Mercurial > prosody-modules
annotate mod_auth_external_insecure/mod_auth_external_insecure.lua @ 5406:b86d80e21c60
mod_http_oauth2: Validate consistency of response and grant types
Ensure that these correlated fields make sense per RFC 7591 ยง 2.1, even
though we currently only check the response type during authorization.
This could probably all be deleted if (when!) we remove the implicit
grant, since then these things don't make any sense anymore.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:34:31 +0200 |
parents | f84ede3e9e3b |
children |
rev | line source |
---|---|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
1 -- |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
2 -- Prosody IM |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
3 -- Copyright (C) 2010 Waqas Hussain |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
4 -- Copyright (C) 2010 Jeff Mitchell |
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
5 -- Copyright (C) 2013 Mikael Nordfeldth |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
6 -- Copyright (C) 2013 Matthew Wild, finally came to fix it all |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
7 -- |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
8 -- This project is MIT/X11 licensed. Please see the |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
9 -- COPYING file in the source package for more information. |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
10 -- |
152 | 11 |
1997
199fb0a82c0a
mod_auth_external: Update URL to new location
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
12 local lpty = assert(require "lpty", "mod_auth_external requires lpty: https://modules.prosody.im/mod_auth_external.html#installation"); |
1160
05685fd07395
mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents:
1159
diff
changeset
|
13 local usermanager = require "core.usermanager"; |
05685fd07395
mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents:
1159
diff
changeset
|
14 local new_sasl = require "util.sasl".new; |
05685fd07395
mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents:
1159
diff
changeset
|
15 local server = require "net.server"; |
05685fd07395
mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents:
1159
diff
changeset
|
16 local have_async, async = pcall(require, "util.async"); |
152 | 17 |
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
18 local log = module._log; |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
19 local host = module.host; |
1160
05685fd07395
mod_auth_external: Re-organise initialization a bit (superficial)
Matthew Wild <mwild1@gmail.com>
parents:
1159
diff
changeset
|
20 |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
21 local script_type = module:get_option_string("external_auth_protocol", "generic"); |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
22 local command = module:get_option_string("external_auth_command", ""); |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
23 local read_timeout = module:get_option_number("external_auth_timeout", 5); |
3389
c458f940b011
mod_auth_external: Use blocking mode by default as non-blocking is experimental but available in 0.11.x
Kim Alvefur <zash@zash.se>
parents:
2834
diff
changeset
|
24 local blocking = module:get_option_boolean("external_auth_blocking", true); -- non-blocking is very experimental |
1161
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
25 local auth_processes = module:get_option_number("external_auth_processes", 1); |
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
26 |
2827
45380b77303d
mod_auth_external: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1997
diff
changeset
|
27 assert(script_type == "ejabberd" or script_type == "generic", |
45380b77303d
mod_auth_external: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1997
diff
changeset
|
28 "Config error: external_auth_protocol must be 'ejabberd' or 'generic'"); |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
29 assert(not host:find(":"), "Invalid hostname"); |
152 | 30 |
1159
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
31 |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
32 if not blocking then |
3660
11cd6e034fd3
mod_auth_external: Improve error handling when non-blocking mode used without libevent
Matthew Wild <mwild1@gmail.com>
parents:
3389
diff
changeset
|
33 assert(server.event, "External auth non-blocking mode requires libevent installed and enabled"); |
1159
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
34 log("debug", "External auth in non-blocking mode, yay!") |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
35 waiter, guard = async.waiter, async.guarder(); |
1161
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
36 elseif auth_processes > 1 then |
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
37 log("warn", "external_auth_processes is greater than 1, but we are in blocking mode - reducing to 1"); |
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
38 auth_processes = 1; |
1159
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
39 end |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
40 |
1161
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
41 local ptys = {}; |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
42 |
1161
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
43 local pty_options = { throw_errors = false, no_local_echo = true, use_path = false }; |
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
44 for i = 1, auth_processes do |
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
45 ptys[i] = lpty.new(pty_options); |
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
46 end |
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
47 |
2830
92f6f82397c9
mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents:
2829
diff
changeset
|
48 function module.unload() |
92f6f82397c9
mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents:
2829
diff
changeset
|
49 for i = 1, auth_processes do |
92f6f82397c9
mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents:
2829
diff
changeset
|
50 ptys[i]:endproc(); |
92f6f82397c9
mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents:
2829
diff
changeset
|
51 end |
92f6f82397c9
mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents:
2829
diff
changeset
|
52 end |
92f6f82397c9
mod_auth_external: Shut down all auth processes when module is unloaded (fixes #674) (thanks ZNikke)
Kim Alvefur <zash@zash.se>
parents:
2829
diff
changeset
|
53 |
2834
3fb5f173f213
mod_auth_external: Make sure processes are killed when Prosody shuts down
Kim Alvefur <zash@zash.se>
parents:
2830
diff
changeset
|
54 module:hook_global("server-cleanup", module.unload); |
3fb5f173f213
mod_auth_external: Make sure processes are killed when Prosody shuts down
Kim Alvefur <zash@zash.se>
parents:
2830
diff
changeset
|
55 |
1161
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
56 local curr_process = 0; |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
57 function send_query(text) |
1161
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
58 curr_process = (curr_process%auth_processes)+1; |
b9e4d935867c
mod_auth_external: Support for multiple auth processes (set external_auth_processes = N) - requires non-blocking mode
Matthew Wild <mwild1@gmail.com>
parents:
1160
diff
changeset
|
59 local pty = ptys[curr_process]; |
1159
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
60 |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
61 local finished_with_pty |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
62 if not blocking then |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
63 finished_with_pty = guard(pty); -- Prevent others from crossing this line while we're busy |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
64 end |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
65 if not pty:hasproc() then |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
66 local status, ret = pty:exitstatus(); |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
67 if status and (status ~= "exit" or ret ~= 0) then |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
68 log("warn", "Auth process exited unexpectedly with %s %d, restarting", status, ret or 0); |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
69 return nil; |
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
70 end |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
71 local ok, err = pty:startproc(command); |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
72 if not ok then |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
73 log("error", "Failed to start auth process '%s': %s", command, err); |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
74 return nil; |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
75 end |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
76 log("debug", "Started auth process"); |
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
77 end |
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
78 |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
79 pty:send(text); |
1159
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
80 if blocking then |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
81 return pty:read(read_timeout); |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
82 else |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
83 local response; |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
84 local wait, done = waiter(); |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
85 server.addevent(pty:getfd(), server.event.EV_READ, function () |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
86 response = pty:read(); |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
87 done(); |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
88 return -1; |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
89 end); |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
90 wait(); |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
91 finished_with_pty(); |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
92 return response; |
c56a1d449cad
mod_auth_external: Add non-blocking mode (requires trunk, libevent and lpty 1.0.1). Our first complete non-blocking auth module!
