| author | Matthew Wild <mwild1@gmail.com> |
| Fri, 23 Sep 2022 22:41:15 +0100 | |
| changeset 5058 | 62480053c87b |
| parent 3873 | f2b29183ef08 |
| permissions | -rw-r--r-- |
| 809 | 1 |
-- vim:sts=4 sw=4 |
2 |
||
3 |
-- Prosody IM |
|
4 |
-- Copyright (C) 2008-2010 Matthew Wild |
|
5 |
-- Copyright (C) 2008-2010 Waqas Hussain |
|
6 |
-- Copyright (C) 2012 Rob Hoelz |
|
7 |
-- |
|
8 |
-- This project is MIT/X11 licensed. Please see the |
|
9 |
-- COPYING file in the source package for more information. |
|
10 |
-- |
|
11 |
-- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua |
|
12 |
-- adapted to use common LDAP store |
|
13 |
||
14 |
local ldap = module:require 'ldap'; |
|
15 |
local new_sasl = require 'util.sasl'.new; |
|
16 |
local jsplit = require 'util.jid'.split; |
|
17 |
||
18 |
if not ldap then |
|
19 |
return; |
|
20 |
end |
|
21 |
||
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
809
diff
changeset
|
22 |
local provider = {} |
| 809 | 23 |
|
24 |
function provider.test_password(username, password) |
|
25 |
return ldap.bind(username, password); |
|
26 |
end |
|
27 |
||
28 |
function provider.user_exists(username) |
|
29 |
local params = ldap.getparams() |
|
30 |
||
31 |
local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); |
|
32 |
||
33 |
return ldap.singlematch { |
|
34 |
base = params.user.basedn, |
|
35 |
filter = filter, |
|
36 |
}; |
|
37 |
end |
|
38 |
||
39 |
function provider.get_password(username) |
|
40 |
return nil, "Passwords unavailable for LDAP."; |
|
41 |
end |
|
42 |
||
43 |
function provider.set_password(username, password) |
|
44 |
return nil, "Passwords unavailable for LDAP."; |
|
45 |
end |
|
46 |
||
47 |
function provider.create_user(username, password) |
|
48 |
return nil, "Account creation/modification not available with LDAP."; |
|
49 |
end |
|
50 |
||
51 |
function provider.get_sasl_handler() |
|
52 |
local testpass_authentication_profile = { |
|
53 |
plain_test = function(sasl, username, password, realm) |
|
|
902
490cb9161c81
mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents:
862
diff
changeset
|
54 |
return provider.test_password(username, password), true; |
| 809 | 55 |
end, |
56 |
mechanisms = { PLAIN = true }, |
|
57 |
}; |
|
58 |
return new_sasl(module.host, testpass_authentication_profile); |
|
59 |
end |
|
60 |
||
61 |
function provider.is_admin(jid) |
|
|
3873
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
62 |
local username, userhost = jsplit(jid); |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
63 |
if userhost ~= module.host then |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
64 |
return false; |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
65 |
end |
| 809 | 66 |
local admin_config = ldap.getparams().admin; |
67 |
||
68 |
if not admin_config then |
|
69 |
return; |
|
70 |
end |
|
71 |
||
72 |
local ld = ldap:getconnection(); |
|
73 |
local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); |
|
74 |
||
75 |
return ldap.singlematch { |
|
76 |
base = admin_config.basedn, |
|
77 |
filter = filter, |
|
78 |
}; |
|
79 |
end |
|
80 |
||
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
809
diff
changeset
|
81 |
module:provides("auth", provider); |