annotate mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua @ 709:151743149f07

mod_client_certs: Follow the rules in XEP-0178 about the inclusion of the username when using EXTERNAL, instead of mapping one certificate to one user.
author Thijs Alkemade <thijsalkemade@gmail.com>
date Sat, 09 Jun 2012 23:15:44 +0200
parents 0c130c45b7c1
children 881ec9919144
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- Dovecot authentication backend for Prosody
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Copyright (C) 2010-2011 Waqas Hussain
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 -- Copyright (C) 2011 Kim Alvefur
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 --
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local name = "Dovecot SASL";
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local log = require "util.logger".init("auth_dovecot");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local socket_path = module:get_option_string("dovecot_auth_socket", "/var/run/dovecot/auth-login");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 local socket_host = module:get_option_string("dovecot_auth_host", "127.0.0.1");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local socket_port = module:get_option_string("dovecot_auth_port");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local service_realm = module:get_option("realm");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local service_name = module:get_option("service_name");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local append_host = module:get_option_boolean("auth_append_host");
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
17 --assert(not append_host, "auth_append_host does not work");
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local validate_domain = module:get_option_boolean("validate_append_host");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 local handle_appended = module:get_option_string("handle_appended");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 local util_sasl_new = require "util.sasl".new;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 local new_dovecot_sasl = module:require "sasl_dovecot".new;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 local new_sasl = function(realm)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 return new_dovecot_sasl(
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 service_realm or realm,
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 service_name or "xmpp",
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
29 socket_port and { socket_host, socket_port } or socket_path,
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 { --config
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 handle_domain = handle_appended or
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 (append_host and "split" or "escape"),
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 validate_domain = validate_domain,
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 }
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 );
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 do
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 local s = new_sasl(module.host)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 assert(s, "Could not create a new SASL object");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 assert(s.mechanisms, "SASL object has no mechanims method");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 local m, _m = {}, s:mechanisms();
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 assert(not append_host or _m.PLAIN, "auth_append_host requires PLAIN, but it is unavailable");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 for k in pairs(_m) do
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 table.insert(m, k);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 log("debug", "Mechanims found: %s", table.concat(m, ", "));
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 provider = {
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 name = module.name:gsub("^auth_","");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 };
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 function provider.test_password(username, password)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 return new_sasl(module.host):plain_test(username, password);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 function provider.get_password(username)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 return nil, "Passwords unavailable for "..name;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 function provider.set_password(username, password)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 return nil, "Passwords unavailable for "..name;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 function provider.user_exists(username)
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
68 return true -- FIXME
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
69 --[[ This, sadly, doesn't work.
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 local user_test = new_sasl(module.host);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 user_test:select("PLAIN");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 user_test:process(("\0%s\0"):format(username));
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 return user_test.username == username;
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
74 --]]
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 function provider.create_user(username, password)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 return nil, "Account creation/modification not available with "..name;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 function provider.get_sasl_handler()
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 return new_sasl(module.host);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
85 if append_host then
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
86 function provider.test_password(username, password)
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
87 return new_sasl(module.host):plain_test(username .. "@".. (service_realm or module.host), password);
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
88 end
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
89
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
90 provider.get_sasl_handler = nil
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
91 end
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
92
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93 module:add_item("auth-provider", provider);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94