Software /
code /
prosody-modules
Comparison
mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua @ 1343:7dbde05b48a9
all the things: Remove trailing whitespace
author | Florian Zeitz <florob@babelmonkeys.de> |
---|---|
date | Tue, 11 Mar 2014 18:44:01 +0100 |
parent | 902:490cb9161c81 |
comparison
equal
deleted
inserted
replaced
1342:0ae065453dc9 | 1343:7dbde05b48a9 |
---|---|
108 return usermanager.test_password(username, realm, password), true; | 108 return usermanager.test_password(username, realm, password), true; |
109 end | 109 end |
110 }; | 110 }; |
111 return new_sasl(realm, getpass_authentication_profile); | 111 return new_sasl(realm, getpass_authentication_profile); |
112 end | 112 end |
113 | 113 |
114 module:provides("auth", provider); | 114 module:provides("auth", provider); |
115 | 115 |
116 function module.command(arg) | 116 function module.command(arg) |
117 local command = arg[1]; | 117 local command = arg[1]; |
118 table.remove(arg, 1); | 118 table.remove(arg, 1); |
120 local user_jid = arg[1]; | 120 local user_jid = arg[1]; |
121 if not user_jid or user_jid == "help" then | 121 if not user_jid or user_jid == "help" then |
122 prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]); | 122 prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]); |
123 return 1; | 123 return 1; |
124 end | 124 end |
125 | 125 |
126 local username, host = jid.prepped_split(user_jid); | 126 local username, host = jid.prepped_split(user_jid); |
127 if not username or not host then | 127 if not username or not host then |
128 print("Invalid JID: "..user_jid); | 128 print("Invalid JID: "..user_jid); |
129 return 1; | 129 return 1; |
130 end | 130 end |
131 | 131 |
132 local password, public_id, private_id, key; | 132 local password, public_id, private_id, key; |
133 | 133 |
134 for i=2,#arg do | 134 for i=2,#arg do |
135 local k, v = arg[i]:match("^%-%-(%w+)=(.*)$"); | 135 local k, v = arg[i]:match("^%-%-(%w+)=(.*)$"); |
136 if not k then | 136 if not k then |
137 k, v = arg[i]:match("^%-(%w)(.*)$"); | 137 k, v = arg[i]:match("^%-(%w)(.*)$"); |
138 end | 138 end |
144 private_id = v; | 144 private_id = v; |
145 elseif k == "key" or k == "a" then | 145 elseif k == "key" or k == "a" then |
146 key = v; | 146 key = v; |
147 end | 147 end |
148 end | 148 end |
149 | 149 |
150 if not password then | 150 if not password then |
151 print(":: Password ::"); | 151 print(":: Password ::"); |
152 print("This is an optional password that should be always"); | 152 print("This is an optional password that should be always"); |
153 print("entered during login *before* the yubikey password."); | 153 print("entered during login *before* the yubikey password."); |
154 print("If the yubikey is lost/stolen, unless the attacker"); | 154 print("If the yubikey is lost/stolen, unless the attacker"); |
158 if not password then | 158 if not password then |
159 print("Cancelled."); | 159 print("Cancelled."); |
160 return 1; | 160 return 1; |
161 end | 161 end |
162 end | 162 end |
163 | 163 |
164 if not public_id then | 164 if not public_id then |
165 print(":: Public Yubikey ID ::"); | 165 print(":: Public Yubikey ID ::"); |
166 print("This is a fixed string of characters between 0 and 16"); | 166 print("This is a fixed string of characters between 0 and 16"); |
167 print("bytes long that the Yubikey prefixes to every token."); | 167 print("bytes long that the Yubikey prefixes to every token."); |
168 print("The ID should be entered in modhex encoding, meaning "); | 168 print("The ID should be entered in modhex encoding, meaning "); |
169 print("a string up to 32 characters. This *must* match"); | 169 print("a string up to 32 characters. This *must* match"); |
179 else | 179 else |
180 break; | 180 break; |
181 end | 181 end |
182 end | 182 end |
183 end | 183 end |
184 | 184 |
185 if not private_id then | 185 if not private_id then |
186 print(":: Private Yubikey ID ::"); | 186 print(":: Private Yubikey ID ::"); |
187 print("This is a fixed secret UID programmed into the yubikey"); | 187 print("This is a fixed secret UID programmed into the yubikey"); |
188 print("during configuration. It must be entered in hex (not modhex)"); | 188 print("during configuration. It must be entered in hex (not modhex)"); |
189 print("encoding. It is always 6 bytes long, which is 12 characters"); | 189 print("encoding. It is always 6 bytes long, which is 12 characters"); |
198 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); | 198 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); |
199 else | 199 else |
200 break; | 200 break; |
201 end | 201 end |
202 end | 202 end |
203 end | 203 end |
204 | 204 |
205 if not key then | 205 if not key then |
206 print(":: AES Encryption Key ::"); | 206 print(":: AES Encryption Key ::"); |
207 print("This is the secret key that the Yubikey uses to encrypt the"); | 207 print("This is the secret key that the Yubikey uses to encrypt the"); |
208 print("generated tokens. It is 32 characters in hex encoding."); | 208 print("generated tokens. It is 32 characters in hex encoding."); |
209 print(""); | 209 print(""); |
217 else | 217 else |
218 break; | 218 break; |
219 end | 219 end |
220 end | 220 end |
221 end | 221 end |
222 | 222 |
223 local hash = hashes.sha1(public_id..private_id..password, true); | 223 local hash = hashes.sha1(public_id..private_id..password, true); |
224 local account = { | 224 local account = { |
225 yubikey_hash = hash; | 225 yubikey_hash = hash; |
226 yubikey_key = key; | 226 yubikey_key = key; |
227 }; | 227 }; |