| author | Mikael Nordfeldth <mmn@hethane.se> |
| Mon, 24 Jun 2013 14:29:03 +0200 | |
| changeset 1086 | 50ee38e95e75 |
| parent 902 | 490cb9161c81 |
| child 1154 | 61f95bf51b35 |
| permissions | -rw-r--r-- |
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
1 |
-- |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
2 |
-- NOTE: currently this uses lpc; when waqas fixes process, it can go back to that |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
3 |
-- |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
4 |
-- Prosody IM |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
5 |
-- Copyright (C) 2010 Waqas Hussain |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
6 |
-- Copyright (C) 2010 Jeff Mitchell |
|
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
7 |
-- Copyright (C) 2013 Mikael Nordfeldth |
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
8 |
-- |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
9 |
-- This project is MIT/X11 licensed. Please see the |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
10 |
-- COPYING file in the source package for more information. |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
11 |
-- |
| 152 | 12 |
|
13 |
||
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
14 |
--local process = require "process"; |
|
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
15 |
local lpc; pcall(function() lpc = require "lpc"; end); |
| 152 | 16 |
|
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
17 |
local config = require "core.configmanager"; |
|
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
18 |
local log = module._log; |
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
19 |
local host = module.host; |
|
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
20 |
local script_type = config.get(host, "core", "external_auth_protocol") or "generic"; |
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
21 |
assert(script_type == "ejabberd" or script_type == "generic"); |
|
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
22 |
local command = config.get(host, "core", "external_auth_command") or ""; |
| 152 | 23 |
assert(type(command) == "string"); |
24 |
assert(not host:find(":")); |
|
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
25 |
local usermanager = require "core.usermanager"; |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
26 |
local jid_bare = require "util.jid".bare; |
|
166
75a85eac3c27
mod_extauth: Updated to provide a SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents:
158
diff
changeset
|
27 |
local new_sasl = require "util.sasl".new; |
| 152 | 28 |
|
29 |
local function send_query(text) |
|
|
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
30 |
local tmpname = os.tmpname(); |
|
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
31 |
local p = io.popen(command.." > "..tmpname, "w"); -- dump result to file |
|
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
32 |
p:write(text); -- push colon-separated args through pipe to above command |
|
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
33 |
p:close(); |
|
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
34 |
local tmpfile = io.open(tmpname, "r"); -- open file to read auth result |
|
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
35 |
local result; |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
36 |
if script_type == "ejabberd" then |
|
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
37 |
result = tmpfile:read(4); |
|
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
38 |
elseif script_type == "generic" then |
|
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
39 |
result = tmpfile:read(); |
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
40 |
end |
|
1086
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
41 |
tmpfile:close(); |
|
50ee38e95e75
Don't store password in temporary file, pipe instead
Mikael Nordfeldth <mmn@hethane.se>
parents:
902
diff
changeset
|
42 |
os.remove(tmpname); -- clean up after us |
|
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
43 |
return result; |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
44 |
end |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
45 |
|
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
46 |
if lpc then |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
47 |
--local proc; |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
48 |
local pid; |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
49 |
local readfile; |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
50 |
local writefile; |
|
197
2686221255cf
restart authorize command if crashed or ended; added example shell script
Bjoern Kalkbrenner <terminar@cyberphoria.org>
parents:
168
diff
changeset
|
51 |
|
|
846
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
52 |
function send_query(text) |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
53 |
if pid and lpc.wait(pid,1) ~= nil then |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
54 |
log("debug","error, process died, force reopen"); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
55 |
pid=nil; |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
56 |
end |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
57 |
if not pid then |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
58 |
log("debug", "Opening process " .. command); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
59 |
-- proc = process.popen(command); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
60 |
pid, writefile, readfile = lpc.run(command); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
61 |
end |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
62 |
-- if not proc then |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
63 |
if not pid then |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
64 |
log("debug", "Process failed to open"); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
65 |
return nil; |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
66 |
end |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
67 |
-- proc:write(text); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
68 |
-- proc:flush(); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
69 |
|
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
70 |
writefile:write(text); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
71 |
writefile:flush(); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
72 |
if script_type == "ejabberd" then |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
73 |
-- return proc:read(4); -- FIXME do properly |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
74 |
return readfile:read(4); -- FIXME do properly |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
75 |
elseif script_type == "generic" then |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
76 |
-- return proc:read(1); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
77 |
return readfile:read(); |
|
5ddc43ce8993
mod_auth_external: Work even when the LuaProcessCall library isn't available.
