comparison mod_auth_dovecot/auth_dovecot/mod_auth_dovecot.lua @ 474:942738953ff3

mod_auth_dovecot: Replace with SASL proxying version.
author Kim Alvefur <zash@zash.se>
date Thu, 10 Nov 2011 11:24:31 +0100
parents
children 0c130c45b7c1
comparison
equal deleted inserted replaced
473:99b246b37809 474:942738953ff3
1 -- Dovecot authentication backend for Prosody
2 --
3 -- Copyright (C) 2010-2011 Waqas Hussain
4 -- Copyright (C) 2011 Kim Alvefur
5 --
6
7 local name = "Dovecot SASL";
8 local log = require "util.logger".init("auth_dovecot");
9
10 local socket_path = module:get_option_string("dovecot_auth_socket", "/var/run/dovecot/auth-login");
11 local socket_host = module:get_option_string("dovecot_auth_host", "127.0.0.1");
12 local socket_port = module:get_option_string("dovecot_auth_port");
13
14 local service_realm = module:get_option("realm");
15 local service_name = module:get_option("service_name");
16 local append_host = module:get_option_boolean("auth_append_host");
17 local validate_domain = module:get_option_boolean("validate_append_host");
18 local handle_appended = module:get_option_string("handle_appended");
19 local util_sasl_new = require "util.sasl".new;
20
21 local new_dovecot_sasl = module:require "sasl_dovecot".new;
22
23 local new_sasl = function(realm)
24 return new_dovecot_sasl(
25 service_realm or realm,
26 service_name or "xmpp",
27
28 socket_port and { socket_path, socket_port } or socket_path,
29
30 { --config
31 handle_domain = handle_appended or
32 (append_host and "split" or "escape"),
33 validate_domain = validate_domain,
34 }
35 );
36 end
37
38 do
39 local s = new_sasl(module.host)
40 assert(s, "Could not create a new SASL object");
41 assert(s.mechanisms, "SASL object has no mechanims method");
42 local m, _m = {}, s:mechanisms();
43 assert(not append_host or _m.PLAIN, "auth_append_host requires PLAIN, but it is unavailable");
44 for k in pairs(_m) do
45 table.insert(m, k);
46 end
47 log("debug", "Mechanims found: %s", table.concat(m, ", "));
48 end
49
50 provider = {
51 name = module.name:gsub("^auth_","");
52 };
53
54 function provider.test_password(username, password)
55 return new_sasl(module.host):plain_test(username, password);
56 end
57
58 if append_host then
59 new_sasl = function(realm)
60 return util_sasl_new(realm, {
61 plain_test = function(sasl, username, password, realm)
62 local prepped_username = nodeprep(username);
63 if not prepped_username then
64 log("debug", "NODEprep failed on username: %s", username);
65 return "", nil;
66 end
67 prepped_username = prepped_username .. "@" .. module.host;
68 return provider.test_password(prepped_username, password), true;
69 end,
70 });
71 end
72 end
73
74 function provider.get_password(username)
75 return nil, "Passwords unavailable for "..name;
76 end
77
78 function provider.set_password(username, password)
79 return nil, "Passwords unavailable for "..name;
80 end
81
82 function provider.user_exists(username)
83 local user_test = new_sasl(module.host);
84 user_test:select("PLAIN");
85 user_test:process(("\0%s\0"):format(username));
86 return user_test.username == username;
87 end
88
89 function provider.create_user(username, password)
90 return nil, "Account creation/modification not available with "..name;
91 end
92
93 function provider.get_sasl_handler()
94 return new_sasl(module.host);
95 end
96
97 module:add_item("auth-provider", provider);
98