Mercurial > prosody-modules
annotate mod_auth_imap/auth_imap/sasl_imap.lib.lua @ 1196:f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 26 Sep 2013 13:43:27 +0200 |
parents | |
children | 5d46281a5d23 |
rev | line source |
---|---|
1196
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Dovecot authentication backend for Prosody |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 -- |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 -- Copyright (C) 2011 Kim Alvefur |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 -- |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local log = require "util.logger".init("sasl_imap"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 local setmetatable = setmetatable; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local s_match, s_gmatch = string.match, string.gmatch |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local t_concat = table.concat; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 local m_random = math.random; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 local tostring, tonumber = tostring, tonumber; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 local socket = require "socket" |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 -- TODO -- local ssl = require "ssl" |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 local base64 = require "util.encodings".base64; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 local b64, unb64 = base64.encode, base64.decode; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 local _M = {}; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 local method = {}; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 method.__index = method; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 -- For extracting the username. |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 local mitm = { |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 PLAIN = function(message) |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 return s_match(message, "^[^%z]*%z([^%z]+)%z[^%z]+"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 end, |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 ["SCRAM-SHA-1"] = function(message) |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 return s_match(message, "^[^,]+,[^,]*,n=([^,]*)"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 end, |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 ["DIGEST-MD5"] = function(message) |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 return s_match(message, "username=\"([^\"]*)\""); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 end, |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 } |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 local function connect(host, port, ssl) |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 port = tonumber(port) or (ssl and 993 or 143); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 log("debug", "connect() to %s:%s:%d", ssl and "ssl" or "tcp", host, tonumber(port)); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 local conn = socket.tcp(); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 -- Create a connection to imap socket |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 log("debug", "connecting to imap at '%s:%d'", host, port); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 local ok, err = conn:connect(host, port); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 conn:settimeout(10); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 if not ok then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 log("error", "error connecting to imap at '%s:%d'. error was '%s'. check permissions", host, port, err); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 return false; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 -- Parse IMAP handshake |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 local done = false; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 local supported_mechs = {}; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 local line = conn:receive("*l"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 log("debug", "imap handshake: '%s'", line); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 if not line then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 return false; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 local caps = line:match("^%*%s+OK%s+(%b[])"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 if caps then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 caps = caps:sub(2,-2); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 for cap in caps:gmatch("%S+") do |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 log("debug", "Capability: %s", cap); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 local mech = cap:match("AUTH=(.*)"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 if mech then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 log("debug", "Supported SASL mechanism: %s", mech); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 supported_mechs[mech] = mitm[mech] and true or nil; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 return conn, supported_mechs; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 -- create a new SASL object which can be used to authenticate clients |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 function _M.new(realm, service_name, host, port, ssl) |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 log("debug", "new(%q, %q, %q, %d)", realm or "", service_name or "", host or "", port or 0); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 local sasl_i = { |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 realm = realm, |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 service_name = service_name, |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 _host = host, |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 _port = port, |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 _ssl = ssl |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 }; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 local conn, mechs = connect(host, port, ssl); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 if not conn then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 return nil, "Socket connection failure"; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 sasl_i.conn, sasl_i.mechs = conn, mechs; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 return setmetatable(sasl_i, method); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 -- get a fresh clone with the same realm and service name |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 function method:clean_clone() |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 if self.conn then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 self.conn:close(); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 self.conn = nil; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 log("debug", "method:clean_clone()"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 return _M.new(self.realm, self.service_name, self._host, self._port) |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 -- get a list of possible SASL mechanisms to use |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 function method:mechanisms() |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 log("debug", "method:mechanisms()"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 return self.mechs; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
109 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
110 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 -- select a mechanism to use |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 function method:select(mechanism) |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 log("debug", "method:select(%q)", mechanism); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 if not self.selected and self.mechs[mechanism] then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 self.tag = tostring({}):match("0x(%x*)$"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 self.selected = mechanism; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 local selectmsg = t_concat({ self.tag, "AUTHENTICATE", mechanism }, " "); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 log("debug", "Sending %d bytes: %q", #selectmsg, selectmsg); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 local ok, err = self.conn:send(selectmsg.."\n"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 if not ok then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 log("error", "Could not write to socket: %s", err); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
122 return "failure", "internal-server-error", err |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
123 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
124 local line, err = self.conn:receive("*l"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
125 if not line then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
126 log("error", "Could not read from socket: %s", err); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
127 return "failure", "internal-server-error", err |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
128 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
129 log("debug", "Received %d bytes: %q", #line, line); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
130 return line:match("^+") |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
131 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
132 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 -- feed new messages to process into the library |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 function method:process(message) |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 local username = mitm[self.selected](message); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 if username then self.username = username; end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 log("debug", "method:process(%d bytes)", #message); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 local ok, err = self.conn:send(b64(message).."\n"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 if not ok then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 log("error", "Could not write to socket: %s", err); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 return "failure", "internal-server-error", err |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 log("debug", "Sent %d bytes to socket", ok); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 local line, err = self.conn:receive("*l"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 if not line then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 log("error", "Could not read from socket: %s", err); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 return "failure", "internal-server-error", err |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
149 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 log("debug", "Received %d bytes from socket: %s", #line, line); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
152 if line:match("^%+") and #line > 2 then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
153 local data = line:sub(3); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
154 data = data and unb64(data); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
155 return "challenge", unb64(data); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
156 elseif line:sub(1, #self.tag) == self.tag then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 local ok, rest = line:sub(#self.tag+1):match("(%w+)%s+(.*)"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 ok = ok:lower(); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 log("debug", "%s: %s", ok, rest); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 if ok == "ok" then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 return "success" |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
162 elseif ok == "no" then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
163 return "failure", "not-authorized", rest; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
164 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
165 elseif line:match("^%* BYE") then |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
166 local err = line:match("BYE%s*(.*)"); |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
167 return "failure", "not-authorized", err; |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
168 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
169 end |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
170 |
f45ca6edc159
mod_auth_imap: Authentication module that works by passing through SASL to a IMAP connection
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
171 return _M; |