Software /
code /
prosody
Annotate
core/usermanager.lua @ 3218:032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Wed, 09 Jun 2010 21:24:20 +0100 |
parent | 3185:09174a6e8366 |
child | 3285:c116c4b2db5a |
rev | line source |
---|---|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
896
diff
changeset
|
1 -- Prosody IM |
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2032
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
4 -- |
758 | 5 -- This project is MIT/X11 licensed. Please see the |
6 -- COPYING file in the source package for more information. | |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
7 -- |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
449
diff
changeset
|
8 |
2032
2714ccde2569
usermanager: Removed an unnecessary global access.
Waqas Hussain <waqas20@gmail.com>
parents:
2031
diff
changeset
|
9 local datamanager = require "util.datamanager"; |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
10 local modulemanager = require "core.modulemanager"; |
53
14ea0fe6ca86
Session destruction fixes, some debugging code while we fix the rest. Also change logger to be more useful.
Matthew Wild <mwild1@gmail.com>
parents:
38
diff
changeset
|
11 local log = require "util.logger".init("usermanager"); |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
12 local type = type; |
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
13 local error = error; |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
14 local ipairs = ipairs; |
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
15 local hashes = require "util.hashes"; |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
16 local jid_bare = require "util.jid".bare; |
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
17 local config = require "core.configmanager"; |
2929
1e4e314bef33
usermanager: Return sane errors/results when Cyrus SASL is in use.
Waqas Hussain <waqas20@gmail.com>
parents:
2923
diff
changeset
|
18 local hosts = hosts; |
0 | 19 |
3064
596303990c7c
usermanager, mod_saslauth: Make account provisioning for Cyrus SASL optional (default: not required)
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
20 local require_provisioning = config.get("*", "core", "cyrus_require_provisioning") or false; |
596303990c7c
usermanager, mod_saslauth: Make account provisioning for Cyrus SASL optional (default: not required)
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
21 |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
22 local prosody = _G.prosody; |
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
23 |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
24 local setmetatable = setmetatable; |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
25 |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
26 local default_provider = "internal"; |
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
27 |
0 | 28 module "usermanager" |
29 | |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
30 function new_null_provider() |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
31 local function dummy() end; |
3177
b932dde3bca5
usermanager: Rename the fallback provider from 'dummyauth' to 'null'
Matthew Wild <mwild1@gmail.com>
parents:
3176
diff
changeset
|
32 return setmetatable({name = "null"}, { __index = function() return dummy; end }); |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
33 end |
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
34 |
3036
0714539bcf71
usermanager: Handle auth providers for components.
Waqas Hussain <waqas20@gmail.com>
parents:
3035
diff
changeset
|
35 local function host_handler(host) |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
36 local host_session = hosts[host]; |
3163 | 37 host_session.events.add_handler("item-added/auth-provider", function (event) |
38 local provider = event.item; | |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
39 local auth_provider = config.get(host, "core", "authentication") or default_provider; |
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
40 if provider.name == auth_provider then |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
41 host_session.users = provider; |
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
42 end |
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
3163
diff
changeset
|
43 if host_session.users ~= nil and host_session.users.name ~= nil then |
3166
3c46cb94caed
Add mechanism for upgrading to hashed passwords from default. Remove some extra debug.
Jeff Mitchell <jeff@jefferai.org>
parents:
3164
diff
changeset
|
44 log("debug", "host '%s' now set to use user provider '%s'", host, host_session.users.name); |
3163 | 45 end |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
46 end); |
3163 | 47 host_session.events.add_handler("item-removed/auth-provider", function (event) |
48 local provider = event.item; | |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
49 if host_session.users == provider then |
3161
73e93a48c0c1
Update usermanager to not crash, etc.
Jeff Mitchell <jeff@jefferai.org>
parents:
3160
diff
changeset
|
50 host_session.users = new_null_provider(); |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
51 end |
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
52 end); |
3176
f77759710324
usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents:
3167
diff
changeset
|
53 host_session.users = new_null_provider(); -- Start with the default usermanager provider |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
54 local auth_provider = config.get(host, "core", "authentication") or default_provider; |
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
55 if auth_provider ~= "null" then |
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
56 modulemanager.load(host, "auth_"..auth_provider); |
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3177
diff
changeset
|
57 end |
3176
f77759710324
usermanager: Add hunk that got missed in a merge
Matthew Wild <mwild1@gmail.com>
parents:
3167
diff
changeset
|
58 end; |
3163 | 59 prosody.events.add_handler("host-activated", host_handler, 100); |
60 prosody.events.add_handler("component-activated", host_handler, 100); | |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
61 |
3163 | 62 function is_cyrus(host) return config.get(host, "core", "sasl_backend") == "cyrus"; end |
2929
1e4e314bef33
usermanager: Return sane errors/results when Cyrus SASL is in use.