Matthew Wild <mwild1@gmail.com>
parents:
1158
diff
changeset
|
93 end |
152 | 94 end |
95 | |
96 function do_query(kind, username, password) | |
97 if not username then return nil, "not-acceptable"; end | |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1195
diff
changeset
|
98 |
152 | 99 local query = (password and "%s:%s:%s:%s" or "%s:%s:%s"):format(kind, username, host, password); |
100 local len = #query | |
101 if len > 1000 then return nil, "policy-violation"; end | |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1195
diff
changeset
|
102 |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
103 if script_type == "ejabberd" then |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
104 local lo = len % 256; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
105 local hi = (len - lo) / 256; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
106 query = string.char(hi, lo)..query; |
1195
f502cbffbdd4
mod_auth_external: merge two if blocks with an elseif
Matthew Wild <mwild1@gmail.com>
parents:
1161
diff
changeset
|
107 elseif script_type == "generic" then |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
108 query = query..'\n'; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
109 end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1195
diff
changeset
|
110 |
1158
ae1767b54964
mod_auth_external: Fix logging of errors
Matthew Wild <mwild1@gmail.com>
parents:
1157
diff
changeset
|
111 local response, err = send_query(query); |
ae1767b54964
mod_auth_external: Fix logging of errors
Matthew Wild <mwild1@gmail.com>
parents:
1157
diff
changeset
|
112 if not response then |
ae1767b54964
mod_auth_external: Fix logging of errors
Matthew Wild <mwild1@gmail.com>
parents:
1157
diff
changeset
|
113 log("warn", "Error while waiting for result from auth process: %s", err or "unknown error"); |
ae1767b54964
mod_auth_external: Fix logging of errors
Matthew Wild <mwild1@gmail.com>
parents:
1157
diff
changeset
|
114 elseif (script_type == "ejabberd" and response == "\0\2\0\0") or |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
115 (script_type == "generic" and response:gsub("\r?\n$", "") == "0") then |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
116 return nil, "not-authorized"; |
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
117 elseif (script_type == "ejabberd" and response == "\0\2\0\1") or |
1154
61f95bf51b35
mod_auth_external: Switch to lpty, remove file-based fallback, improve error messages and handling. Should greatly increase compatibility with scripts.
Matthew Wild <mwild1@gmail.com>
parents:
1086
diff
changeset
|
118 (script_type == "generic" and response:gsub("\r?\n$", "") == "1") then |
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
119 return true; |
152 | 120 else |
2827
45380b77303d
mod_auth_external: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1997
diff
changeset
|
121 log("warn", "Unable to interpret data from auth process, %s", |
45380b77303d
mod_auth_external: Split long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1997
diff
changeset
|
122 (response:match("^error:") and response) or ("["..#response.." bytes]")); |
152 | 123 return nil, "internal-server-error"; |
124 end | |
125 end | |
126 | |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
127 local provider = {}; |
152 | 128 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
129 function provider.test_password(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
130 return do_query("auth", username, password); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
131 end |
152 | 132 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
133 function provider.set_password(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
134 return do_query("setpass", username, password); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
135 end |
152 | 136 |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
137 function provider.user_exists(username) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
138 return do_query("isuser", username); |
152 | 139 end |
140 | |
2829
8082bfc10e65
mod_auth_external: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2828
diff
changeset
|
141 function provider.create_user(username, password) -- luacheck: ignore 212 |
8082bfc10e65
mod_auth_external: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2828
diff
changeset
|
142 return nil, "Account creation/modification not available."; |
8082bfc10e65
mod_auth_external: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2828
diff
changeset
|
143 end |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
144 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
145 function provider.get_sasl_handler() |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
146 local testpass_authentication_profile = { |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
147 plain_test = function(sasl, username, password, realm) |
902
490cb9161c81
mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents:
846
diff
changeset
|
148 return usermanager.test_password(username, realm, password), true; |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
149 end, |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
150 }; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
151 return new_sasl(host, testpass_authentication_profile); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
152 end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
153 |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
154 module:provides("auth", provider); |