Annotate

util/sasl_cyrus.lua @ 4855:a31ea431d906

certmanager: Adjust error messages to be non-specific about 'host' (so we can specify a service name instead ffor SSL)
author Matthew Wild <mwild1@gmail.com>
date Fri, 11 May 2012 20:24:15 +0100
parent 3550:5e5d136d9de0
child 5000:58c9519dc461
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
1 -- sasl.lua v0.4
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
2 -- Copyright (C) 2008-2009 Tobias Markmann
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
3 --
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
4 -- All rights reserved.
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
5 --
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
7 --
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
11 --
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
13
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
14 local cyrussasl = require "cyrussasl";
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
15 local log = require "util.logger".init("sasl_cyrus");
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
16
2394
a2972f9fda6d util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents: 2393
diff changeset
17 local setmetatable = setmetatable
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
18
2394
a2972f9fda6d util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents: 2393
diff changeset
19 local pcall = pcall
2396
39b2523bcf44 first working version with Cyrus SASL support.
jorj@jorj.org
parents: 2394
diff changeset
20 local s_match, s_gmatch = string.match, string.gmatch
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
21
3298
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
22 local sasl_errstring = {
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
23 -- SASL result codes --
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
24 [1] = "another step is needed in authentication";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
25 [0] = "successful result";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
26 [-1] = "generic failure";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
27 [-2] = "memory shortage failure";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
28 [-3] = "overflowed buffer";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
29 [-4] = "mechanism not supported";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
30 [-5] = "bad protocol / cancel";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
31 [-6] = "can't request info until later in exchange";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
32 [-7] = "invalid parameter supplied";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
33 [-8] = "transient failure (e.g., weak key)";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
34 [-9] = "integrity check failed";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
35 [-12] = "SASL library not initialized";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
36
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
37 -- client only codes --
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
38 [2] = "needs user interaction";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
39 [-10] = "server failed mutual authentication step";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
40 [-11] = "mechanism doesn't support requested feature";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
41
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
42 -- server only codes --
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
43 [-13] = "authentication failure";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
44 [-14] = "authorization failure";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
45 [-15] = "mechanism too weak for this user";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
46 [-16] = "encryption needed to use mechanism";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
47 [-17] = "One time use of a plaintext password will enable requested mechanism for user";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
48 [-18] = "passphrase expired, has to be reset";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
49 [-19] = "account disabled";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
50 [-20] = "user not found";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
51 [-23] = "version mismatch with plug-in";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
52 [-24] = "remote authentication server unavailable";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
53 [-26] = "user exists, but no verifier for user";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
54
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
55 -- codes for password setting --
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
56 [-21] = "passphrase locked";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
57 [-22] = "requested change was not needed";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
58 [-27] = "passphrase is too weak for security policy";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
59 [-28] = "user supplied passwords not permitted";
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
60 };
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
61 setmetatable(sasl_errstring, { __index = function() return "undefined error!" end });
94087ee7587b util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents: 3157
diff changeset
62
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
63 module "sasl_cyrus"
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
64
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
65 local method = {};
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
66 method.__index = method;
2402
0f884bb1f08a util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents: 2401
diff changeset
67 local initialized = false;
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
68
2402
0f884bb1f08a util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents: 2401
diff changeset
69 local function init(service_name)
0f884bb1f08a util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents: 2401
diff changeset
70 if not initialized then
2404
d7abdd6893b8 util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents: 2403
diff changeset
71 local st, errmsg = pcall(cyrussasl.server_init, service_name);
d7abdd6893b8 util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents: 2403
diff changeset
72 if st then
2402
0f884bb1f08a util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents: 2401
diff changeset
73 initialized = true;
2404
d7abdd6893b8 util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents: 2403
diff changeset
74 else
2902
c405486f289c util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents: 2901
diff changeset
75 log("error", "Failed to initialize Cyrus SASL: %s", errmsg);
2402
0f884bb1f08a util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents: 2401
diff changeset
76 end
0f884bb1f08a util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents: 2401
diff changeset
77 end
0f884bb1f08a util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents: 2401
diff changeset
78 end
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
79
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
80 -- create a new SASL object which can be used to authenticate clients
3063
ca149818083d util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents: 2903
diff changeset
81 function new(realm, service_name, app_name)
2403
916482cdfb74 util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents: 2402
diff changeset
82
3063
ca149818083d util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents: 2903
diff changeset
83 init(app_name or service_name);
2403
916482cdfb74 util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents: 2402
diff changeset
84
2901
5f3ccf7dd3f1 util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents: 2895
diff changeset
85 local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil)
3428
8a12ae696687 util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3426
diff changeset
86 if not st then
2902
c405486f289c util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents: 2901
diff changeset
87 log("error", "Creating SASL server connection failed: %s", ret);
2901
5f3ccf7dd3f1 util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents: 2895
diff changeset
88 return nil;
5f3ccf7dd3f1 util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents: 2895
diff changeset
89 end
2895
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
90
3428
8a12ae696687 util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3426
diff changeset
91 local sasl_i = { realm = realm, service_name = service_name, cyrus = ret };
8a12ae696687 util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3426
diff changeset
92
2895
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
93 if cyrussasl.set_canon_cb then
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
94 local c14n_cb = function (user)
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
95 local node = s_match(user, "^([^@]+)");
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
96 log("debug", "Canonicalizing username %s to %s", user, node)
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
97 return node
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
98 end
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
99 cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb);
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
100 end
ea5fe15a82f5 util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents: 2881
diff changeset
101
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
102 cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff)
3549
395d5bb5266e util.sasl, util.sasl_cyrus: Load mechanisms list early rather than lazily, as they are always loaded anyway.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
103 local mechanisms = {};
395d5bb5266e util.sasl, util.sasl_cyrus: Load mechanisms list early rather than lazily, as they are always loaded anyway.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
104 local cyrus_mechs = cyrussasl.listmech(sasl_i.cyrus, nil, "", " ", "");
395d5bb5266e util.sasl, util.sasl_cyrus: Load mechanisms list early rather than lazily, as they are always loaded anyway.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
105 for w in s_gmatch(cyrus_mechs, "[^ ]+") do
395d5bb5266e util.sasl, util.sasl_cyrus: Load mechanisms list early rather than lazily, as they are always loaded anyway.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
106 mechanisms[w] = true;
395d5bb5266e util.sasl, util.sasl_cyrus: Load mechanisms list early rather than lazily, as they are always loaded anyway.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
107 end
395d5bb5266e util.sasl, util.sasl_cyrus: Load mechanisms list early rather than lazily, as they are always loaded anyway.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
108 sasl_i.mechs = mechanisms;
3428
8a12ae696687 util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents: 3426
diff changeset
109 return setmetatable(sasl_i, method);
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
110 end
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
111
3426
37b9b8e171b9 util.sasl_cyrus: Removed method:forbidden().
