Annotate

mod_auth_imap/auth_imap/mod_auth_imap.lua @ 1196:f45ca6edc159

mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
author Kim Alvefur <zash@zash.se>
date Thu, 26 Sep 2013 13:43:27 +0200
child 1198:b21bd39c8a12
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1196
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- IMAP authentication backend for Prosody
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Copyright (C) 2011 FIMXE from hg annotate -u
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local name = "IMAP SASL";
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local log = require "util.logger".init("auth_imap");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local imap_host = module:get_option_string("imap_auth_host", "localhost");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local imap_port = module:get_option_number("imap_auth_port", 143);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local imap_service_realm = module:get_option("imap_service_realm");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 local imap_service_name = module:get_option("imap_service_name");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local new_imap_sasl = module:require "sasl_imap".new;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local new_sasl = function(realm)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 return new_imap_sasl(
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 imap_service_realm or realm,
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 imap_service_name or "xmpp",
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 imap_host, imap_port
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 );
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 do
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 local s = new_sasl(module.host)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 assert(s, "Could not create a new SASL object");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 assert(s.mechanisms, "SASL object has no mechanims method");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 local m = {};
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 for k in pairs(s:mechanisms()) do
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 table.insert(m, k);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 log("debug", "Mechanims found: %s", table.concat(m, ", "));
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 provider = {
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 name = module.name:gsub("^auth_","");
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 };
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 function provider.test_password(username, password)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 return nil, "Legacy auth not supported with "..name;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 function provider.get_password(username)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 return nil, "Passwords unavailable for "..name;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 function provider.set_password(username, password)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 return nil, "Passwords unavailable for "..name;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 function provider.user_exists(username)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 -- FIXME
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 return true
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 function provider.create_user(username, password)
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 return nil, "Account creation/modification not available with "..name;
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 function provider.get_sasl_handler()
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 return new_sasl(module.host);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 end
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 module:add_item("auth-provider", provider);
f45ca6edc159 mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67