annotate mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua @ 853:4d27552ac443

mod_websocket: Don't offer starttls
author Florian Zeitz <florob@babelmonkeys.de>
date Thu, 25 Oct 2012 17:45:08 +0200
parents 960007b0901e
children 490cb9161c81
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
341
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 -- Prosody IM
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 --
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 -- COPYING file in the source package for more information.
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 --
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local datamanager = require "util.datamanager";
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 local storagemanager = require "core.storagemanager";
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local log = require "util.logger".init("auth_internal_yubikey");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local type = type;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local error = error;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local ipairs = ipairs;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local hashes = require "util.hashes";
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 local jid = require "util.jid";
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 local jid_bare = require "util.jid".bare;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 local config = require "core.configmanager";
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 local usermanager = require "core.usermanager";
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 local new_sasl = require "util.sasl".new;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 local nodeprep = require "util.encodings".stringprep.nodeprep;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 local hosts = hosts;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 local prosody = _G.prosody;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 local yubikey = require "yubikey".new_authenticator({
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 prefix_length = module:get_option_number("yubikey_prefix_length", 0);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 check_credentials = function (ret, state, data)
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 local account = data.account;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 local yubikey_hash = hashes.sha1(ret.public_id..ret.private_id..(ret.password or ""), true);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 if yubikey_hash == account.yubikey_hash then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 return true;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 return false, "invalid-otp";
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 end;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 store_device_info = function (state, data)
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 local new_account = {};
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 for k, v in pairs(data.account) do
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 new_account[k] = v;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 new_account.yubikey_state = state;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 datamanager.store(data.username, data.host, "accounts", new_account);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 end;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 });
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 local global_yubikey_key = module:get_option_string("yubikey_key");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
48 local host = module.host;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
49 local provider = {};
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
50 log("debug", "initializing default authentication provider for host '%s'", host);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
51
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
52 function provider.test_password(username, password)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
53 log("debug", "test password '%s' for user %s at host %s", password, username, module.host);
341
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
55 local account_info = datamanager.load(username, host, "accounts") or {};
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
56 local yubikey_key = account_info.yubikey_key or global_yubikey_key;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
57 if account_info.yubikey_key then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
58 log("debug", "Authenticating Yubikey OTP for %s", username);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
59 local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host });
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
60 if not authed then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
61 log("debug", "Failed to authenticate %s via OTP: %s", username, err);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
62 return authed, err;
341
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 end
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
64 return authed;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
65 elseif account_info.password and password == account_info.password then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
66 -- No yubikey configured for this user, treat as normal password
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
67 log("debug", "No yubikey configured for %s, successful login using password auth", username);
341
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 return true;
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
69 else
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
70 return nil, "Auth failed. Invalid username or password.";
341
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 end
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
72 end
341
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
74 function provider.get_password(username)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
75 log("debug", "get_password for username '%s' at host '%s'", username, module.host);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
76 return (datamanager.load(username, host, "accounts") or {}).password;
341
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
79 function provider.set_password(username, password)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
80 local account = datamanager.load(username, host, "accounts");
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
81 if account then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
82 account.password = password;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
83 return datamanager.store(username, host, "accounts", account);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
84 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
85 return nil, "Account not available.";
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
86 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
87
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
88 function provider.user_exists(username)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
89 local account = datamanager.load(username, host, "accounts");
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
90 if not account then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
91 log("debug", "account not found for username '%s' at host '%s'", username, module.host);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
92 return nil, "Auth failed. Invalid username";
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
93 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
94 return true;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
95 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
96
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
97 function provider.create_user(username, password)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
98 return datamanager.store(username, host, "accounts", {password = password});
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
99 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
100
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
101 function provider.delete_user(username)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
102 return datamanager.store(username, host, "accounts", nil);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
103 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
104
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
105 function provider.get_sasl_handler()
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
106 local realm = module:get_option("sasl_realm") or module.host;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
107 local getpass_authentication_profile = {
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
108 plain_test = function(sasl, username, password, realm)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
109 local prepped_username = nodeprep(username);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
110 if not prepped_username then
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
111 log("debug", "NODEprep failed on username: %s", username);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
112 return false, nil;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
113 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
114
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
115 return usermanager.test_password(username, realm, password), true;
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
116 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
117 };
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
118 return new_sasl(realm, getpass_authentication_profile);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
119 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
120
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
