Mercurial > prosody-modules
annotate mod_auth_cyrus/mod_auth_cyrus.lua @ 5271:3a1df3adad0c
mod_http_oauth2: Allow user to decide which requested scopes to grant
These should at the very least be shown to the user, so they can decide
whether to grant them.
Considered whether to filter the requested scopes down to actually
understood scopes that would be granted, but decided that this was a bit
complex for a first step, since role role selection and other kinds of
scopes are mixed into the same field here.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 23 Mar 2023 16:28:08 +0100 |
parents | b8366e31c829 |
children |
rev | line source |
---|---|
4710
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Prosody IM |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- COPYING file in the source package for more information. |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 -- luacheck: ignore 212 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local log = require "util.logger".init("auth_cyrus"); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local usermanager_user_exists = require "core.usermanager".user_exists; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local cyrus_service_realm = module:get_option("cyrus_service_realm"); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local cyrus_service_name = module:get_option("cyrus_service_name"); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 local cyrus_application_name = module:get_option("cyrus_application_name"); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local require_provisioning = module:get_option("cyrus_require_provisioning") or false; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local host_fqdn = module:get_option("cyrus_server_fqdn"); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 prosody.unlock_globals(); --FIXME: Figure out why this is needed and |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 -- why cyrussasl isn't caught by the sandbox |
4927
b8366e31c829
mod_auth_cyrus: Adjust module import to work with repo clone - Fix #1744
Kim Alvefur <zash@zash.se>
parents:
4710
diff
changeset
|
22 local cyrus_new = module:require "sasl_cyrus".new; |
4710
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 prosody.lock_globals(); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 local new_sasl = function(realm) |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 return cyrus_new( |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 cyrus_service_realm or realm, |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 cyrus_service_name or "xmpp", |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 cyrus_application_name or "prosody", |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 host_fqdn |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 ); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 do -- diagnostic |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 local list; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 for mechanism in pairs(new_sasl(module.host):mechanisms()) do |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 list = (not(list) and mechanism) or (list..", "..mechanism); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 if not list then |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 module:log("error", "No Cyrus SASL mechanisms available"); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 else |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 module:log("debug", "Available Cyrus SASL mechanisms: %s", list); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 local host = module.host; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 -- define auth provider |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 local provider = {}; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 log("debug", "initializing default authentication provider for host '%s'", host); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 function provider.test_password(username, password) |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 return nil, "Legacy auth not supported with Cyrus SASL."; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 function provider.get_password(username) |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 return nil, "Passwords unavailable for Cyrus SASL."; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 function provider.set_password(username, password) |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 return nil, "Passwords unavailable for Cyrus SASL."; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 function provider.user_exists(username) |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 if require_provisioning then |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 return usermanager_user_exists(username, host); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 return true; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 function provider.create_user(username, password) |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 return nil, "Account creation/modification not available with Cyrus SASL."; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 function provider.get_sasl_handler() |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 local handler = new_sasl(host); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 if require_provisioning then |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 function handler.require_provisioning(username) |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 return usermanager_user_exists(username, host); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 return handler; |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 end |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 module:provides("auth", provider); |
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |