Mercurial > prosody-modules

view mod_auth_pam/mod_auth_pam.lua @ 5519:83ebfc367169

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Return Authentication Time per OpenID Core Section 2 Mandatory To Implement, either MUST include or OPTIONAL depending on things we don't look at, so might as well include it all the time. Since we do not persist authentication state with cookies or such, the authentication time will always be some point between the user being sent to the authorization endpoint and the time they are sent back to the client application.
author Kim Alvefur <zash@zash.se>
date Mon, 05 Jun 2023 22:32:44 +0200
parents 57bb2497fadc
children
line wrap: on
line source

-- PAM authentication for Prosody
-- Copyright (C) 2013 Kim Alvefur
--
-- Requires https://github.com/devurandom/lua-pam
-- and LuaPosix

local posix = require "posix";
local pam = require "pam";
local new_sasl = require "util.sasl".new;

function user_exists(username)
	return not not posix.getpasswd(username);
end

function test_password(username, password)
	local h, err = pam.start("xmpp", username, {
		function (t)
			if #t == 1 and t[1][1] == pam.PROMPT_ECHO_OFF then
				return { { password, 0} };
			end
		end
	});
	if h and h:authenticate() and h:endx(pam.SUCCESS) then
		return user_exists(username), true;
	end
	return nil, true;
end

function get_sasl_handler()
	return new_sasl(module.host, {
		plain_test = function(sasl, ...)
			return test_password(...)
		end
	});
end

module:provides"auth";