Annotate

plugins/mod_auth_cyrus.lua @ 11045:8c6bace13229

util.dbuffer: Fix :sub() not working with partially-consumed chunks (thanks Zash for test case) This also appears to fix some bugs with chunk-encoded streams in net.http.parser.
author Matthew Wild <mwild1@gmail.com>
date Mon, 24 Aug 2020 16:18:13 +0100
parent 8054:0ba461b7d9af
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
1 -- Prosody IM
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
4 --
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
6 -- COPYING file in the source package for more information.
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
7 --
8054
0ba461b7d9af mod_auth_cyrus: Ignore unused arguments to various not actually implemented functions [luacheck]
Kim Alvefur <zash@zash.se>
parents: 5117
diff changeset
8 -- luacheck: ignore 212
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
9
3271
1b6c2984c1f4 mod_auth_cyrus: Log as "auth_cyrus", not as "usermanager".
Waqas Hussain <waqas20@gmail.com>
parents: 3192
diff changeset
10 local log = require "util.logger".init("auth_cyrus");
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11
3468
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3425
diff changeset
12 local usermanager_user_exists = require "core.usermanager".user_exists;
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3425
diff changeset
13
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
14 local cyrus_service_realm = module:get_option("cyrus_service_realm");
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
15 local cyrus_service_name = module:get_option("cyrus_service_name");
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
16 local cyrus_application_name = module:get_option("cyrus_application_name");
3468
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3425
diff changeset
17 local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
5000
58c9519dc461 mod_auth_cyrus, util.sasl_cyrus: Add new option 'cyrus_server_fqdn' to override the hostname passed to Cyrus (and used in e.g. GSSAPI/Kerberos) - fixes #295
Matthew Wild <mwild1@gmail.com>
parents: 4160
diff changeset
18 local host_fqdn = module:get_option("cyrus_server_fqdn");
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
19
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
20 prosody.unlock_globals(); --FIXME: Figure out why this is needed and
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
21 -- why cyrussasl isn't caught by the sandbox
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
22 local cyrus_new = require "util.sasl_cyrus".new;
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
23 prosody.lock_globals();
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
24 local new_sasl = function(realm)
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
25 return cyrus_new(
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
26 cyrus_service_realm or realm,
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
27 cyrus_service_name or "xmpp",
5000
58c9519dc461 mod_auth_cyrus, util.sasl_cyrus: Add new option 'cyrus_server_fqdn' to override the hostname passed to Cyrus (and used in e.g. GSSAPI/Kerberos) - fixes #295
Matthew Wild <mwild1@gmail.com>
parents: 4160
diff changeset
28 cyrus_application_name or "prosody",
58c9519dc461 mod_auth_cyrus, util.sasl_cyrus: Add new option 'cyrus_server_fqdn' to override the hostname passed to Cyrus (and used in e.g. GSSAPI/Kerberos) - fixes #295
Matthew Wild <mwild1@gmail.com>
parents: 4160
diff changeset
29 host_fqdn
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30 );
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
31 end
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
32
4159
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
33 do -- diagnostic
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
34 local list;
4160
f08f649b898b mod_auth_*: Get rid of undocumented and broken 'sasl_realm' config option.
Waqas Hussain <waqas20@gmail.com>
parents: 4159
diff changeset
35 for mechanism in pairs(new_sasl(module.host):mechanisms()) do
4159
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
36 list = (not(list) and mechanism) or (list..", "..mechanism);
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
37 end
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
38 if not list then
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
39 module:log("error", "No Cyrus SASL mechanisms available");
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
40 else
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
41 module:log("debug", "Available Cyrus SASL mechanisms: %s", list);
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
42 end
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
43 end
52eaa2590bfb mod_auth_cyrus: Print some diagnostic log messages about the available mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
44
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
45 local host = module.host;
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
46
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
47 -- define auth provider
5117
2c7e1ce8f482 mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents: 5115
diff changeset
48 local provider = {};
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
49 log("debug", "initializing default authentication provider for host '%s'", host);
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
50
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
51 function provider.test_password(username, password)
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
52 return nil, "Legacy auth not supported with Cyrus SASL.";
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
53 end
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
54
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
55 function provider.get_password(username)
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
56 return nil, "Passwords unavailable for Cyrus SASL.";
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
57 end
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
58
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
59 function provider.set_password(username, password)
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
60 return nil, "Passwords unavailable for Cyrus SASL.";
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
61 end
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
62
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
63 function provider.user_exists(username)
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
64 if require_provisioning then
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
65 return usermanager_user_exists(username, host);
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
66 end
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
67 return true;
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
68 end
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
69
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
70 function provider.create_user(username, password)
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
71 return nil, "Account creation/modification not available with Cyrus SASL.";
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
72 end
3192
8ad50989d79e mod_auth_cyrus: Auth provider with support for Cyrus SASL.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
73
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
74 function provider.get_sasl_handler()
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
75 local handler = new_sasl(host);
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
76 if require_provisioning then
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
77 function handler.require_provisioning(username)
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
78 return usermanager_user_exists(username, host);
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
79 end
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
80 end
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
81 return handler;
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
82 end
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
83
5117
2c7e1ce8f482 mod_auth_*: Use module:provides().
Waqas Hussain <waqas20@gmail.com>
parents: 5115
diff changeset
84 module:provides("auth", provider);
5115
3939960b3c07 mod_auth_{internal_plain,cyrus,anonymous}: Get rid of useless wrapper function new_default_provider.
Waqas Hussain <waqas20@gmail.com>
parents: 5000
diff changeset
85