Annotate

plugins/mod_auth_insecure.lua @ 12482:b193f8a2737e

mod_tls: Do not offer TLS if the connection is considered secure This may be necessary if the session.conn object is not exchanged by the network backend when establishing TLS. In that case, the starttls method will always exist and thus that is not a good indicator for offering TLS. However, the secure bit already tells us that TLS has been established or is not to be established on the connection, so we use that instead.
author Jonas Schäfer <jonas@wielicki.name>
date Fri, 17 Sep 2021 21:18:30 +0200
parent 10914:0d7d71dee0a0
child 12671:32881d0c359f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
9275
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 -- Prosody IM
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 --
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 -- COPYING file in the source package for more information.
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 --
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 -- luacheck: ignore 212
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 local datamanager = require "util.datamanager";
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local new_sasl = require "util.sasl".new;
10914
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
12 local saslprep = require "util.encodings".stringprep.saslprep;
9275
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local host = module.host;
9292
d5f798efb1ba mod_auth_insecure: Fix module provider name
Matthew Wild <mwild1@gmail.com>
parents: 9275
diff changeset
15 local provider = { name = "insecure" };
9275
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 assert(module:get_option_string("insecure_open_authentication") == "Yes please, I know what I'm doing!");
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 function provider.test_password(username, password)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 return true;
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 function provider.set_password(username, password)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 local account = datamanager.load(username, host, "accounts");
10914
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
25 password = saslprep(password);
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
26 if not password then
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
27 return nil, "Password fails SASLprep.";
0d7d71dee0a0 mod_auth_internal_*: Apply saslprep to passwords
Kim Alvefur <zash@zash.se>
parents: 9292
diff changeset
28 end
9275
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 if account then
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 account.password = password;
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 return datamanager.store(username, host, "accounts", account);
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 return nil, "Account not available.";
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 function provider.user_exists(username)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 return true;
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 function provider.create_user(username, password)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 return datamanager.store(username, host, "accounts", {password = password});
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 function provider.delete_user(username)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 return datamanager.store(username, host, "accounts", nil);
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 function provider.get_sasl_handler()
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 local getpass_authentication_profile = {
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 plain_test = function(sasl, username, password, realm)
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 return true, true;
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 };
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 return new_sasl(module.host, getpass_authentication_profile);
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 end
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 module:add_item("auth-provider", provider);
db137a87511b mod_auth_insecure: Accept any username/password (import of mod_auth_any from prosody-modules)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58