Mercurial > prosody-modules
annotate mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua @ 2366:14021c93a962
mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 15 Nov 2016 15:00:38 +0000 |
parents | 7dbde05b48a9 |
children |
rev | line source |
---|---|
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 -- Prosody IM |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 -- |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 -- COPYING file in the source package for more information. |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 -- |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local datamanager = require "util.datamanager"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local storagemanager = require "core.storagemanager"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local log = require "util.logger".init("auth_internal_yubikey"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local type = type; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local error = error; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 local ipairs = ipairs; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 local hashes = require "util.hashes"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 local jid = require "util.jid"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local jid_bare = require "util.jid".bare; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 local config = require "core.configmanager"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 local usermanager = require "core.usermanager"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 local new_sasl = require "util.sasl".new; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 local hosts = hosts; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 local prosody = _G.prosody; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 local yubikey = require "yubikey".new_authenticator({ |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 prefix_length = module:get_option_number("yubikey_prefix_length", 0); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 check_credentials = function (ret, state, data) |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 local account = data.account; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 local yubikey_hash = hashes.sha1(ret.public_id..ret.private_id..(ret.password or ""), true); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 if yubikey_hash == account.yubikey_hash then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 return true; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 return false, "invalid-otp"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 end; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 store_device_info = function (state, data) |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 local new_account = {}; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 for k, v in pairs(data.account) do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 new_account[k] = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 new_account.yubikey_state = state; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 datamanager.store(data.username, data.host, "accounts", new_account); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 end; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 }); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 local global_yubikey_key = module:get_option_string("yubikey_key"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
47 local host = module.host; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
48 local provider = {}; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
49 log("debug", "initializing default authentication provider for host '%s'", host); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
50 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
51 function provider.test_password(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
52 log("debug", "test password '%s' for user %s at host %s", password, username, module.host); |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
54 local account_info = datamanager.load(username, host, "accounts") or {}; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
55 local yubikey_key = account_info.yubikey_key or global_yubikey_key; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
56 if account_info.yubikey_key then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
57 log("debug", "Authenticating Yubikey OTP for %s", username); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
58 local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host }); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
59 if not authed then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
60 log("debug", "Failed to authenticate %s via OTP: %s", username, err); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
61 return authed, err; |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 end |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
63 return authed; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
64 elseif account_info.password and password == account_info.password then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
65 -- No yubikey configured for this user, treat as normal password |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
66 log("debug", "No yubikey configured for %s, successful login using password auth", username); |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 return true; |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
68 else |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
69 return nil, "Auth failed. Invalid username or password."; |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 end |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
71 end |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
73 function provider.get_password(username) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
74 log("debug", "get_password for username '%s' at host '%s'", username, module.host); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
75 return (datamanager.load(username, host, "accounts") or {}).password; |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
78 function provider.set_password(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
79 local account = datamanager.load(username, host, "accounts"); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
80 if account then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
81 account.password = password; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
82 return datamanager.store(username, host, "accounts", account); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
83 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
84 return nil, "Account not available."; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
85 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
86 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
87 function provider.user_exists(username) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
88 local account = datamanager.load(username, host, "accounts"); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
89 if not account then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
90 log("debug", "account not found for username '%s' at host '%s'", username, module.host); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
91 return nil, "Auth failed. Invalid username"; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
92 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
93 return true; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
94 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
95 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
96 function provider.create_user(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
97 return datamanager.store(username, host, "accounts", {password = password}); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
98 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
99 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
100 function provider.delete_user(username) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
101 return datamanager.store(username, host, "accounts", nil); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
102 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
103 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
104 function provider.get_sasl_handler() |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
105 local realm = module:get_option("sasl_realm") or module.host; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
106 local getpass_authentication_profile = { |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
107 plain_test = function(sasl, username, password, realm) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
108 return usermanager.test_password(username, realm, password), true; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
109 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
110 }; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
111 return new_sasl(realm, getpass_authentication_profile); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
112 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
113 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
114 module:provides("auth", provider); |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 function module.command(arg) |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 local command = arg[1]; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 table.remove(arg, 1); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 if command == "associate" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 local user_jid = arg[1]; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 if not user_jid or user_jid == "help" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 return 1; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
125 |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 local username, host = jid.prepped_split(user_jid); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 if not username or not host then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 print("Invalid JID: "..user_jid); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 return 1; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
131 |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 local password, public_id, private_id, key; |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
133 |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 for i=2,#arg do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 local k, v = arg[i]:match("^%-%-(%w+)=(.*)$"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 if not k then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 k, v = arg[i]:match("^%-(%w)(.*)$"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 if k == "password" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 password = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 elseif k == "fixed" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 public_id = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 elseif k == "uid" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 private_id = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 elseif k == "key" or k == "a" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 key = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
149 |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 if not password then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 print(":: Password ::"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 print("This is an optional password that should be always"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 print("entered during login *before* the yubikey password."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
154 print("If the yubikey is lost/stolen, unless the attacker"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 print("knows this prefix, they cannot access the account."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 print(""); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 password = prosodyctl.read_password(); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 if not password then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 print("Cancelled."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 return 1; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
163 |
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
164 if not public_id then |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 print(":: Public Yubikey ID ::"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 print("This is a fixed string of characters between 0 and 16"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 print("bytes long that the Yubikey prefixes to every token."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 print("The ID should be entered in modhex encoding, meaning "); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 print("a string up to 32 characters. This *must* match"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 print("exactly the fixed string programmed into the yubikey."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 print(""); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
172 io.write("Enter fixed id (modhex): "); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 while true do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 public_id = io.read("*l"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
175 if #public_id > 32 then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 print("The fixed id must be 32 characters or less. Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 elseif public_id:match("[^cbdefghijklnrtuv]") then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
178 print("The fixed id contains invalid characters. It must be entered in modhex encoding. Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
179 else |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 break; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
183 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
184 |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 if not private_id then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 print(":: Private Yubikey ID ::"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 print("This is a fixed secret UID programmed into the yubikey"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 print("during configuration. It must be entered in hex (not modhex)"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 print("encoding. It is always 6 bytes long, which is 12 characters"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 print("in hex encoding."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 print(""); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
192 while true do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 io.write("Enter private UID (hex): "); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
194 private_id = io.read("*l"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 if #private_id ~= 12 then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
196 print("The id length must be 12 characters in hex encoding. Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 elseif private_id:match("%X") then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 else |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 break; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
201 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
203 end |
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
204 |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 if not key then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
206 print(":: AES Encryption Key ::"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
207 print("This is the secret key that the Yubikey uses to encrypt the"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
208 print("generated tokens. It is 32 characters in hex encoding."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
209 print(""); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
210 while true do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
211 io.write("Enter AES key (hex): "); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
212 key = io.read("*l"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
213 if #key ~= 32 then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
214 print("The key length must be 32 characters in hex encoding. Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
215 elseif key:match("%X") then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
216 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
217 else |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
218 break; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
219 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
220 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
221 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
222 |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
223 local hash = hashes.sha1(public_id..private_id..password, true); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
224 local account = { |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
225 yubikey_hash = hash; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
226 yubikey_key = key; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
227 }; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
228 storagemanager.initialize_host(host); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
229 local ok, err = datamanager.store(username, host, "accounts", account); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
230 if not ok then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
231 print("Error saving configuration:"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
232 print("", err); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
233 return 1; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
234 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
235 print("Saved."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
236 return 0; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
237 end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
238 end |