annotate mod_auth_external_insecure/mod_auth_external_insecure.lua @ 5406:b86d80e21c60

mod_http_oauth2: Validate consistency of response and grant types Ensure that these correlated fields make sense per RFC 7591 ยง 2.1, even though we currently only check the response type during authorization. This could probably all be deleted if (when!) we remove the implicit grant, since then these things don't make any sense anymore.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:34:31 +0200
parents f84ede3e9e3b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
1 --
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
2 -- Prosody IM
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
3 -- Copyright (C) 2010 Waqas Hussain
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
4 -- Copyright (C) 2010 Jeff Mitchell
1086
50ee38e95e75 Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents: 902
diff changeset
5 -- Copyright (C) 2013 Mikael Nordfeldth
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
6 -- Copyright (C) 2013 Matthew Wild, finally came to fix it all
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
7 --
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
8 -- This project is MIT/X11 licensed. Please see the
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
9 -- COPYING file in the source package for more information.
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
10 --
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
11
1997
199fb0a82c0a mod_auth_external: Update URL to new location
Kim Alvefur <zash@zash.se>
parents: 1343
diff changeset
12 local lpty = assert(require "lpty", "mod_auth_external requires lpty: https://modules.prosody.im/mod_auth_external.html#installation");
1160
05685fd07395 mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents: 1159
diff changeset
13 local usermanager = require "core.usermanager";
05685fd07395 mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents: 1159
diff changeset
14 local new_sasl = require "util.sasl".new;
05685fd07395 mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents: 1159
diff changeset
15 local server = require "net.server";
05685fd07395 mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents: 1159
diff changeset
16 local have_async, async = pcall(require, "util.async");
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
17
168
cd8492748985 mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents: 166
diff changeset
18 local log = module._log;
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
19 local host = module.host;
1160
05685fd07395 mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents: 1159
diff changeset
20
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
21 local script_type = module:get_option_string("external_auth_protocol", "generic");
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
22 local command = module:get_option_string("external_auth_command", "");
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
23 local read_timeout = module:get_option_number("external_auth_timeout", 5);
3389
c458f940b011 mod_auth_external: Use blocking mode by default as non-blocking is experimental but available in 0.11.x
Kim Alvefur <zash@zash.se>
parents: 2834
diff changeset
24 local blocking = module:get_option_boolean("external_auth_blocking", true); -- non-blocking is very experimental
1161
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
25 local auth_processes = module:get_option_number("external_auth_processes", 1);
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
26
2827
45380b77303d mod_auth_external: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 1997
diff changeset
27 assert(script_type == "ejabberd" or script_type == "generic",
45380b77303d mod_auth_external: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 1997
diff changeset
28 "Config error: external_auth_protocol must be 'ejabberd' or 'generic'");
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
29 assert(not host:find(":"), "Invalid hostname");
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
30
1159
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
31
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
32 if not blocking then
3660
11cd6e034fd3 mod_auth_external: Improve error handling when non-blocking mode used without libevent
Matthew Wild <mwild1@gmail.com>
parents: 3389
diff changeset
33 assert(server.event, "External auth non-blocking mode requires libevent installed and enabled");
1159
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
34 log("debug", "External auth in non-blocking mode, yay!")
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
35 waiter, guard = async.waiter, async.guarder();
1161
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
36 elseif auth_processes > 1 then
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
37 log("warn", "external_auth_processes is greater than 1, but we are in blocking mode - reducing to 1");
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
38 auth_processes = 1;
1159
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
39 end
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
40
1161
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
41 local ptys = {};
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
42
1161
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
43 local pty_options = { throw_errors = false, no_local_echo = true, use_path = false };
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
44 for i = 1, auth_processes do
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
45 ptys[i] = lpty.new(pty_options);
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
46 end
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
47
2830
92f6f82397c9 mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents: 2829
diff changeset
48 function module.unload()
92f6f82397c9 mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents: 2829
diff changeset
49 for i = 1, auth_processes do
92f6f82397c9 mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents: 2829
diff changeset
50 ptys[i]:endproc();
92f6f82397c9 mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents: 2829
diff changeset
51 end
92f6f82397c9 mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents: 2829
diff changeset
52 end
92f6f82397c9 mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents: 2829
diff changeset
53
2834
3fb5f173f213 mod_auth_external: Make sure processes are killed when Prosody shuts down
Kim Alvefur <zash@zash.se>
parents: 2830
diff changeset
54 module:hook_global("server-cleanup", module.unload);
3fb5f173f213 mod_auth_external: Make sure processes are killed when Prosody shuts down
Kim Alvefur <zash@zash.se>
parents: 2830
diff changeset
55
1161
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
56 local curr_process = 0;
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
57 function send_query(text)
1161
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
58 curr_process = (curr_process%auth_processes)+1;
b9e4d935867c mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents: 1160
diff changeset
59 local pty = ptys[curr_process];
1159
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
60
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
61 local finished_with_pty
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
62 if not blocking then
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
63 finished_with_pty = guard(pty); -- Prevent others from crossing this line while we're busy
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
64 end
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
65 if not pty:hasproc() then
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
66 local status, ret = pty:exitstatus();
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
67 if status and (status ~= "exit" or ret ~= 0) then
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
68 log("warn", "Auth process exited unexpectedly with %s %d, restarting", status, ret or 0);
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
69 return nil;
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
