annotate mod_net_dovecotauth/mod_net_dovecotauth.lua @ 1177:a464261deba8

mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
author Matthew Wild <mwild1@gmail.com>
date Thu, 29 Aug 2013 12:20:20 +0100
parents 6f8e7f65f704
children e7294423512f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- mod_net_dovecotauth.lua
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Protocol spec:
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 -- http://dovecot.org/doc/auth-protocol.txt
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 --
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 -- Example postfix config:
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 -- sudo postconf smtpd_sasl_path=inet:127.0.0.1:28484
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 -- sudo postconf smtpd_sasl_type=dovecot
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 -- sudo postconf smtpd_sasl_auth_enable=yes
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 module:set_global();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 -- Imports
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local new_sasl = require "core.usermanager".get_sasl_handler;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local user_exists = require "core.usermanager".user_exists;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local base64 = require"util.encodings".base64;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local new_buffer = module:require"buffer".new;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local dump = require"util.serialization".serialize;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 -- Config
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 local vhost = module:get_option_string("dovecotauth_host", (next(hosts))); -- TODO Is there a better solution?
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 local allow_master = module:get_option_boolean("adovecotauth_allow_master", false);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 -- Active sessions
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 local sessions = {};
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 -- Session methods
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 local new_session;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 local sess = { };
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 local sess_mt = { __index = sess };
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 function new_session(conn)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 local sess = { type = "?", conn = conn, buf = assert(new_buffer()), sasl = {} }
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 function sess:log(l, m, ...)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 return module:log(l, self.type..tonumber(tostring(self):match("%x+$"), 16)..": "..m, ...);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 return setmetatable(sess, sess_mt);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 function sess:send(...)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 local data = table.concat({...}, "\t") .. "\n"
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 -- self:log("debug", "SEND: %s", dump(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 return self.conn:write(data);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 local mech_params = {
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 ANONYMOUS = "anonymous";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 PLAIN = "plaintext";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 ["DIGEST-MD5"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 ["SCRAM-SHA-1"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 ["SCRAM-SHA-1-PLUS"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 }
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 function sess:handshake()
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 self:send("VERSION", 1, 1);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 self:send("SPID", pposix.getpid());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 self:send("CUID", tonumber(tostring(self):match"%x+$", 16));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 for mech in pairs(self.g_sasl:mechanisms()) do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 self:send("MECH", mech, mech_params[mech]);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 self:send("DONE");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 function sess:feed(data)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 -- TODO break this up a bit
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 -- module:log("debug", "sess = %s", dump(self));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 local buf = self.buf;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 buf:write(data);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 local line = buf:read("*l")
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 while line and line ~= "" do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 local part = line:gmatch("[^\t]+");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 local command = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 if command == "VERSION" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 local major = tonumber(part());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 local minor = tonumber(part());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 if major ~= 1 then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 self:log("warn", "Wrong version, expected 1.1, got %s.%s", tostring(major), tostring(minor));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 self.conn:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 break;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 elseif command == "CPID" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 self.type = "C";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 self.pid = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 elseif command == "SPID" and allow_master then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 self.type = "M";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87 self.pid = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88 elseif command == "AUTH" and self.type ~= "?" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89 -- C: "AUTH" TAB <id> TAB <mechanism> TAB service=<service> [TAB <parameters>]
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90 local id = part() -- <id>
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
91 local sasl = self.sasl[id];
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
92 local mech = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93 if not sasl then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 -- TODO Should maybe initialize SASL handler after parsing the line?
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 sasl = self.g_sasl:clean_clone();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
96 self.sasl[id] = sasl;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
97 if not sasl:select(mech) then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
98 self:send("FAIL", id, "reason=invalid-mechanism");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
100 sasl = false
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
102 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103 if sasl then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 local params = {}; -- Not used for anything yet
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 for p in part do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
106 local k,v = p:match("^([^=]*)=(.*)$");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
107 if k == "resp" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108 self:log("debug", "params = %s", dump(params));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109 v = base64.decode(v);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
110 local status, ret, err = sasl:process(v);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111 self:log("debug", status);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
112 if status == "challenge" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
113 self:send("CONT", id, base64.encode(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
114 elseif status == "failure" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
115 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
116 self:send("FAIL", id, "reason="..tostring(err));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
117 elseif status == "success" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
118 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 self:send("OK", id, "user="..sasl.username, ret and "resp="..base64.encode(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
120 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
121 break; -- resp MUST be the last param
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
122 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
123 params[k or p] = v or true;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
124 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
125 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
126 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
127 elseif command == "USER" and self.type == "M" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
128 -- FIXME Should this be on a separate listener?
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
129 local id = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
130 local user = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
131 if user and user_exists(user, vhost) then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
132 self:send("USER", id);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
133 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
134 self:send("NOTFOUND", id);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
135 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
136 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
137 self:log("warn", "Unhandled command %s", tostring(command));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
138 self.conn:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
139 break;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
140 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
141 line = buf:read("*l");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
142 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
143 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
144
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
145 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
146
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
147 local listener = {}
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
148
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
149 function listener.onconnect(conn)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
150 s = new_session(conn);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
151 sessions[conn] = s;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
152 local g_sasl = new_sasl(vhost, s);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
153 s.g_sasl = g_sasl;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
154 s:handshake();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
155 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
156
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
157 function listener.onincoming(conn, data)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
158 local s = sessions[conn];
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
159 -- s:log("debug", "RECV %s", dump(data));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
160 return s:feed(data);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
161 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
162
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
163 function listener.ondisconnect(conn)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
164 sessions[conn] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
165 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
166
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
167 function module.unload()
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
168 for c in pairs(sessions) do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
169 c:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
170 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
171 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
172
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
173 module:provides("net", {
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
174 default_port = 28484;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
175 listener = listener;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
176 });
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
177