prosody-modules
7dbde05b48a9
mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua
Software / code / prosody-modules
Comparison
mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua @ 1343:7dbde05b48a9
all the things: Remove trailing whitespace
| author | Florian Zeitz <florob@babelmonkeys.de> |
|---|---|
| date | Tue, 11 Mar 2014 18:44:01 +0100 |
| parent | 902:490cb9161c81 |
comparison
equal
deleted
inserted
replaced
| 1342:0ae065453dc9 | 1343:7dbde05b48a9 |
|---|---|
| 108 return usermanager.test_password(username, realm, password), true; | 108 return usermanager.test_password(username, realm, password), true; |
| 109 end | 109 end |
| 110 }; | 110 }; |
| 111 return new_sasl(realm, getpass_authentication_profile); | 111 return new_sasl(realm, getpass_authentication_profile); |
| 112 end | 112 end |
| 113 | 113 |
| 114 module:provides("auth", provider); | 114 module:provides("auth", provider); |
| 115 | 115 |
| 116 function module.command(arg) | 116 function module.command(arg) |
| 117 local command = arg[1]; | 117 local command = arg[1]; |
| 118 table.remove(arg, 1); | 118 table.remove(arg, 1); |
| 120 local user_jid = arg[1]; | 120 local user_jid = arg[1]; |
| 121 if not user_jid or user_jid == "help" then | 121 if not user_jid or user_jid == "help" then |
| 122 prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]); | 122 prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]); |
| 123 return 1; | 123 return 1; |
| 124 end | 124 end |
| 125 | 125 |
| 126 local username, host = jid.prepped_split(user_jid); | 126 local username, host = jid.prepped_split(user_jid); |
| 127 if not username or not host then | 127 if not username or not host then |
| 128 print("Invalid JID: "..user_jid); | 128 print("Invalid JID: "..user_jid); |
| 129 return 1; | 129 return 1; |
| 130 end | 130 end |
| 131 | 131 |
| 132 local password, public_id, private_id, key; | 132 local password, public_id, private_id, key; |
| 133 | 133 |
| 134 for i=2,#arg do | 134 for i=2,#arg do |
| 135 local k, v = arg[i]:match("^%-%-(%w+)=(.*)$"); | 135 local k, v = arg[i]:match("^%-%-(%w+)=(.*)$"); |
| 136 if not k then | 136 if not k then |
| 137 k, v = arg[i]:match("^%-(%w)(.*)$"); | 137 k, v = arg[i]:match("^%-(%w)(.*)$"); |
| 138 end | 138 end |
| 144 private_id = v; | 144 private_id = v; |
| 145 elseif k == "key" or k == "a" then | 145 elseif k == "key" or k == "a" then |
| 146 key = v; | 146 key = v; |
| 147 end | 147 end |
| 148 end | 148 end |
| 149 | 149 |
| 150 if not password then | 150 if not password then |
| 151 print(":: Password ::"); | 151 print(":: Password ::"); |
| 152 print("This is an optional password that should be always"); | 152 print("This is an optional password that should be always"); |
| 153 print("entered during login *before* the yubikey password."); | 153 print("entered during login *before* the yubikey password."); |
| 154 print("If the yubikey is lost/stolen, unless the attacker"); | 154 print("If the yubikey is lost/stolen, unless the attacker"); |
| 158 if not password then | 158 if not password then |
| 159 print("Cancelled."); | 159 print("Cancelled."); |
| 160 return 1; | 160 return 1; |
| 161 end | 161 end |
| 162 end | 162 end |
| 163 | 163 |
| 164 if not public_id then | 164 if not public_id then |
| 165 print(":: Public Yubikey ID ::"); | 165 print(":: Public Yubikey ID ::"); |
| 166 print("This is a fixed string of characters between 0 and 16"); | 166 print("This is a fixed string of characters between 0 and 16"); |
| 167 print("bytes long that the Yubikey prefixes to every token."); | 167 print("bytes long that the Yubikey prefixes to every token."); |
| 168 print("The ID should be entered in modhex encoding, meaning "); | 168 print("The ID should be entered in modhex encoding, meaning "); |
| 169 print("a string up to 32 characters. This *must* match"); | 169 print("a string up to 32 characters. This *must* match"); |
| 179 else | 179 else |
| 180 break; | 180 break; |
| 181 end | 181 end |
| 182 end | 182 end |
| 183 end | 183 end |
| 184 | 184 |
| 185 if not private_id then | 185 if not private_id then |
| 186 print(":: Private Yubikey ID ::"); | 186 print(":: Private Yubikey ID ::"); |
| 187 print("This is a fixed secret UID programmed into the yubikey"); | 187 print("This is a fixed secret UID programmed into the yubikey"); |
| 188 print("during configuration. It must be entered in hex (not modhex)"); | 188 print("during configuration. It must be entered in hex (not modhex)"); |
| 189 print("encoding. It is always 6 bytes long, which is 12 characters"); | 189 print("encoding. It is always 6 bytes long, which is 12 characters"); |
| 198 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); | 198 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); |
| 199 else | 199 else |
| 200 break; | 200 break; |
| 201 end | 201 end |
| 202 end | 202 end |
| 203 end | 203 end |
| 204 | 204 |
| 205 if not key then | 205 if not key then |
| 206 print(":: AES Encryption Key ::"); | 206 print(":: AES Encryption Key ::"); |
| 207 print("This is the secret key that the Yubikey uses to encrypt the"); | 207 print("This is the secret key that the Yubikey uses to encrypt the"); |
| 208 print("generated tokens. It is 32 characters in hex encoding."); | 208 print("generated tokens. It is 32 characters in hex encoding."); |
| 209 print(""); | 209 print(""); |
| 217 else | 217 else |
| 218 break; | 218 break; |
| 219 end | 219 end |
| 220 end | 220 end |
| 221 end | 221 end |
| 222 | 222 |
| 223 local hash = hashes.sha1(public_id..private_id..password, true); | 223 local hash = hashes.sha1(public_id..private_id..password, true); |
| 224 local account = { | 224 local account = { |
| 225 yubikey_hash = hash; | 225 yubikey_hash = hash; |
| 226 yubikey_key = key; | 226 yubikey_key = key; |
| 227 }; | 227 }; |
