admin in ipairs(admins) do |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
145 if admin == jid then return true; end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
146 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
147 elseif admins then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
148 log("error", "Option 'admins' for host '%s' is not a table", host); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
149 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
150 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
151 return usermanager.is_admin(jid); -- Test whether it's a global admin instead |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
152 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
153 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
154 module:provides("auth", provider); |