prosody-modules
13070c6a7ce8
mod_auth_ldap2/mod_auth_ldap2.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auth_ldap2/mod_auth_ldap2.lua @ 4930:13070c6a7ce8

mod_http_muc_log: Fix exception on lack of trailing slash in room path A request to /room leads to the match call returning nil which in turn calls nodeprep(nil). In Prosody 0.11.x this does nothing and simply returns the nil, while in 0.12 it is an error. Now it redirects to the calendar view at /room/ - even for non-existant rooms. Discovered at a deployment with http_paths = { muc_log = "/" } and requests to /robots.txt and similar, which now result in a uses redirect before returning 404.
author Kim Alvefur <zash@zash.se>
date Fri, 22 Apr 2022 14:29:32 +0200
parent 3869:f2b29183ef08
line wrap: on
line source

-- vim:sts=4 sw=4

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
-- Copyright (C) 2012 Rob Hoelz
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua
-- adapted to use common LDAP store

local ldap     = module:require 'ldap';
local new_sasl = require 'util.sasl'.new;
local jsplit   = require 'util.jid'.split;

if not ldap then
    return;
end

local provider = {}

function provider.test_password(username, password)
    return ldap.bind(username, password);
end

function provider.user_exists(username)
    local params = ldap.getparams()

    local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username);

    return ldap.singlematch {
        base   = params.user.basedn,
        filter = filter,
    };
end

function provider.get_password(username)
    return nil, "Passwords unavailable for LDAP.";
end

function provider.set_password(username, password)
    return nil, "Passwords unavailable for LDAP.";
end

function provider.create_user(username, password)
    return nil, "Account creation/modification not available with LDAP.";
end

function provider.get_sasl_handler()
    local testpass_authentication_profile = {
        plain_test = function(sasl, username, password, realm)
            return provider.test_password(username, password), true;
        end,
        mechanisms = { PLAIN = true },
    };
    return new_sasl(module.host, testpass_authentication_profile);
end

function provider.is_admin(jid)
    local username, userhost = jsplit(jid);
    if userhost ~= module.host then
        return false;
    end
    local admin_config = ldap.getparams().admin;

    if not admin_config then
        return;
    end

    local ld       = ldap:getconnection();
    local filter   = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username);

    return ldap.singlematch {
        base   = admin_config.basedn,
        filter = filter,
    };
end

module:provides("auth", provider);