prosody
77ac0d96ac24
plugins/mod_auth_insecure.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

plugins/mod_auth_insecure.lua @ 12206:77ac0d96ac24

mod_s2s: Enable outgoing Direct TLS connections Makes it faster by cutting out the roundtrips involved in <starttls/>, at the cost of making an additional SRV lookup. Since we already ignore a missing <starttls/> offer and try anyway there is not much difference in security. The fact that XMPP is used and the hostnames involved might still be visible until the future Encrypted ClientHello extension allows hiding those too.
author Kim Alvefur <zash@zash.se>
date Fri, 21 Jan 2022 17:59:19 +0100
parent 10914:0d7d71dee0a0
child 12671:32881d0c359f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
9275
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 -- Prosody IM
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 --
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 -- COPYING file in the source package for more information.
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 --
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 -- luacheck: ignore 212
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 local datamanager = require "util.datamanager";
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local new_sasl = require "util.sasl".new;
10914
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
12 local saslprep = require "util.encodings".stringprep.saslprep;
9275
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local host = module.host;
9292
d5f798efb1ba mod_auth_insecure: Fix module provider name
Matthew Wild <mwild1@gmail.com>
parents: 9275
diff changeset
15 local provider = { name = "insecure" };
9275
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 assert(module:get_option_string("insecure_open_authentication") == "Yes please, I know what I'm doing!");
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 function provider.test_password(username, password)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 return true;
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 function provider.set_password(username, password)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 local account = datamanager.load(username, host, "accounts");
10914
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
25 password = saslprep(password);
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
26 if not password then
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
27 return nil, "Password fails SASLprep.";
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
28 end
9275
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 if account then
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 account.password = password;
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 return datamanager.store(username, host, "accounts", account);
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 return nil, "Account not available.";
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 function provider.user_exists(username)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 return true;
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 function provider.create_user(username, password)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 return datamanager.store(username, host, "accounts", {password = password});
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 function provider.delete_user(username)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 return datamanager.store(username, host, "accounts", nil);
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 function provider.get_sasl_handler()
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 local getpass_authentication_profile = {
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 plain_test = function(sasl, username, password, realm)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 return true, true;
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 };
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 return new_sasl(module.host, getpass_authentication_profile);
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 module:add_item("auth-provider", provider);
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58