Mercurial > prosody-modules

view mod_auth_cyrus/mod_auth_cyrus.lua @ 4738:5aee8d86629a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_bookmarks2: Fix handling of nick and password elements This form of child retrieval fails when the stanza elements internally don't have an 'xmlns' attribute, which can happen sometimes for some reason, including when they have been constructed via the stanza builder API. When that is the case then the explicit namespace arguemnt does not match the nil value of the internal attribute. Calling `:get_child()` without the namespace argument does the right thing here, with both nil and the parent namespace as valid values for the internal attribute.
author Kim Alvefur <zash@zash.se>
date Wed, 03 Nov 2021 21:11:55 +0100
parents 099dcdb732b1
children b8366e31c829
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
-- luacheck: ignore 212

local log = require "util.logger".init("auth_cyrus");

local usermanager_user_exists = require "core.usermanager".user_exists;

local cyrus_service_realm = module:get_option("cyrus_service_realm");
local cyrus_service_name = module:get_option("cyrus_service_name");
local cyrus_application_name = module:get_option("cyrus_application_name");
local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
local host_fqdn = module:get_option("cyrus_server_fqdn");

prosody.unlock_globals(); --FIXME: Figure out why this is needed and
						  -- why cyrussasl isn't caught by the sandbox
local cyrus_new = require "util.sasl_cyrus".new;
prosody.lock_globals();
local new_sasl = function(realm)
	return cyrus_new(
		cyrus_service_realm or realm,
		cyrus_service_name or "xmpp",
		cyrus_application_name or "prosody",
		host_fqdn
	);
end

do -- diagnostic
	local list;
	for mechanism in pairs(new_sasl(module.host):mechanisms()) do
		list = (not(list) and mechanism) or (list..", "..mechanism);
	end
	if not list then
		module:log("error", "No Cyrus SASL mechanisms available");
	else
		module:log("debug", "Available Cyrus SASL mechanisms: %s", list);
	end
end

local host = module.host;

-- define auth provider
local provider = {};
log("debug", "initializing default authentication provider for host '%s'", host);

function provider.test_password(username, password)
	return nil, "Legacy auth not supported with Cyrus SASL.";
end

function provider.get_password(username)
	return nil, "Passwords unavailable for Cyrus SASL.";
end

function provider.set_password(username, password)
	return nil, "Passwords unavailable for Cyrus SASL.";
end

function provider.user_exists(username)
	if require_provisioning then
		return usermanager_user_exists(username, host);
	end
	return true;
end

function provider.create_user(username, password)
	return nil, "Account creation/modification not available with Cyrus SASL.";
end

function provider.get_sasl_handler()
	local handler = new_sasl(host);
	if require_provisioning then
		function handler.require_provisioning(username)
			return usermanager_user_exists(username, host);
		end
	end
	return handler;
end

module:provides("auth", provider);