Software / code / prosody
Annotate
plugins/mod_auth_internal.lua @ 3278:5ca2ed58788f
mod_announce: A little cleanup.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Fri, 18 Jun 2010 14:29:28 +0500 |
| parent | 3272:5ad2710d7bb8 |
| child | 3287:e425e27c12be |
| rev | line source |
|---|---|
| 3162 | 1 -- Prosody IM |
| 2 -- Copyright (C) 2008-2010 Matthew Wild | |
| 3 -- Copyright (C) 2008-2010 Waqas Hussain | |
| 4 -- Copyright (C) 2010 Jeff Mitchell | |
| 5 -- | |
| 6 -- This project is MIT/X11 licensed. Please see the | |
| 7 -- COPYING file in the source package for more information. | |
| 8 -- | |
| 9 | |
| 10 local datamanager = require "util.datamanager"; | |
|
3272
5ad2710d7bb8
mod_auth_internal: Log as "auth_internal", not as "usermanager".
Waqas Hussain <waqas20@gmail.com>
parents:
3219
diff
changeset
|
11 local log = require "util.logger".init("auth_internal"); |
| 3162 | 12 local type = type; |
| 13 local error = error; | |
| 14 local ipairs = ipairs; | |
| 15 local hashes = require "util.hashes"; | |
| 16 local jid_bare = require "util.jid".bare; | |
| 17 local config = require "core.configmanager"; | |
| 3163 | 18 local usermanager = require "core.usermanager"; |
|
3186
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
19 local new_sasl = require "util.sasl".new; |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
20 local nodeprep = require "util.encodings".stringprep.nodeprep; |
| 3162 | 21 local hosts = hosts; |
| 22 | |
| 23 local prosody = _G.prosody; | |
| 24 | |
| 3163 | 25 local is_cyrus = usermanager.is_cyrus; |
| 26 | |
| 3162 | 27 function new_default_provider(host) |
|
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3163
diff
changeset
|
28 local provider = { name = "internal" }; |
| 3163 | 29 log("debug", "initializing default authentication provider for host '%s'", host); |
| 30 | |
| 3162 | 31 function provider.test_password(username, password) |
| 3163 | 32 log("debug", "test password '%s' for user %s at host %s", password, username, module.host); |
| 3162 | 33 if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end |
| 34 local credentials = datamanager.load(username, host, "accounts") or {}; | |
| 35 | |
| 36 if password == credentials.password then | |
| 37 return true; | |
| 38 else | |
| 39 return nil, "Auth failed. Invalid username or password."; | |
| 40 end | |
| 41 end | |
| 42 | |
| 43 function provider.get_password(username) | |
| 3163 | 44 log("debug", "get_password for username '%s' at host '%s'", username, module.host); |
| 3162 | 45 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
| 46 return (datamanager.load(username, host, "accounts") or {}).password; | |
| 47 end | |
| 48 | |
| 49 function provider.set_password(username, password) | |
| 50 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end | |
| 51 local account = datamanager.load(username, host, "accounts"); | |
| 52 if account then | |
| 53 account.password = password; | |
| 54 return datamanager.store(username, host, "accounts", account); | |
| 55 end | |
| 56 return nil, "Account not available."; | |
| 57 end | |
| 58 | |
| 59 function provider.user_exists(username) | |
| 60 if is_cyrus(host) then return true; end | |
| 61 local account = datamanager.load(username, host, "accounts"); | |
| 62 if not account then | |
| 3163 | 63 log("debug", "account not found for username '%s' at host '%s'", username, module.host); |
| 3162 | 64 return nil, "Auth failed. Invalid username"; |
| 65 end | |
| 66 if account.password == nil or string.len(account.password) == 0 then | |
| 3163 | 67 log("debug", "account password not set or zero-length for username '%s' at host '%s'", username, module.host); |
| 3162 | 68 return nil, "Auth failed. Password invalid."; |
| 69 end | |
| 70 return true; | |
| 71 end | |
| 72 | |
| 73 function provider.create_user(username, password) | |
| 74 if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end | |
| 75 return datamanager.store(username, host, "accounts", {password = password}); | |
| 76 end | |
| 77 | |
|
3186
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
78 function provider.get_sasl_handler() |
|
3187
a475fbce1990
mod_auth_internal, mod_auth_internal_hashed: Fixed a global access.
Waqas Hussain <waqas20@gmail.com>
parents:
3186
diff
changeset
|
79 local realm = module:get_option("sasl_realm") or module.host; |
|
3186
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
80 local getpass_authentication_profile = { |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
81 plain = function(username, realm) |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
82 local prepped_username = nodeprep(username); |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
83 if not prepped_username then |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
84 log("debug", "NODEprep failed on username: %s", username); |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
85 return "", nil; |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
86 end |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
87 local password = usermanager.get_password(prepped_username, realm); |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
88 if not password then |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
89 return "", nil; |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
90 end |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
91 return password, true; |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
92 end |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
93 }; |
|
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
94 return new_sasl(realm, getpass_authentication_profile); |
| 3162 | 95 end |
| 96 | |
| 97 function provider.is_admin(jid) | |
|
3219
fd06023cbdcc
mod_auth_internal{,_hashed}: Update is_admin to only report the admin status of the current host (ignores global admin rights), fixes global access traceback
Matthew Wild <mwild1@gmail.com>
parents:
3187
diff
changeset
|
98 local admins = module:get_option_array("admins"); |
| 3162 | 99 if admins ~= config.get("*", "core", "admins") and type(admins) == "table" then |
| 100 jid = jid_bare(jid); | |
| 101 for _,admin in ipairs(admins) do | |
| 102 if admin == jid then return true; end | |
| 103 end | |
| 104 end | |
| 105 end | |
| 106 return provider; | |
| 107 end | |
| 108 | |
| 109 module:add_item("auth-provider", new_default_provider(module.host)); | |
| 110 |
