prosody
a5d5fefb8b68
util/sasl.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

util/sasl.lua @ 13801:a5d5fefb8b68 13.0

mod_tls: Enable Prosody's certificate checking for incoming s2s connections (fixes #1916) (thanks Damian, Zash) Various options in Prosody allow control over the behaviour of the certificate verification process For example, some deployments choose to allow falling back to traditional "dialback" authentication (XEP-0220), while others verify via DANE, hard-coded fingerprints, or other custom plugins. Implementing this flexibility requires us to override OpenSSL's default certificate verification, to allow Prosody to verify the certificate itself, apply custom policies and make decisions based on the outcome. To enable our custom logic, we have to suppress OpenSSL's default behaviour of aborting the connection with a TLS alert message. With LuaSec, this can be achieved by using the verifyext "lsec_continue" flag. We also need to use the lsec_ignore_purpose flag, because XMPP s2s uses server certificates as "client" certificates (for mutual TLS verification in outgoing s2s connections). Commit 99d2100d2918 moved these settings out of the defaults and into mod_s2s, because we only really need these changes for s2s, and they should be opt-in, rather than automatically applied to all TLS services we offer. That commit was incomplete, because it only added the flags for incoming direct TLS connections. StartTLS connections are handled by mod_tls, which was not applying the lsec_* flags. It previously worked because they were already in the defaults. This resulted in incoming s2s connections with "invalid" certificates being aborted early by OpenSSL, even if settings such as `s2s_secure_auth = false` or DANE were present in the config. Outgoing s2s connections inherit verify "none" from the defaults, which means OpenSSL will receive the cert but will not terminate the connection when it is deemed invalid. This means we don't need lsec_continue there, and we also don't need lsec_ignore_purpose (because the remote peer is a "server"). Wondering why we can't just use verify "none" for incoming s2s? It's because in that mode, OpenSSL won't request a certificate from the peer for incoming connections. Setting verify "peer" is how you ask OpenSSL to request a certificate from the client, but also what triggers its built-in verification.
author Matthew Wild <mwild1@gmail.com>
date Tue, 01 Apr 2025 17:26:56 +0100
parent 13758:fc97319ef48e
line wrap: on
line source

-- sasl.lua v0.4
-- Copyright (C) 2008-2010 Tobias Markmann
--
--    All rights reserved.
--
--    Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
--
--        * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
--        * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
--        * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
--
--    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


local pairs, ipairs = pairs, ipairs;
local t_insert = table.insert;
local type = type
local setmetatable = setmetatable;
local assert = assert;
local require = require;

local _ENV = nil;
-- luacheck: std none

--[[
Authentication Backend Prototypes:

state = false : disabled
state = true : enabled
state = nil : non-existent

Channel Binding:

To enable support of channel binding in some mechanisms you need to provide appropriate callbacks in a table
at profile.cb.

Example:
	profile.cb["tls-unique"] = function(self)
		return self.user
	end

]]

local method = {};
method.__index = method;
local registered_mechanisms = {};
local backend_mechanism = {};
local mechanism_channelbindings = {};

-- register a new SASL mechanism
local function registerMechanism(name, backends, f, cb_backends)
	assert(type(name) == "string", "Parameter name MUST be a string.");
	assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table.");
	assert(type(f) == "function", "Parameter f MUST be a function.");
	if cb_backends then assert(type(cb_backends) == "table"); end
	registered_mechanisms[name] = f
	if cb_backends then
		mechanism_channelbindings[name] = {};
		for _, cb_name in ipairs(cb_backends) do
			mechanism_channelbindings[name][cb_name] = true;
		end
	end
	for _, backend_name in ipairs(backends) do
		if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end
		t_insert(backend_mechanism[backend_name], name);
	end
end

-- create a new SASL object which can be used to authenticate clients
local function new(realm, profile, userdata)
	local mechanisms = profile.mechanisms;
	if not mechanisms then
		mechanisms = {};
		for backend in pairs(profile) do
			if backend_mechanism[backend] then
				for _, mechanism in ipairs(backend_mechanism[backend]) do
					mechanisms[mechanism] = true;
				end
			end
		end
		profile.mechanisms = mechanisms;
	end
	return setmetatable({
		profile = profile,
		realm = realm,
		mechs = mechanisms,
		userdata = userdata
	}, method);
end

-- add a channel binding handler
function method:add_cb_handler(name, f)
	if type(self.profile.cb) ~= "table" then
		self.profile.cb = {};
	end
	self.profile.cb[name] = f;
	return self;
end

-- get a fresh clone with the same realm and profile
function method:clean_clone()
	return new(self.realm, self.profile, self.userdata)
end

-- get a list of possible SASL mechanisms to use
function method:mechanisms()
	local current_mechs = {};
	for mech, _ in pairs(self.mechs) do
		if mechanism_channelbindings[mech] then
			if self.profile.cb then
				local ok = false;
				for cb_name, _ in pairs(self.profile.cb) do
					if mechanism_channelbindings[mech][cb_name] then
						ok = true;
					end
				end
				if ok == true then current_mechs[mech] = true; end
			end
		else
			current_mechs[mech] = true;
		end
	end
	return current_mechs;
end

-- select a mechanism to use
function method:select(mechanism)
	if not self.selected and self.mechs[mechanism] then
		self.selected = mechanism;
		return true;
	end
end

-- feed new messages to process into the library
function method:process(message)
	--if message == "" or message == nil then return "failure", "malformed-request" end
	return registered_mechanisms[self.selected](self, message);
end

-- load the mechanisms
require "prosody.util.sasl.plain"       .init(registerMechanism);
require "prosody.util.sasl.anonymous"   .init(registerMechanism);
require "prosody.util.sasl.oauthbearer" .init(registerMechanism);
require "prosody.util.sasl.scram"       .init(registerMechanism);
require "prosody.util.sasl.external"    .init(registerMechanism);

return {
	registerMechanism = registerMechanism;
	new = new;
};