Software /
code /
prosody
Annotate
util/sasl_cyrus.lua @ 3426:37b9b8e171b9
util.sasl_cyrus: Removed method:forbidden().
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Mon, 02 Aug 2010 18:46:13 +0500 |
parent | 3373:cd6836586a6a |
child | 3428:8a12ae696687 |
rev | line source |
---|---|
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
1 -- sasl.lua v0.4 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2009 Tobias Markmann |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
3 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
4 -- All rights reserved. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
5 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
7 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
11 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
13 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
14 local cyrussasl = require "cyrussasl"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
15 local log = require "util.logger".init("sasl_cyrus"); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
16 local array = require "util.array"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
17 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
18 local tostring = tostring; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
19 local pairs, ipairs = pairs, ipairs; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
20 local t_insert, t_concat = table.insert, table.concat; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
21 local s_match = string.match; |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
22 local setmetatable = setmetatable |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
23 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
24 local keys = keys; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
25 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
26 local print = print |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
27 local pcall = pcall |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
28 local s_match, s_gmatch = string.match, string.gmatch |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
29 |
3298
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
30 local sasl_errstring = { |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
31 -- SASL result codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
32 [1] = "another step is needed in authentication"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
33 [0] = "successful result"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
34 [-1] = "generic failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
35 [-2] = "memory shortage failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
36 [-3] = "overflowed buffer"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
37 [-4] = "mechanism not supported"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
38 [-5] = "bad protocol / cancel"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
39 [-6] = "can't request info until later in exchange"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
40 [-7] = "invalid parameter supplied"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
41 [-8] = "transient failure (e.g., weak key)"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
42 [-9] = "integrity check failed"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
43 [-12] = "SASL library not initialized"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
44 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
45 -- client only codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
46 [2] = "needs user interaction"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
47 [-10] = "server failed mutual authentication step"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
48 [-11] = "mechanism doesn't support requested feature"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
49 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
50 -- server only codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
51 [-13] = "authentication failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
52 [-14] = "authorization failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
53 [-15] = "mechanism too weak for this user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
54 [-16] = "encryption needed to use mechanism"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
55 [-17] = "One time use of a plaintext password will enable requested mechanism for user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
56 [-18] = "passphrase expired, has to be reset"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
57 [-19] = "account disabled"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
58 [-20] = "user not found"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
59 [-23] = "version mismatch with plug-in"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
60 [-24] = "remote authentication server unavailable"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
61 [-26] = "user exists, but no verifier for user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
62 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
63 -- codes for password setting -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
64 [-21] = "passphrase locked"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
65 [-22] = "requested change was not needed"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
66 [-27] = "passphrase is too weak for security policy"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
67 [-28] = "user supplied passwords not permitted"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
68 }; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
69 setmetatable(sasl_errstring, { __index = function() return "undefined error!" end }); |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
70 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
71 module "sasl_cyrus" |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
72 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
73 local method = {}; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
74 method.__index = method; |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
75 local initialized = false; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
76 |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
77 local function init(service_name) |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
78 if not initialized then |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
79 local st, errmsg = pcall(cyrussasl.server_init, service_name); |
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
80 if st then |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
81 initialized = true; |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
82 else |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
83 log("error", "Failed to initialize Cyrus SASL: %s", errmsg); |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
84 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
85 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
86 end |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
87 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
88 -- create a new SASL object which can be used to authenticate clients |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
89 function new(realm, service_name, app_name) |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
90 local sasl_i = {}; |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
91 |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
92 init(app_name or service_name); |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
93 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
94 sasl_i.realm = realm; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
95 sasl_i.service_name = service_name; |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
96 |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
97 local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil) |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
98 if st then |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
99 sasl_i.cyrus = ret; |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
100 else |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
101 log("error", "Creating SASL server connection failed: %s", ret); |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
102 return nil; |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
103 end |
2895
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
104 |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
105 if cyrussasl.set_canon_cb then |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
106 local c14n_cb = function (user) |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
107 local node = s_match(user, "^([^@]+)"); |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
108 log("debug", "Canonicalizing username %s to %s", user, node) |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
109 return node |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
110 end |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
111 cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb); |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
112 end |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
113 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
114 cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
115 local s = setmetatable(sasl_i, method); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
116 return s; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
117 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
118 |
3426
37b9b8e171b9
util.sasl_cyrus: Removed method:forbidden().
Waqas Hussain <waqas20@gmail.com>
parents:
3373
diff
changeset
|
119 -- get a fresh clone with the same realm and service name |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
120 function method:clean_clone() |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
121 return new(self.realm, self.service_name) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
122 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
123 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
124 -- get a list of possible SASL mechanims to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
125 function method:mechanisms() |
3365
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
126 local mechanisms = self.mechs; |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
127 if not mechanisms then |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
128 mechanisms = {} |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
129 local cyrus_mechs = cyrussasl.listmech(self.cyrus, nil, "", " ", "") |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
130 for w in s_gmatch(cyrus_mechs, "[^ ]+") do |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
131 mechanisms[w] = true; |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
132 end |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
133 self.mechs = mechanisms |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
134 end |
3363
a4bb658d3fcb
SASL: Simplified sasl_handler:mechanisms() to return a set, and not an array.
Waqas Hussain <waqas20@gmail.com>
parents:
3299
diff
changeset
|
135 return mechanisms; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
136 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
137 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
138 -- select a mechanism to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
139 function method:select(mechanism) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
140 self.mechanism = mechanism; |
3373
cd6836586a6a
util.sasl, util.sasl_cyrus: s/self.mechanisms()/self:mechanisms()/ in method:select().
Waqas Hussain <waqas20@gmail.com>
parents:
3366
diff
changeset
|
141 return self:mechanisms()[mechanism]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
142 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
143 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
144 -- feed new messages to process into the library |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
145 function method:process(message) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
146 local err; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
147 local data; |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
148 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
149 if self.mechanism then |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
150 err, data = cyrussasl.server_start(self.cyrus, self.mechanism, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
151 else |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
152 err, data = cyrussasl.server_step(self.cyrus, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
153 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
154 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
155 self.username = cyrussasl.get_username(self.cyrus) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
156 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
157 if (err == 0) then -- SASL_OK |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
158 return "success", data |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
159 elseif (err == 1) then -- SASL_CONTINUE |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
160 return "challenge", data |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
161 elseif (err == -4) then -- SASL_NOMECH |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
162 log("debug", "SASL mechanism not available from remote end") |
2903
d6da8f8e3502
util.sasl_cyrus: Return invalid-mechanism instead of undefined-condition where appropriate
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
163 return "failure", "invalid-mechanism", "SASL mechanism not available" |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
164 elseif (err == -13) then -- SASL_BADAUTH |
3299
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
165 return "failure", "not-authorized", sasl_errstring[err]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
166 else |
3299
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
167 log("debug", "Got SASL error condition %d: %s", err, sasl_errstring[err]); |
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
168 return "failure", "undefined-condition", sasl_errstring[err]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
169 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
170 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
171 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
172 return _M; |