annotate mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua @ 5361:cec1b0b0adef

mod_oidc_userinfo_vcard4: Fix phone number claim Copy-paste mistake probably
author Kim Alvefur <zash@zash.se>
date Sun, 23 Apr 2023 14:18:25 +0200
parents 544f5a4a8428
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- Dovecot authentication backend for Prosody
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Copyright (C) 2010-2011 Waqas Hussain
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 -- Copyright (C) 2011 Kim Alvefur
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 --
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local name = "Dovecot SASL";
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local log = require "util.logger".init("auth_dovecot");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local socket_path = module:get_option_string("dovecot_auth_socket", "/var/run/dovecot/auth-login");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 local socket_host = module:get_option_string("dovecot_auth_host", "127.0.0.1");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local socket_port = module:get_option_string("dovecot_auth_port");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local service_realm = module:get_option("realm");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local service_name = module:get_option("service_name");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local append_host = module:get_option_boolean("auth_append_host");
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
17 --assert(not append_host, "auth_append_host does not work");
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local validate_domain = module:get_option_boolean("validate_append_host");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 local handle_appended = module:get_option_string("handle_appended");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 local util_sasl_new = require "util.sasl".new;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 local new_dovecot_sasl = module:require "sasl_dovecot".new;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 local new_sasl = function(realm)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 return new_dovecot_sasl(
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 service_realm or realm,
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 service_name or "xmpp",
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
29 socket_port and { socket_host, socket_port } or socket_path,
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 { --config
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 handle_domain = handle_appended or
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 (append_host and "split" or "escape"),
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 validate_domain = validate_domain,
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 }
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 );
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 do
838
c9e2beec4ef6 mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
40 local s, err = new_sasl(module.host)
c9e2beec4ef6 mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
41 if not s then
c9e2beec4ef6 mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
42 log("error", "%s", tostring(err));
c9e2beec4ef6 mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents: 814
diff changeset
43 end
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 assert(s, "Could not create a new SASL object");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 assert(s.mechanisms, "SASL object has no mechanims method");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 local m, _m = {}, s:mechanisms();
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 assert(not append_host or _m.PLAIN, "auth_append_host requires PLAIN, but it is unavailable");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 for k in pairs(_m) do
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 table.insert(m, k);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 log("debug", "Mechanims found: %s", table.concat(m, ", "));
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53
814
881ec9919144 mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents: 700
diff changeset
54 provider = {};
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 function provider.test_password(username, password)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 return new_sasl(module.host):plain_test(username, password);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 function provider.get_password(username)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 return nil, "Passwords unavailable for "..name;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
64 function provider.set_password(username, password)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
65 return nil, "Passwords unavailable for "..name;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
66 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 function provider.user_exists(username)
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
69 return true -- FIXME
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
70 --[[ This, sadly, doesn't work.
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 local user_test = new_sasl(module.host);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 user_test:select("PLAIN");
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 user_test:process(("\0%s\0"):format(username));
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 return user_test.username == username;
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
75 --]]
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 function provider.create_user(username, password)
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 return nil, "Account creation/modification not available with "..name;
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 function provider.get_sasl_handler()
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
83 return new_sasl(module.host);
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 end
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
85
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
86 if append_host then
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
87 function provider.test_password(username, password)
1213
544f5a4a8428 mod_auth_dovecot: Check return value properly
Kim Alvefur <zash@zash.se>
parents: 1212
diff changeset
88 return new_sasl(module.host):plain_test(username .. "@".. (service_realm or module.host), password) == "success";
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
89 end
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
90
1212
bd88728b0d95 mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents: 838
diff changeset
91 function provider.get_sasl_handler()
bd88728b0d95 mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents: 838
diff changeset
92 return util_sasl_new(module.host, {
bd88728b0d95 mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents: 838
diff changeset
93 plain_test = function(sasl, username, password, realm)
bd88728b0d95 mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents: 838
diff changeset
94 return provider.test_password(username, password), true
bd88728b0d95 mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents: 838
diff changeset
95 end;
bd88728b0d95 mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents: 838
diff changeset
96 });
bd88728b0d95 mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents: 838
diff changeset
97 end
700
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
98 end
0c130c45b7c1 mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents: 474
diff changeset
99
814
881ec9919144 mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents: 700
diff changeset
100 module:provides("auth", provider);
474
942738953ff3 mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101