121 module:provides("auth", provider);
341
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 function module.command(arg)
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124 local command = arg[1];
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
125 table.remove(arg, 1);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
126 if command == "associate" then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
127 local user_jid = arg[1];
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 if not user_jid or user_jid == "help" then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
130 return 1;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
131 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
132
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
133 local username, host = jid.prepped_split(user_jid);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
134 if not username or not host then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
135 print("Invalid JID: "..user_jid);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
136 return 1;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
137 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
138
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
139 local password, public_id, private_id, key;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
140
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
141 for i=2,#arg do
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
142 local k, v = arg[i]:match("^%-%-(%w+)=(.*)$");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
143 if not k then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
144 k, v = arg[i]:match("^%-(%w)(.*)$");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
145 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
146 if k == "password" then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
147 password = v;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
148 elseif k == "fixed" then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
149 public_id = v;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
150 elseif k == "uid" then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
151 private_id = v;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
152 elseif k == "key" or k == "a" then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
153 key = v;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
154 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
155 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
156
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
157 if not password then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
158 print(":: Password ::");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
159 print("This is an optional password that should be always");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
160 print("entered during login *before* the yubikey password.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
161 print("If the yubikey is lost/stolen, unless the attacker");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
162 print("knows this prefix, they cannot access the account.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
163 print("");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
164 password = prosodyctl.read_password();
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
165 if not password then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
166 print("Cancelled.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
167 return 1;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
168 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
169 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
170
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
171 if not public_id then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
172 print(":: Public Yubikey ID ::");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
173 print("This is a fixed string of characters between 0 and 16");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
174 print("bytes long that the Yubikey prefixes to every token.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
175 print("The ID should be entered in modhex encoding, meaning ");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
176 print("a string up to 32 characters. This *must* match");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
177 print("exactly the fixed string programmed into the yubikey.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
178 print("");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
179 io.write("Enter fixed id (modhex): ");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
180 while true do
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
181 public_id = io.read("*l");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
182 if #public_id > 32 then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
183 print("The fixed id must be 32 characters or less. Please try again.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
184 elseif public_id:match("[^cbdefghijklnrtuv]") then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
185 print("The fixed id contains invalid characters. It must be entered in modhex encoding. Please try again.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
186 else
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
187 break;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
188 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
189 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
190 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
191
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
192 if not private_id then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
193 print(":: Private Yubikey ID ::");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
194 print("This is a fixed secret UID programmed into the yubikey");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
195 print("during configuration. It must be entered in hex (not modhex)");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
196 print("encoding. It is always 6 bytes long, which is 12 characters");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
197 print("in hex encoding.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
198 print("");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
199 while true do
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
200 io.write("Enter private UID (hex): ");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
201 private_id = io.read("*l");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
202 if #private_id ~= 12 then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
203 print("The id length must be 12 characters in hex encoding. Please try again.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
204 elseif private_id:match("%X") then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
205 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
206 else
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
207 break;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
208 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
209 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
210 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
211
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
212 if not key then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
213 print(":: AES Encryption Key ::");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
214 print("This is the secret key that the Yubikey uses to encrypt the");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
215 print("generated tokens. It is 32 characters in hex encoding.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
216 print("");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
217 while true do
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
218 io.write("Enter AES key (hex): ");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
219 key = io.read("*l");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
220 if #key ~= 32 then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
221 print("The key length must be 32 characters in hex encoding. Please try again.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
222 elseif key:match("%X") then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
223 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
224 else
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
225 break;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
226 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
227 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
228 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
229
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
230 local hash = hashes.sha1(public_id..private_id..password, true);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
231 local account = {
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
232 yubikey_hash = hash;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
233 yubikey_key = key;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
234 };
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
235 storagemanager.initialize_host(host);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
236 local ok, err = datamanager.store(username, host, "accounts", account);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
237 if not ok then
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
238 print("Error saving configuration:");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
239 print("", err);
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
240 return 1;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
241 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
242 print("Saved.");
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
243 return 0;
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
244 end
f801ce6826d5 mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
245 end