Waqas Hussain <waqas20@gmail.com>
parents:
816
diff
changeset
|
78 |
end |
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
79 |
end |
| 152 | 80 |
end |
81 |
||
82 |
function do_query(kind, username, password) |
|
83 |
if not username then return nil, "not-acceptable"; end |
|
84 |
||
85 |
local query = (password and "%s:%s:%s:%s" or "%s:%s:%s"):format(kind, username, host, password); |
|
86 |
local len = #query |
|
87 |
if len > 1000 then return nil, "policy-violation"; end |
|
88 |
||
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
89 |
if script_type == "ejabberd" then |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
90 |
local lo = len % 256; |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
91 |
local hi = (len - lo) / 256; |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
92 |
query = string.char(hi, lo)..query; |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
93 |
end |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
94 |
if script_type == "generic" then |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
95 |
query = query..'\n'; |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
96 |
end |
| 152 | 97 |
|
98 |
local response = send_query(query); |
|
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
99 |
if (script_type == "ejabberd" and response == "\0\2\0\0") or |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
100 |
(script_type == "generic" and response == "0") then |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
101 |
return nil, "not-authorized"; |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
102 |
elseif (script_type == "ejabberd" and response == "\0\2\0\1") or |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
103 |
(script_type == "generic" and response == "1") then |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
104 |
return true; |
| 152 | 105 |
else |
|
168
cd8492748985
mod_auth_external: Renamed from mod_extauth. Update logging and options (external_auth_protocol, external_auth_command)
Matthew Wild <mwild1@gmail.com>
parents:
166
diff
changeset
|
106 |
log("debug", "Nonsense back"); |
|
158
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
107 |
--proc:close(); |
|
1a5d5d4f08fe
Add "generic" script support to mod_extauth, as well as lpc support until waqas fixes process
Jeff Mitchell <jeff@jefferai.org>
parents:
152
diff
changeset
|
108 |
--proc = nil; |
| 152 | 109 |
return nil, "internal-server-error"; |
110 |
end |
|
111 |
end |
|
112 |
||
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
113 |
local host = module.host; |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
114 |
local provider = {}; |
| 152 | 115 |
|
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
116 |
function provider.test_password(username, password) |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
117 |
return do_query("auth", username, password); |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
118 |
end |
| 152 | 119 |
|
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
120 |
function provider.set_password(username, password) |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
121 |
return do_query("setpass", username, password); |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
122 |
end |
| 152 | 123 |
|
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
124 |
function provider.user_exists(username) |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
125 |
return do_query("isuser", username); |
| 152 | 126 |
end |
127 |
||
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
128 |
function provider.create_user(username, password) return nil, "Account creation/modification not available."; end |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
129 |
|
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
130 |
function provider.get_sasl_handler() |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
131 |
local testpass_authentication_profile = { |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
132 |
plain_test = function(sasl, username, password, realm) |
|
902
490cb9161c81
mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents:
846
diff
changeset
|
133 |
return usermanager.test_password(username, realm, password), true; |
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
134 |
end, |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
135 |
}; |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
136 |
return new_sasl(host, testpass_authentication_profile); |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
137 |
end |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
138 |
|
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
139 |
function provider.is_admin(jid) |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
140 |
local admins = config.get(host, "core", "admins"); |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
141 |
if admins ~= config.get("*", "core", "admins") then |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
142 |
if type(admins) == "table" then |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
143 |
jid = jid_bare(jid); |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
144 |
for _,admin in ipairs(admins) do |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
145 |
if admin == jid then return true; end |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
146 |
end |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
147 |
elseif admins then |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
148 |
log("error", "Option 'admins' for host '%s' is not a table", host); |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
149 |
end |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
150 |
end |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
151 |
return usermanager.is_admin(jid); -- Test whether it's a global admin instead |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
152 |
end |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
153 |
|
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
154 |
module:provides("auth", provider); |