Software /
code /
prosody
Annotate
util/sasl_cyrus.lua @ 3433:b567ac8e2040
modulemanager: Remove dependency on eventmanager
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 03 Aug 2010 10:52:53 +0100 |
parent | 3428:8a12ae696687 |
child | 3441:d4f89802cf1e |
rev | line source |
---|---|
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
1 -- sasl.lua v0.4 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2009 Tobias Markmann |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
3 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
4 -- All rights reserved. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
5 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
7 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
11 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
13 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
14 local cyrussasl = require "cyrussasl"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
15 local log = require "util.logger".init("sasl_cyrus"); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
16 local array = require "util.array"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
17 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
18 local tostring = tostring; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
19 local pairs, ipairs = pairs, ipairs; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
20 local t_insert, t_concat = table.insert, table.concat; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
21 local s_match = string.match; |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
22 local setmetatable = setmetatable |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
23 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
24 local keys = keys; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
25 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
26 local print = print |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
27 local pcall = pcall |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
28 local s_match, s_gmatch = string.match, string.gmatch |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
29 |
3298
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
30 local sasl_errstring = { |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
31 -- SASL result codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
32 [1] = "another step is needed in authentication"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
33 [0] = "successful result"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
34 [-1] = "generic failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
35 [-2] = "memory shortage failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
36 [-3] = "overflowed buffer"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
37 [-4] = "mechanism not supported"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
38 [-5] = "bad protocol / cancel"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
39 [-6] = "can't request info until later in exchange"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
40 [-7] = "invalid parameter supplied"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
41 [-8] = "transient failure (e.g., weak key)"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
42 [-9] = "integrity check failed"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
43 [-12] = "SASL library not initialized"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
44 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
45 -- client only codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
46 [2] = "needs user interaction"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
47 [-10] = "server failed mutual authentication step"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
48 [-11] = "mechanism doesn't support requested feature"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
49 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
50 -- server only codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
51 [-13] = "authentication failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
52 [-14] = "authorization failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
53 [-15] = "mechanism too weak for this user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
54 [-16] = "encryption needed to use mechanism"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
55 [-17] = "One time use of a plaintext password will enable requested mechanism for user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
56 [-18] = "passphrase expired, has to be reset"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
57 [-19] = "account disabled"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
58 [-20] = "user not found"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
59 [-23] = "version mismatch with plug-in"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
60 [-24] = "remote authentication server unavailable"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
61 [-26] = "user exists, but no verifier for user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
62 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
63 -- codes for password setting -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
64 [-21] = "passphrase locked"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
65 [-22] = "requested change was not needed"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
66 [-27] = "passphrase is too weak for security policy"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
67 [-28] = "user supplied passwords not permitted"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
68 }; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
69 setmetatable(sasl_errstring, { __index = function() return "undefined error!" end }); |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
70 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
71 module "sasl_cyrus" |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
72 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
73 local method = {}; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
74 method.__index = method; |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
75 local initialized = false; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
76 |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
77 local function init(service_name) |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
78 if not initialized then |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
79 local st, errmsg = pcall(cyrussasl.server_init, service_name); |
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
80 if st then |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
81 initialized = true; |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
82 else |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
83 log("error", "Failed to initialize Cyrus SASL: %s", errmsg); |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
84 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
85 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
86 end |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
87 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
88 -- create a new SASL object which can be used to authenticate clients |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
89 function new(realm, service_name, app_name) |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
90 |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
91 init(app_name or service_name); |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
92 |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
93 local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil) |
3428
8a12ae696687
util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents:
3426
diff
changeset
|
94 if not st then |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
95 log("error", "Creating SASL server connection failed: %s", ret); |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
96 return nil; |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
97 end |
2895
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
98 |
3428
8a12ae696687
util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents:
3426
diff
changeset
|
99 local sasl_i = { realm = realm, service_name = service_name, cyrus = ret }; |
8a12ae696687
util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents:
3426
diff
changeset
|
100 |
2895
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
101 if cyrussasl.set_canon_cb then |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
102 local c14n_cb = function (user) |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
103 local node = s_match(user, "^([^@]+)"); |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
104 log("debug", "Canonicalizing username %s to %s", user, node) |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
105 return node |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
106 end |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
107 cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb); |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
108 end |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
109 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
110 cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff) |
3428
8a12ae696687
util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents:
3426
diff
changeset
|
111 return setmetatable(sasl_i, method); |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
112 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
113 |
3426
37b9b8e171b9
util.sasl_cyrus: Removed method:forbidden().
Waqas Hussain <waqas20@gmail.com>
parents:
3373
diff
changeset
|
114 -- get a fresh clone with the same realm and service name |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
115 function method:clean_clone() |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
116 return new(self.realm, self.service_name) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
117 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
118 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
119 -- get a list of possible SASL mechanims to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
120 function method:mechanisms() |
3365
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
121 local mechanisms = self.mechs; |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
122 if not mechanisms then |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
123 mechanisms = {} |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
124 local cyrus_mechs = cyrussasl.listmech(self.cyrus, nil, "", " ", "") |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
125 for w in s_gmatch(cyrus_mechs, "[^ ]+") do |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
126 mechanisms[w] = true; |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
127 end |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
128 self.mechs = mechanisms |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
129 end |
3363
a4bb658d3fcb
SASL: Simplified sasl_handler:mechanisms() to return a set, and not an array.
Waqas Hussain <waqas20@gmail.com>
parents:
3299
diff
changeset
|
130 return mechanisms; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
131 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
132 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
133 -- select a mechanism to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
134 function method:select(mechanism) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
135 self.mechanism = mechanism; |
3373
cd6836586a6a
util.sasl, util.sasl_cyrus: s/self.mechanisms()/self:mechanisms()/ in method:select().
Waqas Hussain <waqas20@gmail.com>
parents:
3366
diff
changeset
|
136 return self:mechanisms()[mechanism]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
137 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
138 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
139 -- feed new messages to process into the library |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
140 function method:process(message) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
141 local err; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
142 local data; |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
143 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
144 if self.mechanism then |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
145 err, data = cyrussasl.server_start(self.cyrus, self.mechanism, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
146 else |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
147 err, data = cyrussasl.server_step(self.cyrus, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
148 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
149 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
150 self.username = cyrussasl.get_username(self.cyrus) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
151 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
152 if (err == 0) then -- SASL_OK |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
153 return "success", data |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
154 elseif (err == 1) then -- SASL_CONTINUE |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
155 return "challenge", data |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
156 elseif (err == -4) then -- SASL_NOMECH |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
157 log("debug", "SASL mechanism not available from remote end") |
2903
d6da8f8e3502
util.sasl_cyrus: Return invalid-mechanism instead of undefined-condition where appropriate
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
158 return "failure", "invalid-mechanism", "SASL mechanism not available" |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
159 elseif (err == -13) then -- SASL_BADAUTH |
3299
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
160 return "failure", "not-authorized", sasl_errstring[err]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
161 else |
3299
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
162 log("debug", "Got SASL error condition %d: %s", err, sasl_errstring[err]); |
4448789c19ca
util.sasl_cyrus: Return error strings using the new table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3298
diff
changeset
|
163 return "failure", "undefined-condition", sasl_errstring[err]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
164 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
165 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
166 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
167 return _M; |