Annotate

mod_auth_ha1/mod_auth_ha1.lua @ 1472:d44926f39f00

mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
author Matthew Wild <mwild1@gmail.com>
date Sat, 26 Jul 2014 21:53:52 +0100
child 1473:31c4d92a81e5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1472
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 -- Prosody IM
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 -- Copyright (C) 2014 Matthew Wild
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 --
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 -- This project is MIT/X11 licensed. Please see the
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 -- COPYING file in the source package for more information.
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 --
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 local usermanager = require "core.usermanager";
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local new_sasl = require "util.sasl".new;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local nodeprep = require "util.encodings".stringprep.nodeprep;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local nameprep = require "util.encodings".stringprep.nameprep;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local md5 = require "util.hashes".md5;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local host = module.host;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 local auth_filename = module:get_option_string("auth_ha1_file", "auth.txt");
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 local auth_data = {};
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 function reload_auth_data()
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 local f, err = io.open(auth_filename);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 if not f then
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 module:log("error", "Failed to read from auth file: %s", err);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 return;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 auth_data = {};
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local line_number, imported_count, not_authorized_count = 0, 0, 0;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 for line in f:lines() do
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 line_number = line_number + 1;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 local username, hash, realm, state = line:match("^([^:]+):(%x+):([^:]+):(.+)$");
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 if not username then
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 module:log("error", "Unable to parse line %d of auth file, skipping", line_number);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 else
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 username, realm = nodeprep(username), nameprep(realm);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 if not username then
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 module:log("error", "Invalid username on line %d of auth file, skipping", line_number);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 elseif not realm then
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 module:log("error", "Invalid hostname/realm on line %d of auth file, skipping", line_number);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 elseif state ~= "authorized" then
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 not_authorized_count = not_authorized_count + 1;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 elseif realm == host then
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 auth_data[username] = hash;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 imported_count = imported_count + 1;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 f:close();
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 module:log("debug", "Loaded %d accounts from auth file (%d authorized)", imported_count, imported_count-not_authorized_count);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 function module.load()
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 reload_auth_data();
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 module:hook_global("config-reloaded", reload_auth_data);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 -- define auth provider
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 local provider = {};
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 function provider.test_password(username, password)
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 module:log("debug", "test password for user %s at host %s, %s", username, host, password);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 local test_hash = md5(username..":"..host..":"..password, true);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 if test_hash == auth_data[username] then
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 return true;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 else
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 return nil, "Auth failed. Invalid username or password.";
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 function provider.set_password(username, password)
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 return nil, "Changing passwords not supported";
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 function provider.user_exists(username)
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 if not auth_data[username] then
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 module:log("debug", "account not found for username '%s' at host '%s'", username, host);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 return nil, "Auth failed. Invalid username";
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 return true;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 function provider.create_user(username, password)
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 return nil, "User creation not supported";
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 function provider.delete_user(username)
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89 return nil , "User deletion not supported";
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 function provider.get_sasl_handler()
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 return new_sasl(host, {
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 plain_test = function(sasl, username, password, realm)
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 return usermanager.test_password(username, realm, password), true;
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 });
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 end
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 module:provides("auth", provider);
d44926f39f00 mod_auth_ha1: Authentication module for 'HA1' hashed credentials in a text file, as used by reTurnServer
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101