Mercurial > prosody-modules
view mod_auth_pam/mod_auth_pam.lua @ 5424:b45d9a81b3da
mod_http_oauth2: Revert role selector, going to try something else
Back out f2c7bb3af600
Allowing only a single role to be encoded into the grant takes away the
possibility of having multiple roles in the grant, one of which is
selected when issuing an access token. It also takes away the ability to
have zero roles granted, which could be useful e.g. when you only need
OIDC scopes.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 07 May 2023 19:40:57 +0200 |
parents | 57bb2497fadc |
children |
line wrap: on
line source
-- PAM authentication for Prosody -- Copyright (C) 2013 Kim Alvefur -- -- Requires https://github.com/devurandom/lua-pam -- and LuaPosix local posix = require "posix"; local pam = require "pam"; local new_sasl = require "util.sasl".new; function user_exists(username) return not not posix.getpasswd(username); end function test_password(username, password) local h, err = pam.start("xmpp", username, { function (t) if #t == 1 and t[1][1] == pam.PROMPT_ECHO_OFF then return { { password, 0} }; end end }); if h and h:authenticate() and h:endx(pam.SUCCESS) then return user_exists(username), true; end return nil, true; end function get_sasl_handler() return new_sasl(module.host, { plain_test = function(sasl, ...) return test_password(...) end }); end module:provides"auth";