Mercurial > prosody-modules
annotate mod_net_dovecotauth/mod_net_dovecotauth.lua @ 5401:c8d04ac200fc
mod_http_oauth2: Reject loopback URIs as client_uri
This really should be a proper website with info, https://localhost is
not good enough. Ideally we'd validate that it's got proper DNS and is
actually reachable, but triggering HTTP or even DNS lookups seems like
it would carry abuse potential that would best to avoid.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:20:55 +0200 |
parents | 8e686bf63441 |
children |
rev | line source |
---|---|
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- mod_net_dovecotauth.lua |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- Protocol spec: |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- http://dovecot.org/doc/auth-protocol.txt |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 -- Example postfix config: |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 -- sudo postconf smtpd_sasl_path=inet:127.0.0.1:28484 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 -- sudo postconf smtpd_sasl_type=dovecot |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 -- sudo postconf smtpd_sasl_auth_enable=yes |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 module:set_global(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 -- Imports |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local new_sasl = require "core.usermanager".get_sasl_handler; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local user_exists = require "core.usermanager".user_exists; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 local base64 = require"util.encodings".base64; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local dump = require"util.serialization".serialize; |
2457
17539a5d73f4
mod_net_dovecotauth: Import util.pposix [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2456
diff
changeset
|
18 local pposix = require "util.pposix"; |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 -- Config |
2011
1831c7b23286
mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents:
1491
diff
changeset
|
21 local default_vhost = module:get_option_string("dovecotauth_host", (next(hosts))); -- TODO Is there a better solution? |
1491
e7294423512f
mod_net_dovecotauth: Fix typo in config option
Kim Alvefur <zash@zash.se>
parents:
1088
diff
changeset
|
22 local allow_master = module:get_option_boolean("dovecotauth_allow_master", false); |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 -- Active sessions |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 local sessions = {}; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 -- Session methods |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 local new_session; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 local sess = { }; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 local sess_mt = { __index = sess }; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 function new_session(conn) |
2459
8e686bf63441
mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2458
diff
changeset
|
34 local s = { type = "?", conn = conn, buf = "", sasl = {} } |
8e686bf63441
mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2458
diff
changeset
|
35 function s:log(l, m, ...) |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 return module:log(l, self.type..tonumber(tostring(self):match("%x+$"), 16)..": "..m, ...); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end |
2459
8e686bf63441
mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2458
diff
changeset
|
38 return setmetatable(s, sess_mt); |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 function sess:send(...) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 local data = table.concat({...}, "\t") .. "\n" |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 -- self:log("debug", "SEND: %s", dump(ret)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 return self.conn:write(data); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 local mech_params = { |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 ANONYMOUS = "anonymous"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 PLAIN = "plaintext"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 ["DIGEST-MD5"] = "mutual-auth"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 ["SCRAM-SHA-1"] = "mutual-auth"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 ["SCRAM-SHA-1-PLUS"] = "mutual-auth"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 } |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 function sess:handshake() |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 self:send("VERSION", 1, 1); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 self:send("SPID", pposix.getpid()); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 self:send("CUID", tonumber(tostring(self):match"%x+$", 16)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 for mech in pairs(self.g_sasl:mechanisms()) do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 self:send("MECH", mech, mech_params[mech]); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 self:send("DONE"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 function sess:feed(data) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 -- TODO break this up a bit |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 -- module:log("debug", "sess = %s", dump(self)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 local buf = self.buf; |
2456
f3fc2b672df3
mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents:
2011
diff
changeset
|
69 buf = buf .. data; |
f3fc2b672df3
mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents:
2011
diff
changeset
|
70 local line, eol = buf:match("(.-)\r?\n()") |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 while line and line ~= "" do |
2456
f3fc2b672df3
mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents:
2011
diff
changeset
|
72 buf = buf:sub(eol); |
f3fc2b672df3
mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents:
2011
diff
changeset
|
73 self.buf = buf; |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 local part = line:gmatch("[^\t]+"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 local command = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 if command == "VERSION" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 local major = tonumber(part()); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 local minor = tonumber(part()); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 if major ~= 1 then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 self:log("warn", "Wrong version, expected 1.1, got %s.%s", tostring(major), tostring(minor)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 self.conn:close(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 break; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 elseif command == "CPID" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 self.type = "C"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 self.pid = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 elseif command == "SPID" and allow_master then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 self.type = "M"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 self.pid = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 elseif command == "AUTH" and self.type ~= "?" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 -- C: "AUTH" TAB <id> TAB <mechanism> TAB service=<service> [TAB <parameters>] |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 local id = part() -- <id> |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 local sasl = self.sasl[id]; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 local mech = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 if not sasl then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 -- TODO Should maybe initialize SASL handler after parsing the line? |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 sasl = self.g_sasl:clean_clone(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 self.sasl[id] = sasl; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 if not sasl:select(mech) then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 self:send("FAIL", id, "reason=invalid-mechanism"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 self.sasl[id] = nil; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 sasl = false |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 if sasl then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 local params = {}; -- Not used for anything yet |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 for p in part do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 local k,v = p:match("^([^=]*)=(.*)$"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
109 if k == "resp" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
110 self:log("debug", "params = %s", dump(params)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 v = base64.decode(v); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 local status, ret, err = sasl:process(v); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 self:log("debug", status); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 if status == "challenge" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 self:send("CONT", id, base64.encode(ret)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 elseif status == "failure" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 self.sasl[id] = nil; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 self:send("FAIL", id, "reason="..tostring(err)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 elseif status == "success" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 self.sasl[id] = nil; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 self:send("OK", id, "user="..sasl.username, ret and "resp="..base64.encode(ret)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
122 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
123 break; -- resp MUST be the last param |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
124 else |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
125 params[k or p] = v or true; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
126 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
127 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
128 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
129 elseif command == "USER" and self.type == "M" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
130 -- FIXME Should this be on a separate listener? |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
131 local id = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
132 local user = part(); |
2011
1831c7b23286
mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents:
1491
diff
changeset
|
133 if user and user_exists(user, default_vhost) then |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 self:send("USER", id); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 else |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 self:send("NOTFOUND", id); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 else |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 self:log("warn", "Unhandled command %s", tostring(command)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 self.conn:close(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 break; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 end |
2456
f3fc2b672df3
mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents:
2011
diff
changeset
|
143 line, eol = buf:match("(.-)\r?\n()") |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
149 local listener = {} |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 function listener.onconnect(conn) |
2458
20f9d7150777
mod_net_dovecotauth: Make variable local [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2457
diff
changeset
|
152 local s = new_session(conn); |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
153 sessions[conn] = s; |
2011
1831c7b23286
mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents:
1491
diff
changeset
|
154 local g_sasl = new_sasl(default_vhost, s); |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
155 s.g_sasl = g_sasl; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
156 s:handshake(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 function listener.onincoming(conn, data) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 local s = sessions[conn]; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 -- s:log("debug", "RECV %s", dump(data)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
162 return s:feed(data); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
163 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
164 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
165 function listener.ondisconnect(conn) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
166 sessions[conn] = nil; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
167 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
168 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
169 function module.unload() |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
170 for c in pairs(sessions) do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
171 c:close(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
172 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
173 end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
174 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
175 module:provides("net", { |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
176 default_port = 28484; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
177 listener = listener; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
178 }); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
179 |