Mercurial > prosody-modules
annotate mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua @ 5668:ecfd7aece33b
mod_measure_modules: Report module statuses via OpenMetrics
Someone in the chat asked about a health check endpoint, which reminded
me of mod_http_status, which provides access to module statuses with
full details. After that, this idea came about, which seems natural.
As noted in the README, it could be used to monitor that critical
modules are in fact loaded correctly.
As more modules use the status API, the more useful this module and
mod_http_status becomes.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 06 Oct 2023 18:34:39 +0200 |
| parents | 544f5a4a8428 |
| children |
| rev | line source |
|---|---|
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Dovecot authentication backend for Prosody |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- Copyright (C) 2010-2011 Waqas Hussain |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- Copyright (C) 2011 Kim Alvefur |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 -- |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local name = "Dovecot SASL"; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local log = require "util.logger".init("auth_dovecot"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local socket_path = module:get_option_string("dovecot_auth_socket", "/var/run/dovecot/auth-login"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local socket_host = module:get_option_string("dovecot_auth_host", "127.0.0.1"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local socket_port = module:get_option_string("dovecot_auth_port"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 local service_realm = module:get_option("realm"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local service_name = module:get_option("service_name"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 local append_host = module:get_option_boolean("auth_append_host"); |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
17 --assert(not append_host, "auth_append_host does not work"); |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local validate_domain = module:get_option_boolean("validate_append_host"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 local handle_appended = module:get_option_string("handle_appended"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 local util_sasl_new = require "util.sasl".new; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 local new_dovecot_sasl = module:require "sasl_dovecot".new; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 local new_sasl = function(realm) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 return new_dovecot_sasl( |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 service_realm or realm, |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 service_name or "xmpp", |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
29 socket_port and { socket_host, socket_port } or socket_path, |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 { --config |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 handle_domain = handle_appended or |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 (append_host and "split" or "escape"), |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 validate_domain = validate_domain, |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 } |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 ); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 do |
|
838
c9e2beec4ef6
mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
40 local s, err = new_sasl(module.host) |
|
c9e2beec4ef6
mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
41 if not s then |
|
c9e2beec4ef6
mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
42 log("error", "%s", tostring(err)); |
|
c9e2beec4ef6
mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
43 end |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 assert(s, "Could not create a new SASL object"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 assert(s.mechanisms, "SASL object has no mechanims method"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 local m, _m = {}, s:mechanisms(); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 assert(not append_host or _m.PLAIN, "auth_append_host requires PLAIN, but it is unavailable"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 for k in pairs(_m) do |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 table.insert(m, k); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 log("debug", "Mechanims found: %s", table.concat(m, ", ")); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
700
diff
changeset
|
54 provider = {}; |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 function provider.test_password(username, password) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 return new_sasl(module.host):plain_test(username, password); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 function provider.get_password(username) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 return nil, "Passwords unavailable for "..name; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 function provider.set_password(username, password) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 return nil, "Passwords unavailable for "..name; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 function provider.user_exists(username) |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
69 return true -- FIXME |
|
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
70 --[[ This, sadly, doesn't work. |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 local user_test = new_sasl(module.host); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 user_test:select("PLAIN"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 user_test:process(("\0%s\0"):format(username)); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 return user_test.username == username; |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
75 --]] |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 function provider.create_user(username, password) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 return nil, "Account creation/modification not available with "..name; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 function provider.get_sasl_handler() |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 return new_sasl(module.host); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
86 if append_host then |
|
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
87 function provider.test_password(username, password) |
|
1213
544f5a4a8428
mod_auth_dovecot: Check return value properly
Kim Alvefur <zash@zash.se>
parents:
1212
diff
changeset
|
88 return new_sasl(module.host):plain_test(username .. "@".. (service_realm or module.host), password) == "success"; |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
89 end |
|
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
90 |
|
1212
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
91 function provider.get_sasl_handler() |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
92 return util_sasl_new(module.host, { |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
93 plain_test = function(sasl, username, password, realm) |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
94 return provider.test_password(username, password), true |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
95 end; |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
96 }); |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
97 end |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
98 end |
|
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
99 |
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
700
diff
changeset
|
100 module:provides("auth", provider); |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |