annotate mod_auth_pam/mod_auth_pam.lua @ 1192:db4085433e5f

mod_auth_ldap: Implement password change
author Kim Alvefur <zash@zash.se>
date Tue, 17 Sep 2013 16:02:33 +0200
parents b8762c9fb270
children 57bb2497fadc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1165
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- PAM authentication for Prosody
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 -- Copyright (C) 2013 Kim Alvefur
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 --
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 -- Requires https://github.com/devurandom/lua-pam
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 -- and LuaPosix
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local posix = require "posix";
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local pam = require "pam";
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local new_sasl = require "util.sasl".new;
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 function user_exists(username)
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 return not not posix.getpasswd(username);
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 end
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 function test_password(username, password)
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local h, err = pam.start("xmpp", username, {
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 function (t)
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 if #t == 1 and t[1][1] == pam.PAM_PROMPT_ECHO_OFF then
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 return { { password, 0} };
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 end
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 end
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 });
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 if h and h:authenticate() and h:endx(pam.PAM_SUCCESS) then
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 return true, true;
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 end
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 return nil, true;
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 end
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 function get_sasl_handler()
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 return new_sasl(module.host, {
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 plain_test = function(sasl, ...)
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 return test_password(...)
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 end
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 });
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 end
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36
b8762c9fb270 mod_auth_pam: Initial commit of simple PAM authentication module
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 module:provides"auth";