70 end
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
71 local ok, err = pty:startproc(command);
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
72 if not ok then
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
73 log("error", "Failed to start auth process '%s': %s", command, err);
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
74 return nil;
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
75 end
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
76 log("debug", "Started auth process");
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
77 end
846
5ddc43ce8993 mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents: 816
diff changeset
78
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
79 pty:send(text);
1159
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
80 if blocking then
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
81 return pty:read(read_timeout);
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
82 else
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
83 local response;
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
84 local wait, done = waiter();
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
85 server.addevent(pty:getfd(), server.event.EV_READ, function ()
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
86 response = pty:read();
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
87 done();
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
88 return -1;
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
89 end);
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
90 wait();
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
91 finished_with_pty();
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
92 return response;
c56a1d449cad mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents: 1158
diff changeset
93 end
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
94 end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
95
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
96 function do_query(kind, username, password)
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
97 if not username then return nil, "not-acceptable"; end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 1195
diff changeset
98
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
99 local query = (password and "%s:%s:%s:%s" or "%s:%s:%s"):format(kind, username, host, password);
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
100 local len = #query
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
101 if len > 1000 then return nil, "policy-violation"; end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 1195
diff changeset
102
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
103 if script_type == "ejabberd" then
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
104 local lo = len % 256;
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
105 local hi = (len - lo) / 256;
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
106 query = string.char(hi, lo)..query;
1195
f502cbffbdd4 mod_auth_external: merge two if blocks with an elseif
Matthew Wild <mwild1@gmail.com>
parents: 1161
diff changeset
107 elseif script_type == "generic" then
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
108 query = query..'\n';
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
109 end
1343
7dbde05b48a9 all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents: 1195
diff changeset
110
1158
ae1767b54964 mod_auth_external: Fix logging of errors
Matthew Wild <mwild1@gmail.com>
parents: 1157
diff changeset
111 local response, err = send_query(query);
ae1767b54964 mod_auth_external: Fix logging of errors
Matthew Wild <mwild1@gmail.com>
parents: 1157
diff changeset
112 if not response then
ae1767b54964 mod_auth_external: Fix logging of errors
Matthew Wild <mwild1@gmail.com>
parents: 1157
diff changeset
113 log("warn", "Error while waiting for result from auth process: %s", err or "unknown error");
ae1767b54964 mod_auth_external: Fix logging of errors
Matthew Wild <mwild1@gmail.com>
parents: 1157
diff changeset
114 elseif (script_type == "ejabberd" and response == "\0\2\0\0") or
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
115 (script_type == "generic" and response:gsub("\r?\n$", "") == "0") then
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
116 return nil, "not-authorized";
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
117 elseif (script_type == "ejabberd" and response == "\0\2\0\1") or
1154
61f95bf51b35 mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents: 1086
diff changeset
118 (script_type == "generic" and response:gsub("\r?\n$", "") == "1") then
158
1a5d5d4f08fe Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents: 152
diff changeset
119 return true;
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
120 else
2827
45380b77303d mod_auth_external: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 1997
diff changeset
121 log("warn", "Unable to interpret data from auth process, %s",
45380b77303d mod_auth_external: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents: 1997
diff changeset
122 (response:match("^error:") and response) or ("["..#response.." bytes]"));
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
123 return nil, "internal-server-error";
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
124 end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
125 end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
126
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
127 local provider = {};
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
128
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
129 function provider.test_password(username, password)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
130 return do_query("auth", username, password);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
131 end
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
132
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
133 function provider.set_password(username, password)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
134 return do_query("setpass", username, password);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
135 end
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
136
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
137 function provider.user_exists(username)
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
138 return do_query("isuser", username);
152
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
139 end
4ca382e8a4c5 mod_extauth: Initial commit.
Waqas Hussain <waqas20@gmail.com>
parents:
diff changeset
140
2829
8082bfc10e65 mod_auth_external: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2828
diff changeset
141 function provider.create_user(username, password) -- luacheck: ignore 212
8082bfc10e65 mod_auth_external: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2828
diff changeset
142 return nil, "Account creation/modification not available.";
8082bfc10e65 mod_auth_external: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2828
diff changeset
143 end
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
144
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
145 function provider.get_sasl_handler()
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
146 local testpass_authentication_profile = {
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
147 plain_test = function(sasl, username, password, realm)
902
490cb9161c81 mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents: 846
diff changeset
148 return usermanager.test_password(username, realm, password), true;
816
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
149 end,
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
150 };
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
151 return new_sasl(host, testpass_authentication_profile);
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
152 end
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
153
960007b0901e mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
154 module:provides("auth", provider);