annotate mod_auth_cyrus/mod_auth_cyrus.lua @ 5536:96dec7681af8

mod_firewall: Update user marks to store instantly via map store The original approach was to keep marks in memory only, and persist them at shutdown. That saves I/O, at the cost of potentially losing marks on an unclean shutdown. This change persists marks instantly, which may have some performance overhead but should be more "correct". It also splits the marking/unmarking into an event which may be watched or even fired by other modules.
author Matthew Wild <mwild1@gmail.com>
date Thu, 08 Jun 2023 16:20:42 +0100
parents b8366e31c829
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4710
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- Prosody IM
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 -- Copyright (C) 2008-2010 Matthew Wild
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Copyright (C) 2008-2010 Waqas Hussain
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 --
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 -- COPYING file in the source package for more information.
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 --
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 -- luacheck: ignore 212
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local log = require "util.logger".init("auth_cyrus");
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local usermanager_user_exists = require "core.usermanager".user_exists;
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local cyrus_service_realm = module:get_option("cyrus_service_realm");
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local cyrus_service_name = module:get_option("cyrus_service_name");
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local cyrus_application_name = module:get_option("cyrus_application_name");
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local host_fqdn = module:get_option("cyrus_server_fqdn");
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 prosody.unlock_globals(); --FIXME: Figure out why this is needed and
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 -- why cyrussasl isn't caught by the sandbox
4927
b8366e31c829 mod_auth_cyrus: Adjust module import to work with repo clone - Fix #1744
Kim Alvefur <zash@zash.se>
parents: 4710
diff changeset
22 local cyrus_new = module:require "sasl_cyrus".new;
4710
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 prosody.lock_globals();
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 local new_sasl = function(realm)
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 return cyrus_new(
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 cyrus_service_realm or realm,
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 cyrus_service_name or "xmpp",
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 cyrus_application_name or "prosody",
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 host_fqdn
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 );
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 do -- diagnostic
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 local list;
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 for mechanism in pairs(new_sasl(module.host):mechanisms()) do
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 list = (not(list) and mechanism) or (list..", "..mechanism);
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 if not list then
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 module:log("error", "No Cyrus SASL mechanisms available");
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 else
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 module:log("debug", "Available Cyrus SASL mechanisms: %s", list);
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 local host = module.host;
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 -- define auth provider
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 local provider = {};
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 log("debug", "initializing default authentication provider for host '%s'", host);
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 function provider.test_password(username, password)
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 return nil, "Legacy auth not supported with Cyrus SASL.";
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 function provider.get_password(username)
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 return nil, "Passwords unavailable for Cyrus SASL.";
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 function provider.set_password(username, password)
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 return nil, "Passwords unavailable for Cyrus SASL.";
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 function provider.user_exists(username)
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 if require_provisioning then
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 return usermanager_user_exists(username, host);
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 return true;
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 function provider.create_user(username, password)
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 return nil, "Account creation/modification not available with Cyrus SASL.";
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 function provider.get_sasl_handler()
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 local handler = new_sasl(host);
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 if require_provisioning then
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 function handler.require_provisioning(username)
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 return usermanager_user_exists(username, host);
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 return handler;
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 end
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 module:provides("auth", provider);
099dcdb732b1 mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85