Mercurial > prosody-modules

view mod_auth_pam/mod_auth_pam.lua @ 5366:db4c66a1d24b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Fill in some client metadata defaults Explicit > Implicit Maybe we should actually use these for something as well? :) It's is somewhat an open question of how strictly we should enforce things in the client metadata given that it is somewhat extensible. Especially some of these enum fields which have corresponding IANA registries.
author Kim Alvefur <zash@zash.se>
date Tue, 25 Apr 2023 18:09:08 +0200
parents 57bb2497fadc
children
line wrap: on
line source

-- PAM authentication for Prosody
-- Copyright (C) 2013 Kim Alvefur
--
-- Requires https://github.com/devurandom/lua-pam
-- and LuaPosix

local posix = require "posix";
local pam = require "pam";
local new_sasl = require "util.sasl".new;

function user_exists(username)
	return not not posix.getpasswd(username);
end

function test_password(username, password)
	local h, err = pam.start("xmpp", username, {
		function (t)
			if #t == 1 and t[1][1] == pam.PROMPT_ECHO_OFF then
				return { { password, 0} };
			end
		end
	});
	if h and h:authenticate() and h:endx(pam.SUCCESS) then
		return user_exists(username), true;
	end
	return nil, true;
end

function get_sasl_handler()
	return new_sasl(module.host, {
		plain_test = function(sasl, ...)
			return test_password(...)
		end
	});
end

module:provides"auth";