| author | Matthew Wild <mwild1@gmail.com> |
| Fri, 23 Sep 2022 12:37:36 +0100 | |
| changeset 5055 | 2718652c18ca |
| parent 1213 | 544f5a4a8428 |
| permissions | -rw-r--r-- |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
-- Dovecot authentication backend for Prosody |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
-- |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
-- Copyright (C) 2010-2011 Waqas Hussain |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
-- Copyright (C) 2011 Kim Alvefur |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
-- |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
local name = "Dovecot SASL"; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
local log = require "util.logger".init("auth_dovecot"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
local socket_path = module:get_option_string("dovecot_auth_socket", "/var/run/dovecot/auth-login"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
local socket_host = module:get_option_string("dovecot_auth_host", "127.0.0.1"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
local socket_port = module:get_option_string("dovecot_auth_port"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
local service_realm = module:get_option("realm"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
local service_name = module:get_option("service_name"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
local append_host = module:get_option_boolean("auth_append_host"); |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
17 |
--assert(not append_host, "auth_append_host does not work"); |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
local validate_domain = module:get_option_boolean("validate_append_host"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
local handle_appended = module:get_option_string("handle_appended"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
local util_sasl_new = require "util.sasl".new; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
local new_dovecot_sasl = module:require "sasl_dovecot".new; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
local new_sasl = function(realm) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
return new_dovecot_sasl( |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
service_realm or realm, |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
service_name or "xmpp", |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
|
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
29 |
socket_port and { socket_host, socket_port } or socket_path, |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
{ --config |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
handle_domain = handle_appended or |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
(append_host and "split" or "escape"), |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
validate_domain = validate_domain, |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
} |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
do |
|
838
c9e2beec4ef6
mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
40 |
local s, err = new_sasl(module.host) |
|
c9e2beec4ef6
mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
41 |
if not s then |
|
c9e2beec4ef6
mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
42 |
log("error", "%s", tostring(err)); |
|
c9e2beec4ef6
mod_auth_dovecot: Improved error reporting.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
43 |
end |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
assert(s, "Could not create a new SASL object"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
assert(s.mechanisms, "SASL object has no mechanims method"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
local m, _m = {}, s:mechanisms(); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
assert(not append_host or _m.PLAIN, "auth_append_host requires PLAIN, but it is unavailable"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
for k in pairs(_m) do |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
table.insert(m, k); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
log("debug", "Mechanims found: %s", table.concat(m, ", ")); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
|
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
700
diff
changeset
|
54 |
provider = {}; |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 |
function provider.test_password(username, password) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
return new_sasl(module.host):plain_test(username, password); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
function provider.get_password(username) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 |
return nil, "Passwords unavailable for "..name; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 |
function provider.set_password(username, password) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 |
return nil, "Passwords unavailable for "..name; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 |
function provider.user_exists(username) |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
69 |
return true -- FIXME |
|
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
70 |
--[[ This, sadly, doesn't work. |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
local user_test = new_sasl(module.host); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 |
user_test:select("PLAIN"); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
user_test:process(("\0%s\0"):format(username)); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
return user_test.username == username; |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
75 |
--]] |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 |
function provider.create_user(username, password) |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 |
return nil, "Account creation/modification not available with "..name; |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 |
|
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 |
function provider.get_sasl_handler() |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 |
return new_sasl(module.host); |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 |
end |
|
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |
|
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
86 |
if append_host then |
|
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
87 |
function provider.test_password(username, password) |
|
1213
544f5a4a8428
mod_auth_dovecot: Check return value properly
Kim Alvefur <zash@zash.se>
parents:
1212
diff
changeset
|
88 |
return new_sasl(module.host):plain_test(username .. "@".. (service_realm or module.host), password) == "success"; |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
89 |
end |
|
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
90 |
|
|
1212
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
91 |
function provider.get_sasl_handler() |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
92 |
return util_sasl_new(module.host, { |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
93 |
plain_test = function(sasl, username, password, realm) |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
94 |
return provider.test_password(username, password), true |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
95 |
end; |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
96 |
}); |
|
bd88728b0d95
mod_auth_dovecot: Add a proper SASL handler method
Kim Alvefur <zash@zash.se>
parents:
838
diff
changeset
|
97 |
end |
|
700
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
98 |
end |
|
0c130c45b7c1
mod_auth_dovecot: Old forgotten changes. Testing appreciated.
Kim Alvefur <zash@zash.se>
parents:
474
diff
changeset
|
99 |
|
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
700
diff
changeset
|
100 |
module:provides("auth", provider); |
|
474
942738953ff3
mod_auth_dovecot: Replace with SASL proxying version.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |