Software /
code /
prosody
Annotate
util/sasl_cyrus.lua @ 3238:362b94fa5a30
mod_saslauth: Return proper error on invalid usernames.
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Fri, 11 Jun 2010 21:01:17 +0500 |
parent | 3195:f22248192c3e |
child | 3298:94087ee7587b |
rev | line source |
---|---|
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
1 -- sasl.lua v0.4 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2009 Tobias Markmann |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
3 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
4 -- All rights reserved. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
5 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
7 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
11 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
13 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
14 local cyrussasl = require "cyrussasl"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
15 local log = require "util.logger".init("sasl_cyrus"); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
16 local array = require "util.array"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
17 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
18 local tostring = tostring; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
19 local pairs, ipairs = pairs, ipairs; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
20 local t_insert, t_concat = table.insert, table.concat; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
21 local s_match = string.match; |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
22 local setmetatable = setmetatable |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
23 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
24 local keys = keys; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
25 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
26 local print = print |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
27 local pcall = pcall |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
28 local s_match, s_gmatch = string.match, string.gmatch |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
29 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
30 module "sasl_cyrus" |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
31 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
32 local method = {}; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
33 method.__index = method; |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
34 local initialized = false; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
35 |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
36 local function init(service_name) |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
37 if not initialized then |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
38 local st, errmsg = pcall(cyrussasl.server_init, service_name); |
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
39 if st then |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
40 initialized = true; |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
41 else |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
42 log("error", "Failed to initialize Cyrus SASL: %s", errmsg); |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
43 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
44 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
45 end |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
46 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
47 -- create a new SASL object which can be used to authenticate clients |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
48 function new(realm, service_name, app_name) |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
49 local sasl_i = {}; |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
50 |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
51 init(app_name or service_name); |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
52 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
53 sasl_i.realm = realm; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
54 sasl_i.service_name = service_name; |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2899
diff
changeset
|
55 |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2899
diff
changeset
|
56 local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil) |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2899
diff
changeset
|
57 if st then |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2899
diff
changeset
|
58 sasl_i.cyrus = ret; |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2899
diff
changeset
|
59 else |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
60 log("error", "Creating SASL server connection failed: %s", ret); |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2899
diff
changeset
|
61 return nil; |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2899
diff
changeset
|
62 end |
2899
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
63 |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
64 if cyrussasl.set_canon_cb then |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
65 local c14n_cb = function (user) |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
66 local node = s_match(user, "^([^@]+)"); |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
67 log("debug", "Canonicalizing username %s to %s", user, node) |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
68 return node |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
69 end |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
70 cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb); |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
71 end |
6e57f5e0cc91
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2897
diff
changeset
|
72 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
73 cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
74 local s = setmetatable(sasl_i, method); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
75 return s; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
76 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
77 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
78 -- get a fresh clone with the same realm, profiles and forbidden mechanisms |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
79 function method:clean_clone() |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
80 return new(self.realm, self.service_name) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
81 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
82 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
83 -- set the forbidden mechanisms |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
84 function method:forbidden( restrict ) |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
85 log("warn", "Called method:forbidden. NOT IMPLEMENTED.") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
86 return {} |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
87 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
88 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
89 -- get a list of possible SASL mechanims to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
90 function method:mechanisms() |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
91 local mechanisms = {} |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
92 local cyrus_mechs = cyrussasl.listmech(self.cyrus, nil, "", " ", "") |
2400
b8d2168dc9c3
util.sasl_cyrus: Fixing cyrus mechanism list parsing. (Thanks darkrain)
Tobias Markmann <tm@ayena.de>
parents:
2396
diff
changeset
|
93 for w in s_gmatch(cyrus_mechs, "[^ ]+") do |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
94 mechanisms[w] = true; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
95 end |
2401
dbfdcb75209a
util.sasl_cyrus: Change variable name.
Tobias Markmann <tm@ayena.de>
parents:
2400
diff
changeset
|
96 self.mechs = mechanisms |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
97 return array.collect(keys(mechanisms)); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
98 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
99 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
100 -- select a mechanism to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
101 function method:select(mechanism) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
102 self.mechanism = mechanism; |
2720
289f68e704da
util.sasl_cyrus: Ensure the mechanisms table is available after a failed auth attempt.
Waqas Hussain <waqas20@gmail.com>
parents:
2577
diff
changeset
|
103 if not self.mechs then self:mechanisms(); end |
2401
dbfdcb75209a
util.sasl_cyrus: Change variable name.
Tobias Markmann <tm@ayena.de>
parents:
2400
diff
changeset
|
104 return self.mechs[mechanism]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
105 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
106 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
107 -- feed new messages to process into the library |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
108 function method:process(message) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
109 local err; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
110 local data; |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
111 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
112 if self.mechanism then |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
113 err, data = cyrussasl.server_start(self.cyrus, self.mechanism, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
114 else |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
115 err, data = cyrussasl.server_step(self.cyrus, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
116 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
117 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
118 self.username = cyrussasl.get_username(self.cyrus) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
119 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
120 if (err == 0) then -- SASL_OK |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
121 return "success", data |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
122 elseif (err == 1) then -- SASL_CONTINUE |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
123 return "challenge", data |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
124 elseif (err == -4) then -- SASL_NOMECH |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
125 log("debug", "SASL mechanism not available from remote end") |
2903
d6da8f8e3502
util.sasl_cyrus: Return invalid-mechanism instead of undefined-condition where appropriate
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
126 return "failure", "invalid-mechanism", "SASL mechanism not available" |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
127 elseif (err == -13) then -- SASL_BADAUTH |
2577
acb382c703e4
util.sasl_cyrus: Add text message from cyrussasl to <not-authorized/> errors.
Waqas Hussain <waqas20@gmail.com>
parents:
2404
diff
changeset
|
128 return "failure", "not-authorized", cyrussasl.get_message( self.cyrus ) |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
129 else |
3195
f22248192c3e
util.sasl_cyrus: Log the textual representation of unknown Cyrus SASL errors, not just the error code.
Waqas Hussain <waqas20@gmail.com>
parents:
3063
diff
changeset
|
130 log("debug", "Got SASL error condition %d: %s", err, cyrussasl.get_message( self.cyrus )) |
2903
d6da8f8e3502
util.sasl_cyrus: Return invalid-mechanism instead of undefined-condition where appropriate
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
131 return "failure", "undefined-condition", cyrussasl.get_message( self.cyrus ) |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
132 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
133 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
134 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
135 return _M; |