Waqas Hussain <waqas20@gmail.com>
parents: 3373
diff changeset
112 -- get a fresh clone with the same realm and service name
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
113 function method:clean_clone()
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
114 return new(self.realm, self.service_name)
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
115 end
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
116
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
117 -- get a list of possible SASL mechanims to use
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
118 function method:mechanisms()
3549
395d5bb5266e util.sasl, util.sasl_cyrus: Load mechanisms list early rather than lazily, as they are always loaded anyway.
Waqas Hussain <waqas20@gmail.com>
parents: 3468
diff changeset
119 return self.mechs;
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
120 end
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
121
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
122 -- select a mechanism to use
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
123 function method:select(mechanism)
3550
5e5d136d9de0 util.sasl, util.sasl_cyrus: Mechanism selection cleaned up to be more consistent.
Waqas Hussain <waqas20@gmail.com>
parents: 3549
diff changeset
124 if not self.selected and self.mechs[mechanism] then
5e5d136d9de0 util.sasl, util.sasl_cyrus: Mechanism selection cleaned up to be more consistent.
Waqas Hussain <waqas20@gmail.com>
parents: 3549
diff changeset
125 self.selected = mechanism;
5e5d136d9de0 util.sasl, util.sasl_cyrus: Mechanism selection cleaned up to be more consistent.
Waqas Hussain <waqas20@gmail.com>
parents: 3549
diff changeset
126 return true;
5e5d136d9de0 util.sasl, util.sasl_cyrus: Mechanism selection cleaned up to be more consistent.
Waqas Hussain <waqas20@gmail.com>
parents: 3549
diff changeset
127 end
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
128 end
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
129
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
130 -- feed new messages to process into the library
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
131 function method:process(message)
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
132 local err;
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
133 local data;
2396
39b2523bcf44 first working version with Cyrus SASL support.
jorj@jorj.org
parents: 2394
diff changeset
134
3443
1159e007cc8f util.sasl_cyrus: Make multi-step SASL mechanisms work correctly.
Waqas Hussain <waqas20@gmail.com>
parents: 3441
diff changeset
135 if not self.first_step_done then
3550
5e5d136d9de0 util.sasl, util.sasl_cyrus: Mechanism selection cleaned up to be more consistent.
Waqas Hussain <waqas20@gmail.com>
parents: 3549
diff changeset
136 err, data = cyrussasl.server_start(self.cyrus, self.selected, message or "")
3443
1159e007cc8f util.sasl_cyrus: Make multi-step SASL mechanisms work correctly.
Waqas Hussain <waqas20@gmail.com>
parents: 3441
diff changeset
137 self.first_step_done = true;
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
138 else
2396
39b2523bcf44 first working version with Cyrus SASL support.
jorj@jorj.org
parents: 2394
diff changeset
139 err, data = cyrussasl.server_step(self.cyrus, message or "")
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
140 end
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
141
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
142 self.username = cyrussasl.get_username(self.cyrus)
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
143
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
144 if (err == 0) then -- SASL_OK
3468
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3467
diff changeset
145 if self.require_provisioning and not self.require_provisioning(self.username) then
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3467
diff changeset
146 return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
d50e2c937717 mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents: 3467
diff changeset
147 end
3467
c9f4c3aa14a1 util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents: 3443
diff changeset
148 return "success", data
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
149 elseif (err == 1) then -- SASL_CONTINUE
3467
c9f4c3aa14a1 util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents: 3443
diff changeset
150 return "challenge", data
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
151 elseif (err == -4) then -- SASL_NOMECH
3467
c9f4c3aa14a1 util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents: 3443
diff changeset
152 log("debug", "SASL mechanism not available from remote end")
c9f4c3aa14a1 util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents: 3443
diff changeset
153 return "failure", "invalid-mechanism", "SASL mechanism not available"
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
154 elseif (err == -13) then -- SASL_BADAUTH
3467
c9f4c3aa14a1 util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents: 3443
diff changeset
155 return "failure", "not-authorized", sasl_errstring[err];
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
156 else
3467
c9f4c3aa14a1 util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents: 3443
diff changeset
157 log("debug", "Got SASL error condition %d: %s", err, sasl_errstring[err]);
c9f4c3aa14a1 util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents: 3443
diff changeset
158 return "failure", "undefined-condition", sasl_errstring[err];
2389
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
159 end
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
160 end
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
161
8f6526da4757 Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
162 return _M;