annotate mod_net_dovecotauth/mod_net_dovecotauth.lua @ 5401:c8d04ac200fc

mod_http_oauth2: Reject loopback URIs as client_uri This really should be a proper website with info, https://localhost is not good enough. Ideally we'd validate that it's got proper DNS and is actually reachable, but triggering HTTP or even DNS lookups seems like it would carry abuse potential that would best to avoid.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:20:55 +0200
parents 8e686bf63441
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- mod_net_dovecotauth.lua
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Protocol spec:
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 -- http://dovecot.org/doc/auth-protocol.txt
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 --
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 -- Example postfix config:
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 -- sudo postconf smtpd_sasl_path=inet:127.0.0.1:28484
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 -- sudo postconf smtpd_sasl_type=dovecot
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 -- sudo postconf smtpd_sasl_auth_enable=yes
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 module:set_global();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 -- Imports
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local new_sasl = require "core.usermanager".get_sasl_handler;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local user_exists = require "core.usermanager".user_exists;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local base64 = require"util.encodings".base64;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local dump = require"util.serialization".serialize;
2457
17539a5d73f4 mod_net_dovecotauth: Import util.pposix [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2456
diff changeset
18 local pposix = require "util.pposix";
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 -- Config
2011
1831c7b23286 mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents: 1491
diff changeset
21 local default_vhost = module:get_option_string("dovecotauth_host", (next(hosts))); -- TODO Is there a better solution?
1491
e7294423512f mod_net_dovecotauth: Fix typo in config option
Kim Alvefur <zash@zash.se>
parents: 1088
diff changeset
22 local allow_master = module:get_option_boolean("dovecotauth_allow_master", false);
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 -- Active sessions
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 local sessions = {};
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 -- Session methods
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 local new_session;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 local sess = { };
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 local sess_mt = { __index = sess };
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 function new_session(conn)
2459
8e686bf63441 mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2458
diff changeset
34 local s = { type = "?", conn = conn, buf = "", sasl = {} }
8e686bf63441 mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2458
diff changeset
35 function s:log(l, m, ...)
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 return module:log(l, self.type..tonumber(tostring(self):match("%x+$"), 16)..": "..m, ...);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 end
2459
8e686bf63441 mod_net_dovecotauth: Rename variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2458
diff changeset
38 return setmetatable(s, sess_mt);
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 function sess:send(...)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 local data = table.concat({...}, "\t") .. "\n"
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 -- self:log("debug", "SEND: %s", dump(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 return self.conn:write(data);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 local mech_params = {
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 ANONYMOUS = "anonymous";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 PLAIN = "plaintext";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 ["DIGEST-MD5"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 ["SCRAM-SHA-1"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 ["SCRAM-SHA-1-PLUS"] = "mutual-auth";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 }
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 function sess:handshake()
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 self:send("VERSION", 1, 1);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 self:send("SPID", pposix.getpid());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 self:send("CUID", tonumber(tostring(self):match"%x+$", 16));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 for mech in pairs(self.g_sasl:mechanisms()) do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 self:send("MECH", mech, mech_params[mech]);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 self:send("DONE");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 function sess:feed(data)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 -- TODO break this up a bit
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 -- module:log("debug", "sess = %s", dump(self));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 local buf = self.buf;
2456
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
69 buf = buf .. data;
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
70 local line, eol = buf:match("(.-)\r?\n()")
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 while line and line ~= "" do
2456
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
72 buf = buf:sub(eol);
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
73 self.buf = buf;
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 local part = line:gmatch("[^\t]+");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 local command = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 if command == "VERSION" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 local major = tonumber(part());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 local minor = tonumber(part());
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 if major ~= 1 then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 self:log("warn", "Wrong version, expected 1.1, got %s.%s", tostring(major), tostring(minor));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 self.conn:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 break;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 elseif command == "CPID" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85 self.type = "C";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 self.pid = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87 elseif command == "SPID" and allow_master then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88 self.type = "M";
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89 self.pid = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90 elseif command == "AUTH" and self.type ~= "?" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
91 -- C: "AUTH" TAB <id> TAB <mechanism> TAB service=<service> [TAB <parameters>]
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
92 local id = part() -- <id>
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93 local sasl = self.sasl[id];
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 local mech = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 if not sasl then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
96 -- TODO Should maybe initialize SASL handler after parsing the line?
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
97 sasl = self.g_sasl:clean_clone();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
98 self.sasl[id] = sasl;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99 if not sasl:select(mech) then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
100 self:send("FAIL", id, "reason=invalid-mechanism");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
102 sasl = false
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 if sasl then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
106 local params = {}; -- Not used for anything yet
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
107 for p in part do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
108 local k,v = p:match("^([^=]*)=(.*)$");
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
109 if k == "resp" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
110 self:log("debug", "params = %s", dump(params));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
111 v = base64.decode(v);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
112 local status, ret, err = sasl:process(v);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
113 self:log("debug", status);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
114 if status == "challenge" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
115 self:send("CONT", id, base64.encode(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
116 elseif status == "failure" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
117 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
118 self:send("FAIL", id, "reason="..tostring(err));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 elseif status == "success" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
120 self.sasl[id] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
121 self:send("OK", id, "user="..sasl.username, ret and "resp="..base64.encode(ret));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
122 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
123 break; -- resp MUST be the last param
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
124 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
125 params[k or p] = v or true;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
126 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
127 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
128 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
129 elseif command == "USER" and self.type == "M" then
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
130 -- FIXME Should this be on a separate listener?
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
131 local id = part();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
132 local user = part();
2011
1831c7b23286 mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents: 1491
diff changeset
133 if user and user_exists(user, default_vhost) then
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
134 self:send("USER", id);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
135 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
136 self:send("NOTFOUND", id);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
137 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
138 else
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
139 self:log("warn", "Unhandled command %s", tostring(command));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
140 self.conn:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
141 break;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
142 end
2456
f3fc2b672df3 mod_net_dovecotauth: Replace missing buffer lib with simpler string based buffering
Kim Alvefur <zash@zash.se>
parents: 2011
diff changeset
143 line, eol = buf:match("(.-)\r?\n()")
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
144 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
145 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
146
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
147 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
148
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
149 local listener = {}
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
150
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
151 function listener.onconnect(conn)
2458
20f9d7150777 mod_net_dovecotauth: Make variable local [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2457
diff changeset
152 local s = new_session(conn);
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
153 sessions[conn] = s;
2011
1831c7b23286 mod_net_dovecotauth: Improve variable names for clarity
Kim Alvefur <zash@zash.se>
parents: 1491
diff changeset
154 local g_sasl = new_sasl(default_vhost, s);
1088
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
155 s.g_sasl = g_sasl;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
156 s:handshake();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
157 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
158
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
159 function listener.onincoming(conn, data)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
160 local s = sessions[conn];
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
161 -- s:log("debug", "RECV %s", dump(data));
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
162 return s:feed(data);
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
163 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
164
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
165 function listener.ondisconnect(conn)
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
166 sessions[conn] = nil;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
167 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
168
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
169 function module.unload()
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
170 for c in pairs(sessions) do
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
171 c:close();
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
172 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
173 end
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
174
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
175 module:provides("net", {
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
176 default_port = 28484;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
177 listener = listener;
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
178 });
6f8e7f65f704 mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff changeset
179