| author | Matthew Wild <mwild1@gmail.com> |
| Fri, 23 Sep 2022 22:41:15 +0100 | |
| changeset 5058 | 62480053c87b |
| parent 4714 | 099dcdb732b1 |
| permissions | -rw-r--r-- |
|
4714
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
-- sasl.lua v0.4 |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
-- Copyright (C) 2008-2009 Tobias Markmann |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
-- |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
-- All rights reserved. |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
-- |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
-- |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
-- |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
local cyrussasl = require "cyrussasl"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
local log = require "util.logger".init("sasl_cyrus"); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
local setmetatable = setmetatable |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
local pcall = pcall |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
local s_match, s_gmatch = string.match, string.gmatch |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
local sasl_errstring = { |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
-- SASL result codes -- |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
[1] = "another step is needed in authentication"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
[0] = "successful result"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
[-1] = "generic failure"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
[-2] = "memory shortage failure"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
[-3] = "overflowed buffer"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
[-4] = "mechanism not supported"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
[-5] = "bad protocol / cancel"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
[-6] = "can't request info until later in exchange"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
[-7] = "invalid parameter supplied"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
[-8] = "transient failure (e.g., weak key)"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
[-9] = "integrity check failed"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
[-12] = "SASL library not initialized"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
-- client only codes -- |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
[2] = "needs user interaction"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
[-10] = "server failed mutual authentication step"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
[-11] = "mechanism doesn't support requested feature"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
-- server only codes -- |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
[-13] = "authentication failure"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
[-14] = "authorization failure"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
[-15] = "mechanism too weak for this user"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
[-16] = "encryption needed to use mechanism"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
[-17] = "One time use of a plaintext password will enable requested mechanism for user"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
[-18] = "passphrase expired, has to be reset"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
[-19] = "account disabled"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
[-20] = "user not found"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
[-23] = "version mismatch with plug-in"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
[-24] = "remote authentication server unavailable"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
[-26] = "user exists, but no verifier for user"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
-- codes for password setting -- |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 |
[-21] = "passphrase locked"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
[-22] = "requested change was not needed"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
[-27] = "passphrase is too weak for security policy"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
[-28] = "user supplied passwords not permitted"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
}; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 |
setmetatable(sasl_errstring, { __index = function() return "undefined error!" end }); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
local _ENV = nil; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 |
-- luacheck: std none |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
local method = {}; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 |
method.__index = method; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 |
local initialized = false; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 |
local function init(service_name) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
if not initialized then |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 |
local st, errmsg = pcall(cyrussasl.server_init, service_name); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
if st then |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
initialized = true; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 |
else |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 |
log("error", "Failed to initialize Cyrus SASL: %s", errmsg); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 |
-- create a new SASL object which can be used to authenticate clients |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 |
-- host_fqdn may be nil in which case gethostname() gives the value. |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 |
-- For GSSAPI, this determines the hostname in the service ticket (after |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 |
-- reverse DNS canonicalization, only if [libdefaults] rdns = true which |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |
-- is the default). |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 |
local function new(realm, service_name, app_name, host_fqdn) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 |
init(app_name or service_name); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 |
local st, ret = pcall(cyrussasl.server_new, service_name, host_fqdn, realm, nil, nil) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 |
if not st then |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 |
log("error", "Creating SASL server connection failed: %s", ret); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 |
return nil; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 |
local sasl_i = { realm = realm, service_name = service_name, cyrus = ret }; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 |
if cyrussasl.set_canon_cb then |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 |
local c14n_cb = function (user) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 |
local node = s_match(user, "^([^@]+)"); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |
log("debug", "Canonicalizing username %s to %s", user, node) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 |
return node |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 |
cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 |
cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 |
local mechanisms = {}; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
109 |
local cyrus_mechs = cyrussasl.listmech(sasl_i.cyrus, nil, "", " ", ""); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
110 |
for w in s_gmatch(cyrus_mechs, "[^ ]+") do |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 |
mechanisms[w] = true; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 |
sasl_i.mechs = mechanisms; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 |
return setmetatable(sasl_i, method); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 |
-- get a fresh clone with the same realm and service name |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 |
function method:clean_clone() |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 |
return new(self.realm, self.service_name) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
122 |
-- get a list of possible SASL mechanims to use |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
123 |
function method:mechanisms() |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
124 |
return self.mechs; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
125 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
126 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
127 |
-- select a mechanism to use |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
128 |
function method:select(mechanism) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
129 |
if not self.selected and self.mechs[mechanism] then |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
130 |
self.selected = mechanism; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
131 |
return true; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
132 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 |
-- feed new messages to process into the library |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 |
function method:process(message) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 |
local err; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 |
local data; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 |
if not self.first_step_done then |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 |
err, data = cyrussasl.server_start(self.cyrus, self.selected, message or "") |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 |
self.first_step_done = true; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 |
else |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 |
err, data = cyrussasl.server_step(self.cyrus, message or "") |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 |
self.username = cyrussasl.get_username(self.cyrus) |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
149 |
if (err == 0) then -- SASL_OK |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 |
if self.require_provisioning and not self.require_provisioning(self.username) then |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 |
return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP"; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
152 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
153 |
return "success", data |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
154 |
elseif (err == 1) then -- SASL_CONTINUE |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
155 |
return "challenge", data |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
156 |
elseif (err == -4) then -- SASL_NOMECH |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 |
log("debug", "SASL mechanism not available from remote end") |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 |
return "failure", "invalid-mechanism", "SASL mechanism not available" |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 |
elseif (err == -13) then -- SASL_BADAUTH |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 |
return "failure", "not-authorized", sasl_errstring[err]; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 |
else |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
162 |
log("debug", "Got SASL error condition %d: %s", err, sasl_errstring[err]); |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
163 |
return "failure", "undefined-condition", sasl_errstring[err]; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
164 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
165 |
end |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
166 |
|
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
167 |
return { |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
168 |
new = new; |
|
099dcdb732b1
mod_auth_cyrus: Import from Prosody rev 8f1e7fd55e7b
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
169 |
}; |