Waqas Hussain <waqas20@gmail.com>
parents:
2923
diff
changeset
|
63 |
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
3163
diff
changeset
|
64 function test_password(username, password, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
65 return hosts[host].users.test_password(username, password); |
0 | 66 end |
38 | 67 |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
68 function get_password(username, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
69 return hosts[host].users.get_password(username); |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
70 end |
2987
0acfae4da199
usermanager: Support for pluggable authentication providers
Matthew Wild <mwild1@gmail.com>
parents:
2934
diff
changeset
|
71 |
3164
db9def53fe9c
Check in mod_hashpassauth -- works!
Jeff Mitchell <jeff@jefferai.org>
parents:
3163
diff
changeset
|
72 function set_password(username, password, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
73 return hosts[host].users.set_password(username, password); |
2934
060bb8217fea
usermanager: Added function set_password.
Waqas Hussain <waqas20@gmail.com>
parents:
2929
diff
changeset
|
74 end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1523
diff
changeset
|
75 |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
76 function user_exists(username, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
77 return hosts[host].users.user_exists(username); |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
78 end |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
79 |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
80 function create_user(username, password, host) |
3158
3d42e0092888
Backed out changeset 8bd3857a75ee
Matthew Wild <mwild1@gmail.com>
parents:
3053
diff
changeset
|
81 return hosts[host].users.create_user(username, password); |
60
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
82 end |
44800be871f5
User registration, etc (jabber:iq:register)
Waqas Hussain <waqas20@gmail.com>
parents:
53
diff
changeset
|
83 |
3185
09174a6e8366
usermanager: Changed get_supported_methods to get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
84 function get_sasl_handler(host) |
09174a6e8366
usermanager: Changed get_supported_methods to get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
85 return hosts[host].users.get_sasl_handler(); |
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
86 end |
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
87 |
3167
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
88 function get_provider(host) |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
89 return hosts[host].users; |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
90 end |
546695e80e0a
Correct out of order logic in mod_hashpassauth
Jeff Mitchell <jeff@jefferai.org>
parents:
3166
diff
changeset
|
91 |
2030
d9382a16af5b
usermanager: Changed function is_admin to allow checking for host-specific admins.
Waqas Hussain <waqas20@gmail.com>
parents:
1589
diff
changeset
|
92 function is_admin(jid, host) |
3218
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
93 local is_admin; |
3030
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
94 if host and host ~= "*" then |
3218
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
95 is_admin = hosts[host].users.is_admin(jid); |
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
96 end |
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
97 if not is_admin then -- Test only whether this JID is a global admin |
3030
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
98 local admins = config.get("*", "core", "admins"); |
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
99 if type(admins) == "table" then |
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
100 jid = jid_bare(jid); |
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
101 for _,admin in ipairs(admins) do |
3218
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
102 if admin == jid then |
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
103 is_admin = true; |
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
104 break; |
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
105 end |
3030
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
106 end |
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
107 elseif admins then |
3031
421890f3f247
usermanager: Bump log level of incorrect config option warnings
Matthew Wild <mwild1@gmail.com>
parents:
3030
diff
changeset
|
108 log("error", "Option 'admins' for host '%s' is not a table", host); |
3030
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
109 end |
2be7801474fb
usermanager: Fix for is_admin to work with the new auth provider architecture
Matthew Wild <mwild1@gmail.com>
parents:
2999
diff
changeset
|
110 end |
3218
032b81731f0f
usermanager: Handle checking for global admins on behalf of providers
Matthew Wild <mwild1@gmail.com>
parents:
3185
diff
changeset
|
111 return is_admin; |
890
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
112 end |
5b8da51b0843
usermanager: Added is_admin(jid)
Waqas Hussain <waqas20@gmail.com>
parents:
760
diff
changeset
|
113 |
228
875842235836
Updated usermanager with DIGEST-MD5 support
Waqas Hussain <waqas20@gmail.com>
parents:
60
diff
changeset
|
114 return _M; |