Annotate

mod_auth_imap/auth_imap/sasl_imap.lib.lua @ 1199:5d46281a5d23

mod_auth_imap: Minor cleanup of imports
author Matthew Wild <mwild1@gmail.com>
date Thu, 26 Sep 2013 18:12:27 +0100
parent 1196:f45ca6edc159
child 1200:34216cdffda6
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1196
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- Dovecot authentication backend for Prosody
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Copyright (C) 2011 Kim Alvefur
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 --
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local log = require "util.logger".init("sasl_imap");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local setmetatable = setmetatable;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
1199
5d46281a5d23 mod_auth_imap: Minor cleanup of imports
Matthew Wild <mwild1@gmail.com>
parents: 1196
diff changeset
10 local s_match = string.match;
1196
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 local t_concat = table.concat;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local tostring, tonumber = tostring, tonumber;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local socket = require "socket"
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 -- TODO -- local ssl = require "ssl"
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local base64 = require "util.encodings".base64;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local b64, unb64 = base64.encode, base64.decode;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 local _M = {};
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 local method = {};
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 method.__index = method;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 -- For extracting the username.
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 local mitm = {
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 PLAIN = function(message)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 return s_match(message, "^[^%z]*%z([^%z]+)%z[^%z]+");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 end,
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 ["SCRAM-SHA-1"] = function(message)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 return s_match(message, "^[^,]+,[^,]*,n=([^,]*)");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 end,
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 ["DIGEST-MD5"] = function(message)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 return s_match(message, "username=\"([^\"]*)\"");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 end,
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 }
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 local function connect(host, port, ssl)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 port = tonumber(port) or (ssl and 993 or 143);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 log("debug", "connect() to %s:%s:%d", ssl and "ssl" or "tcp", host, tonumber(port));
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 local conn = socket.tcp();
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 -- Create a connection to imap socket
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 log("debug", "connecting to imap at '%s:%d'", host, port);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 local ok, err = conn:connect(host, port);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 conn:settimeout(10);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 if not ok then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 log("error", "error connecting to imap at '%s:%d'. error was '%s'. check permissions", host, port, err);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 return false;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 -- Parse IMAP handshake
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 local done = false;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 local supported_mechs = {};
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 local line = conn:receive("*l");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 log("debug", "imap handshake: '%s'", line);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 if not line then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 return false;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 local caps = line:match("^%*%s+OK%s+(%b[])");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 if caps then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 caps = caps:sub(2,-2);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 for cap in caps:gmatch("%S+") do
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 log("debug", "Capability: %s", cap);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 local mech = cap:match("AUTH=(.*)");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 if mech then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 log("debug", "Supported SASL mechanism: %s", mech);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 supported_mechs[mech] = mitm[mech] and true or nil;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 return conn, supported_mechs;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 -- create a new SASL object which can be used to authenticate clients
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 function _M.new(realm, service_name, host, port, ssl)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 log("debug", "new(%q, %q, %q, %d)", realm or "", service_name or "", host or "", port or 0);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 local sasl_i = {
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 realm = realm,
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 service_name = service_name,
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 _host = host,
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 _port = port,
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 _ssl = ssl
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 };
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 local conn, mechs = connect(host, port, ssl);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87 if not conn then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88 return nil, "Socket connection failure";
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90 sasl_i.conn, sasl_i.mechs = conn, mechs;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
91 return setmetatable(sasl_i, method);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
92 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 -- get a fresh clone with the same realm and service name
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 function method:clean_clone()
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
96 if self.conn then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
97 self.conn:close();
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
98 self.conn = nil;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
100 log("debug", "method:clean_clone()");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 return _M.new(self.realm, self.service_name, self._host, self._port)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
102 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 -- get a list of possible SASL mechanisms to use
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 function method:mechanisms()
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
106 log("debug", "method:mechanisms()");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
107 return self.mechs;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
110 -- select a mechanism to use
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111 function method:select(mechanism)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
112 log("debug", "method:select(%q)", mechanism);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
113 if not self.selected and self.mechs[mechanism] then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
114 self.tag = tostring({}):match("0x(%x*)$");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
115 self.selected = mechanism;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
116 local selectmsg = t_concat({ self.tag, "AUTHENTICATE", mechanism }, " ");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
117 log("debug", "Sending %d bytes: %q", #selectmsg, selectmsg);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
118 local ok, err = self.conn:send(selectmsg.."\n");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 if not ok then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
120 log("error", "Could not write to socket: %s", err);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
121 return "failure", "internal-server-error", err
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
122 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
123 local line, err = self.conn:receive("*l");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
124 if not line then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
125 log("error", "Could not read from socket: %s", err);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
126 return "failure", "internal-server-error", err
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
127 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
128 log("debug", "Received %d bytes: %q", #line, line);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
129 return line:match("^+")
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
130 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
131 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
132
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
133 -- feed new messages to process into the library
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
134 function method:process(message)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
135 local username = mitm[self.selected](message);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
136 if username then self.username = username; end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
137 log("debug", "method:process(%d bytes)", #message);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
138 local ok, err = self.conn:send(b64(message).."\n");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
139 if not ok then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
140 log("error", "Could not write to socket: %s", err);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
141 return "failure", "internal-server-error", err
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
142 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
143 log("debug", "Sent %d bytes to socket", ok);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
144 local line, err = self.conn:receive("*l");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
145 if not line then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
146 log("error", "Could not read from socket: %s", err);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
147 return "failure", "internal-server-error", err
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
148 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
149 log("debug", "Received %d bytes from socket: %s", #line, line);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
150
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
151 if line:match("^%+") and #line > 2 then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
152 local data = line:sub(3);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
153 data = data and unb64(data);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
154 return "challenge", unb64(data);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
155 elseif line:sub(1, #self.tag) == self.tag then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
156 local ok, rest = line:sub(#self.tag+1):match("(%w+)%s+(.*)");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
157 ok = ok:lower();
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
158 log("debug", "%s: %s", ok, rest);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
159 if ok == "ok" then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
160 return "success"
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
161 elseif ok == "no" then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
162 return "failure", "not-authorized", rest;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
163 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
164 elseif line:match("^%* BYE") then
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
165 local err = line:match("BYE%s*(.*)");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
166 return "failure", "not-authorized", err;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
167 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
168 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
169
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
170 return _M;