annotate mod_net_dovecotauth/mod_net_dovecotauth.lua @ 5367:93d445b26063

mod_http_oauth2: Validate redirect URI depending on application type Per https://openid.net/specs/openid-connect-registration-1_0.html require that web applications use https:// and native applications must use either http://localhost or a custom (non-https) URI. Previous requirement that hostname matches that of client_uri is kept for web applications.
author Kim Alvefur <zash@zash.se>
date Tue, 25 Apr 2023 19:49:41 +0200
parents 8e686bf63441
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- mod_net_dovecotauth.lua
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Protocol spec:
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 -- http://dovecot.org/doc/auth-protocol.txt
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 --
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 -- Example postfix config:
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 -- sudo postconf smtpd_sasl_path=inet:127.0.0.1:28484
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 -- sudo postconf smtpd_sasl_type=dovecot
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 -- sudo postconf smtpd_sasl_auth_enable=yes
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 module:set_global();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 -- Imports
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local new_sasl = require "core.usermanager".get_sasl_handler;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local user_exists = require "core.usermanager".user_exists;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local base64 = require"util.encodings".base64;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local dump = require"util.serialization".serialize;
2457
17539a5d73f4 mod_net_dovecotauth: Import util.pposix [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2456
diff changeset
18 local pposix = require "util.pposix";
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 -- Config
2011
1831c7b23286 mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents: 1491
diff changeset
21 local default_vhost = module:get_option_string("dovecotauth_host", (next(hosts))); -- TODO Is there a better solution?
1491
e7294423512f mod_net_dovecotauth: Fix typo in config option
Kim Alvefur <zash@zash.se>
parents: 1088
diff changeset
22 local allow_master = module:get_option_boolean("dovecotauth_allow_master", false);
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 -- Active sessions
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 local sessions = {};
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 -- Session methods
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 local new_session;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 local sess = { };
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 local sess_mt = { __index = sess };
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 function new_session(conn)
2459
8e686bf63441 mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2458
diff changeset
34 local s = { type = "?", conn = conn, buf = "", sasl = {} }
8e686bf63441 mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2458
diff changeset
35 function s:log(l, m, ...)
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 return module:log(l, self.type..tonumber(tostring(self):match("%x+$"), 16)..": "..m, ...);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 end
2459
8e686bf63441 mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2458
diff changeset
38 return setmetatable(s, sess_mt);
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 function sess:send(...)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 local data = table.concat({...}, "\t") .. "\n"
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 -- self:log("debug", "SEND: %s", dump(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 return self.conn:write(data);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 local mech_params = {
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 ANONYMOUS = "anonymous";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 PLAIN = "plaintext";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 ["DIGEST-MD5"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 ["SCRAM-SHA-1"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 ["SCRAM-SHA-1-PLUS"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 }
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 function sess:handshake()
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 self:send("VERSION", 1, 1);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 self:send("SPID", pposix.getpid());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 self:send("CUID", tonumber(tostring(self):match"%x+$", 16));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 for mech in pairs(self.g_sasl:mechanisms()) do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 self:send("MECH", mech, mech_params[mech]);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 self:send("DONE");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 function sess:feed(data)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 -- TODO break this up a bit
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 -- module:log("debug", "sess = %s", dump(self));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 local buf = self.buf;
2456
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
69 buf = buf .. data;
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
70 local line, eol = buf:match("(.-)\r?\n()")
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 while line and line ~= "" do
2456
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
72 buf = buf:sub(eol);
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
73 self.buf = buf;
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 local part = line:gmatch("[^\t]+");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 local command = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 if command == "VERSION" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 local major = tonumber(part());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 local minor = tonumber(part());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 if major ~= 1 then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 self:log("warn", "Wrong version, expected 1.1, got %s.%s", tostring(major), tostring(minor));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 self.conn:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 break;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 elseif command == "CPID" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 self.type = "C";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 self.pid = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87 elseif command == "SPID" and allow_master then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88 self.type = "M";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89 self.pid = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90 elseif command == "AUTH" and self.type ~= "?" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
91 -- C: "AUTH" TAB <id> TAB <mechanism> TAB service=<service> [TAB <parameters>]
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
92 local id = part() -- <id>
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93 local sasl = self.sasl[id];
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 local mech = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 if not sasl then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
96 -- TODO Should maybe initialize SASL handler after parsing the line?
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
97 sasl = self.g_sasl:clean_clone();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
98 self.sasl[id] = sasl;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99 if not sasl:select(mech) then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
100 self:send("FAIL", id, "reason=invalid-mechanism");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
102 sasl = false
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 if sasl then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
106 local params = {}; -- Not used for anything yet
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
107 for p in part do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108 local k,v = p:match("^([^=]*)=(.*)$");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109 if k == "resp" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
110 self:log("debug", "params = %s", dump(params));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111 v = base64.decode(v);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
112 local status, ret, err = sasl:process(v);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
113 self:log("debug", status);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
114 if status == "challenge" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
115 self:send("CONT", id, base64.encode(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
116 elseif status == "failure" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
117 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
118 self:send("FAIL", id, "reason="..tostring(err));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 elseif status == "success" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
120 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
121 self:send("OK", id, "user="..sasl.username, ret and "resp="..base64.encode(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
122 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
123 break; -- resp MUST be the last param
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
124 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
125 params[k or p] = v or true;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
126 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
127 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
128 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
129 elseif command == "USER" and self.type == "M" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
130 -- FIXME Should this be on a separate listener?
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
131 local id = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
132 local user = part();
2011
1831c7b23286 mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents: 1491
diff changeset
133 if user and user_exists(user, default_vhost) then
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
134 self:send("USER", id);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
135 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
136 self:send("NOTFOUND", id);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
137 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
138 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
139 self:log("warn", "Unhandled command %s", tostring(command));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
140 self.conn:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
141 break;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
142 end
2456
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
143 line, eol = buf:match("(.-)\r?\n()")
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
144 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
145 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
146
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
147 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
148
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
149 local listener = {}
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
150
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
151 function listener.onconnect(conn)
2458
20f9d7150777 mod_net_dovecotauth: Make variable local [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2457
diff changeset
152 local s = new_session(conn);
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
153 sessions[conn] = s;
2011
1831c7b23286 mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents: 1491
diff changeset
154 local g_sasl = new_sasl(default_vhost, s);
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
155 s.g_sasl = g_sasl;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
156 s:handshake();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
157 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
158
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
159 function listener.onincoming(conn, data)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
160 local s = sessions[conn];
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
161 -- s:log("debug", "RECV %s", dump(data));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
162 return s:feed(data);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
163 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
164
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
165 function listener.ondisconnect(conn)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
166 sessions[conn] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
167 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
168
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
169 function module.unload()
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
170 for c in pairs(sessions) do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
171 c:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
172 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
173 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
174
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
175 module:provides("net", {
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
176 default_port = 28484;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
177 listener = listener;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
178 });
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
179