changeset 261:0f46fb2dbc79

mod_auth_dovecot: Initial commit of Dovecot authentication backend by Javier Torres
author Matthew Wild <mwild1@gmail.com>
date Sun, 10 Oct 2010 21:43:50 +0100
parents 1fdd201c1d43
children 4986ffe35704
files mod_auth_dovecot/mod_auth_dovecot.lua
diffstat 1 files changed, 108 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_auth_dovecot/mod_auth_dovecot.lua	Sun Oct 10 21:43:50 2010 +0100
@@ -0,0 +1,108 @@
+-- Dovecot authentication backend for Prosody
+--
+-- Copyright (C) 2010 Javier Torres
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
+--
+
+local socket_unix = require "socket.unix";
+local datamanager = require "util.datamanager";
+local log = require "util.logger".init("auth_internal_plain");
+local new_sasl = require "util.sasl".new;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
+local base64 = require "util.encodings".base64;
+
+local prosody = _G.prosody;
+
+function new_default_provider(host)
+	local provider = { name = "dovecot" };
+	log("debug", "initializing dovecot authentication provider for host '%s'", host);
+
+	function provider.test_password(username, password)
+		log("debug", "test password '%s' for user %s at host %s", password, username, module.host);
+		
+		c = assert(socket.unix());
+		assert(c:connect("/var/run/dovecot/auth-login")); -- FIXME: Hardcoded is bad
+		
+		local pid = "12345"; -- FIXME: this should be an unique number between processes, recommendation is PID
+
+		-- Send our handshake
+        -- FIXME: Oh no! There are asserts everywhere
+		assert(c:send("VERSION\t1\t1\n"));
+		assert(c:send("CPID\t" .. pid .. "\n"));
+
+		-- Check their handshake
+		local done = false;
+		while (not done) do
+			local l = assert(c:receive());
+			parts = string.gmatch(l, "[^\t]+");
+			first = parts();
+			if (first == "VERSION") then
+				assert(parts() == "1");
+				assert(parts() == "1");
+			elseif (first == "MECH") then
+				local ok = false;
+				for p in parts do
+					if p == "PLAIN" then
+						ok = true;
+					end
+				end
+				assert(ok);
+			elseif (first == "DONE") then
+				done = true;
+			end
+		end
+
+		-- Send auth data
+		username = username .. "@" .. module.host; -- FIXME: this is actually a hack for my server
+		local b64 = base64.encode(username .. "\0" .. username .. "\0" .. password);
+		local id = "54321"; -- FIXME: probably can just be a fixed value if making one request per connection
+		assert(c:send("AUTH\t" .. id .. "\tPLAIN\tservice=XMPP\tresp=" .. b64 .. "\n"));
+		local l = assert(c:receive());
+		assert(c:close());
+		local parts = string.gmatch(l, "[^\t]+");
+
+		if (parts() == "OK") then
+			return true;
+		else
+			return nil, "Auth failed. Invalid username or password.";
+		end
+	end
+
+	function provider.get_password(username)
+		return nil, "Cannot get_password in dovecot backend.";
+	end
+	
+	function provider.set_password(username, password)
+		return nil, "Cannot set_password in dovecot backend.";
+	end
+
+	function provider.user_exists(username)
+        --TODO: Send an auth request. If it returns FAIL <id> user=<user> then user exists.
+		return nil, "user_exists not yet implemented in dovecot backend.";
+	end
+
+	function provider.create_user(username, password)
+		return nil, "Cannot create_user in dovecot backend.";
+	end
+
+	function provider.get_sasl_handler()
+		local realm = module:get_option("sasl_realm") or module.host;
+		local getpass_authentication_profile = {
+			plain_test = function(username, password, realm)
+                                local prepped_username = nodeprep(username);
+                                if not prepped_username then
+                                        log("debug", "NODEprep failed on username: %s", username);
+                                        return "", nil;
+                                end
+                                return usermanager.test_password(prepped_username, realm, password), true;
+                        end
+		};
+		return new_sasl(realm, getpass_authentication_profile);
+	end
+	
+	return provider;
+end
+
+module:add_item("auth-provider", new_default_provider(module.host));
+