Software /
code /
prosody
Annotate
util/sasl_cyrus.lua @ 3368:1748a49da906
certmanager: Defined default_capath to prevent a global nil access.
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Thu, 15 Jul 2010 11:28:14 +0500 |
parent | 3366:a2a242321901 |
child | 3373:cd6836586a6a |
rev | line source |
---|---|
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
1 -- sasl.lua v0.4 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2009 Tobias Markmann |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
3 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
4 -- All rights reserved. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
5 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
7 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
11 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
13 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
14 local cyrussasl = require "cyrussasl"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
15 local log = require "util.logger".init("sasl_cyrus"); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
16 local array = require "util.array"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
17 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
18 local tostring = tostring; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
19 local pairs, ipairs = pairs, ipairs; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
20 local t_insert, t_concat = table.insert, table.concat; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
21 local s_match = string.match; |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
22 local setmetatable = setmetatable |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
23 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
24 local keys = keys; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
25 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
26 local print = print |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
27 local pcall = pcall |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
28 local s_match, s_gmatch = string.match, string.gmatch |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
29 |
3298
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
30 local sasl_errstring = { |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
31 -- SASL result codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
32 [1] = "another step is needed in authentication"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
33 [0] = "successful result"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
34 [-1] = "generic failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
35 [-2] = "memory shortage failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
36 [-3] = "overflowed buffer"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
37 [-4] = "mechanism not supported"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
38 [-5] = "bad protocol / cancel"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
39 [-6] = "can't request info until later in exchange"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
40 [-7] = "invalid parameter supplied"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
41 [-8] = "transient failure (e.g., weak key)"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
42 [-9] = "integrity check failed"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
43 [-12] = "SASL library not initialized"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
44 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
45 -- client only codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
46 [2] = "needs user interaction"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
47 [-10] = "server failed mutual authentication step"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
48 [-11] = "mechanism doesn't support requested feature"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
49 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
50 -- server only codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
51 [-13] = "authentication failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
52 [-14] = "authorization failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
53 [-15] = "mechanism too weak for this user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
54 [-16] = "encryption needed to use mechanism"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
55 [-17] = "One time use of a plaintext password will enable requested mechanism for user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
56 [-18] = "passphrase expired, has to be reset"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
57 [-19] = "account disabled"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
58 [-20] = "user not found"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
59 [-23] = "version mismatch with plug-in"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
60 [-24] = "remote authentication server unavailable"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
61 [-26] = "user exists, but no verifier for user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
62 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
63 -- codes for password setting -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
64 [-21] = "passphrase locked"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
65 [-22] = "requested change was not needed"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
66 [-27] = "passphrase is too weak for security policy"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
67 [-28] = "user supplied passwords not permitted"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
68 }; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
69 setmetatable(sasl_errstring, { __index = function() return "undefined error!" end }); |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
70 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
71 module "sasl_cyrus" |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
72 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
73 local method = {}; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
74 method.__index = method; |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
75 local initialized = false; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
76 |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
77 local function init(service_name) |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
78 if not initialized then |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
79 local st, errmsg = pcall(cyrussasl.server_init, service_name); |
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
80 if st then |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
81 initialized = true; |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
82 else |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
83 log("error", "Failed to initialize Cyrus SASL: %s", errmsg); |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
84 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
85 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
86 end |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
87 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
88 -- create a new SASL object which can be used to authenticate clients |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
89 function new(realm, service_name, app_name) |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
90 local sasl_i = {}; |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
91 |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
92 init(app_name or service_name); |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
93 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
94 sasl_i.realm = realm; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
95 sasl_i.service_name = service_name; |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
96 |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
97 local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil) |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
98 if st then |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
99 sasl_i.cyrus = ret; |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
100 else |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
101 log("error", "Creating SASL server connection failed: %s", ret); |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
102 return nil; |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
103 end |
2895
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
104 |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
105 if cyrussasl.set_canon_cb then |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
106 local c14n_cb = function (user) |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
107 local node = s_match(user, "^([^@]+)"); |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
108 log("debug", "Canonicalizing username %s to %s", user, node) |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
109 return node |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
110 end |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
111 cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb); |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
112 end |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
113 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
114 cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
115 local s = setmetatable(sasl_i, method); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
116 return s; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
117 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
118 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
119 -- get a fresh clone with the same realm, profiles and forbidden mechanisms |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
120 function method:clean_clone() |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
121 return new(self.realm, self.service_name) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
122 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
123 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
124 -- set the forbidden mechanisms |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
125 function method:forbidden( restrict ) |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
126 log("warn", "Called method:forbidden. NOT IMPLEMENTED.") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
127 return {} |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
128 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
129 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
130 -- get a list of possible SASL mechanims to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
131 function method:mechanisms() |
3365
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
132 local mechanisms = self.mechs; |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
133 if not mechanisms then |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
134 mechanisms = {} |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
135 local cyrus_mechs = cyrussasl.listmech(self.cyrus, nil, "", " ", "") |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
136 for w in s_gmatch(cyrus_mechs, "[^ ]+") do |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
137 mechanisms[w] = true; |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
138 end |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
139 self.mechs = mechanisms |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
140 end |
3363
a4bb658d3fcb
SASL: Simplified sasl_handler:mechanisms() to return a set, and not an array.
Waqas Hussain <waqas20@gmail.com>
parents:
3299
diff
changeset
|
141 return mechanisms; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
142 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
143 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
144 -- select a mechanism to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
145 function method:select(mechanism) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
146 self.mechanism = mechanism; |
3366
a2a242321901
util.sasl, util.sasl_cyrus: Use method:mechanisms() in method:select(), instead of using the mechanisms list directly (fixes a traceback).
Waqas Hussain <waqas20@gmail.com>
parents:
3365
diff
changeset
|
147 return self.mechanisms()[mechanism]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
148 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
149 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
150 -- feed new messages to process into the library |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
151 function method:process(message) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
152 local err; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
153 local data; |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
154 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
155 if self.mechanism then |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
156 err, data = cyrussasl.server_start(self.cyrus, self.mechanism, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
157 else |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
158 err, data = cyrussasl.server_step(self.cyrus, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
159 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
160 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
161 self.username = cyrussasl.get_username(self.cyrus) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
162 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
163 if (err == 0) then -- SASL_OK |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
164 return "success", data |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
165 elseif (err == 1) then -- SASL_CONTINUE |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
166 return "challenge", data |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
167 elseif (err == -4) then -- SASL_NOMECH |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
168 log("debug", "SASL mechanism not available from remote end") |
2903
d6da8f8e3502
util.sasl_cyrus: Return invalid-mechanism instead of undefined-condition where appropriate
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
169 return "failure", "invalid-mechanism", "SASL mechanism not available" |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
170 elseif (err == -13) then -- SASL_BADAUTH |
3299
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
171 return "failure", "not-authorized", sasl_errstring[err]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
172 else |
3299
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
173 log("debug", "Got SASL error condition %d: %s", err, sasl_errstring[err]); |
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
174 return "failure", "undefined-condition", sasl_errstring[err]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
175 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
176 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
177 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
178 return _M; |