Software /
code /
prosody
File
core/usermanager.lua @ 3106:f4341cac3ae1
util.sasl.scram: Fixing issue #177.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Sat, 22 May 2010 20:51:01 +0200 |
parent | 3064:596303990c7c |
child | 3065:0b8bd6f6a9c7 |
child | 3113:30896751dd43 |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- local datamanager = require "util.datamanager"; local log = require "util.logger".init("usermanager"); local type = type; local error = error; local ipairs = ipairs; local hashes = require "util.hashes"; local jid_bare = require "util.jid".bare; local config = require "core.configmanager"; local hosts = hosts; local require_provisioning = config.get("*", "core", "cyrus_require_provisioning") or false; module "usermanager" local function is_cyrus(host) return config.get(host, "core", "sasl_backend") == "cyrus"; end function validate_credentials(host, username, password, method) log("debug", "User '%s' is being validated", username); if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end local credentials = datamanager.load(username, host, "accounts") or {}; if method == nil then method = "PLAIN"; end if method == "PLAIN" and credentials.password then -- PLAIN, do directly if password == credentials.password then return true; else return nil, "Auth failed. Invalid username or password."; end end -- must do md5 -- make credentials md5 local pwd = credentials.password; if not pwd then pwd = credentials.md5; else pwd = hashes.md5(pwd, true); end -- make password md5 if method == "PLAIN" then password = hashes.md5(password or "", true); elseif method ~= "DIGEST-MD5" then return nil, "Unsupported auth method"; end -- compare if password == pwd then return true; else return nil, "Auth failed. Invalid username or password."; end end function get_password(username, host) if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end return (datamanager.load(username, host, "accounts") or {}).password end function set_password(username, host, password) if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end local account = datamanager.load(username, host, "accounts"); if account then account.password = password; return datamanager.store(username, host, "accounts", account); end return nil, "Account not available."; end function user_exists(username, host) if not(require_provisioning) and is_cyrus(host) then return true; end return datamanager.load(username, host, "accounts") ~= nil; -- FIXME also check for empty credentials end function create_user(username, password, host) if not(require_provisioning) and is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end return datamanager.store(username, host, "accounts", {password = password}); end function get_supported_methods(host) return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config end function is_admin(jid, host) host = host or "*"; local admins = config.get(host, "core", "admins"); if host ~= "*" and admins == config.get("*", "core", "admins") then return nil; end if type(admins) == "table" then jid = jid_bare(jid); for _,admin in ipairs(admins) do if admin == jid then return true; end end elseif admins then log("warn", "Option 'admins' for host '%s' is not a table", host); end return nil; end return _M;