author | aidan@jmad.org |
Sun, 25 Feb 2024 18:20:04 -0800 | |
changeset 5880 | c5df6d53f17f |
parent 1343 | 7dbde05b48a9 |
permissions | -rw-r--r-- |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 |
-- Prosody IM |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
-- Copyright (C) 2008-2010 Matthew Wild |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
-- Copyright (C) 2008-2010 Waqas Hussain |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
-- |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
-- This project is MIT/X11 licensed. Please see the |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
-- COPYING file in the source package for more information. |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
-- |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
|
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
local datamanager = require "util.datamanager"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
local storagemanager = require "core.storagemanager"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
local log = require "util.logger".init("auth_internal_yubikey"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
local type = type; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
local error = error; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
local ipairs = ipairs; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
local hashes = require "util.hashes"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
local jid = require "util.jid"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
local jid_bare = require "util.jid".bare; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
local config = require "core.configmanager"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
local usermanager = require "core.usermanager"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
local new_sasl = require "util.sasl".new; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
local hosts = hosts; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
|
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
local prosody = _G.prosody; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
|
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
local yubikey = require "yubikey".new_authenticator({ |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
prefix_length = module:get_option_number("yubikey_prefix_length", 0); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
check_credentials = function (ret, state, data) |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
local account = data.account; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
local yubikey_hash = hashes.sha1(ret.public_id..ret.private_id..(ret.password or ""), true); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
if yubikey_hash == account.yubikey_hash then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 |
return true; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
return false, "invalid-otp"; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
end; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
store_device_info = function (state, data) |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
local new_account = {}; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
for k, v in pairs(data.account) do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
new_account[k] = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 |
new_account.yubikey_state = state; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 |
datamanager.store(data.username, data.host, "accounts", new_account); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
end; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 |
}); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 |
|
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
local global_yubikey_key = module:get_option_string("yubikey_key"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 |
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
47 |
local host = module.host; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
48 |
local provider = {}; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
49 |
log("debug", "initializing default authentication provider for host '%s'", host); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
50 |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
51 |
function provider.test_password(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
52 |
log("debug", "test password '%s' for user %s at host %s", password, username, module.host); |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
54 |
local account_info = datamanager.load(username, host, "accounts") or {}; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
55 |
local yubikey_key = account_info.yubikey_key or global_yubikey_key; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
56 |
if account_info.yubikey_key then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
57 |
log("debug", "Authenticating Yubikey OTP for %s", username); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
58 |
local authed, err = yubikey:authenticate(password, account_info.yubikey_key, account_info.yubikey_state or {}, { account = account_info, username = username, host = host }); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
59 |
if not authed then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
60 |
log("debug", "Failed to authenticate %s via OTP: %s", username, err); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
61 |
return authed, err; |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 |
end |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
63 |
return authed; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
64 |
elseif account_info.password and password == account_info.password then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
65 |
-- No yubikey configured for this user, treat as normal password |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
66 |
log("debug", "No yubikey configured for %s, successful login using password auth", username); |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 |
return true; |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
68 |
else |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
69 |
return nil, "Auth failed. Invalid username or password."; |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
end |
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
71 |
end |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 |
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
73 |
function provider.get_password(username) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
74 |
log("debug", "get_password for username '%s' at host '%s'", username, module.host); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
75 |
return (datamanager.load(username, host, "accounts") or {}).password; |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 |
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
78 |
function provider.set_password(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
79 |
local account = datamanager.load(username, host, "accounts"); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
80 |
if account then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
81 |
account.password = password; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
82 |
return datamanager.store(username, host, "accounts", account); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
83 |
end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
84 |
return nil, "Account not available."; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
85 |
end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
86 |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
87 |
function provider.user_exists(username) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
88 |
local account = datamanager.load(username, host, "accounts"); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
89 |
if not account then |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
90 |
log("debug", "account not found for username '%s' at host '%s'", username, module.host); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
91 |
return nil, "Auth failed. Invalid username"; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
92 |
end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
93 |
return true; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
94 |
end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
95 |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
96 |
function provider.create_user(username, password) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
97 |
return datamanager.store(username, host, "accounts", {password = password}); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
98 |
end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
99 |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
100 |
function provider.delete_user(username) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
101 |
return datamanager.store(username, host, "accounts", nil); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
102 |
end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
103 |
|
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
104 |
function provider.get_sasl_handler() |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
105 |
local realm = module:get_option("sasl_realm") or module.host; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
106 |
local getpass_authentication_profile = { |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
107 |
plain_test = function(sasl, username, password, realm) |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
108 |
return usermanager.test_password(username, realm, password), true; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
109 |
end |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
110 |
}; |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
111 |
return new_sasl(realm, getpass_authentication_profile); |
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
112 |
end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
113 |
|
816
960007b0901e
mod_auth_external, mod_auth_internal_yubikey: Get rid of useless wrapper function around the auth provider.
Waqas Hussain <waqas20@gmail.com>
parents:
814
diff
changeset
|
114 |
module:provides("auth", provider); |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 |
|
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 |
function module.command(arg) |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 |
local command = arg[1]; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 |
table.remove(arg, 1); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 |
if command == "associate" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 |
local user_jid = arg[1]; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 |
if not user_jid or user_jid == "help" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 |
prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 |
return 1; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 |
end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
125 |
|
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 |
local username, host = jid.prepped_split(user_jid); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 |
if not username or not host then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 |
print("Invalid JID: "..user_jid); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 |
return 1; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 |
end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
131 |
|
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 |
local password, public_id, private_id, key; |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
133 |
|
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 |
for i=2,#arg do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 |
local k, v = arg[i]:match("^%-%-(%w+)=(.*)$"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 |
if not k then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 |
k, v = arg[i]:match("^%-(%w)(.*)$"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 |
if k == "password" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 |
password = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 |
elseif k == "fixed" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 |
public_id = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 |
elseif k == "uid" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 |
private_id = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 |
elseif k == "key" or k == "a" then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 |
key = v; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 |
end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
149 |
|
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 |
if not password then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 |
print(":: Password ::"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 |
print("This is an optional password that should be always"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 |
print("entered during login *before* the yubikey password."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
154 |
print("If the yubikey is lost/stolen, unless the attacker"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 |
print("knows this prefix, they cannot access the account."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 |
print(""); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 |
password = prosodyctl.read_password(); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 |
if not password then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 |
print("Cancelled."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 |
return 1; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 |
end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
163 |
|
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
164 |
if not public_id then |
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 |
print(":: Public Yubikey ID ::"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 |
print("This is a fixed string of characters between 0 and 16"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 |
print("bytes long that the Yubikey prefixes to every token."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 |
print("The ID should be entered in modhex encoding, meaning "); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 |
print("a string up to 32 characters. This *must* match"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 |
print("exactly the fixed string programmed into the yubikey."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 |
print(""); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
172 |
io.write("Enter fixed id (modhex): "); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 |
while true do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 |
public_id = io.read("*l"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
175 |
if #public_id > 32 then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 |
print("The fixed id must be 32 characters or less. Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 |
elseif public_id:match("[^cbdefghijklnrtuv]") then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
178 |
print("The fixed id contains invalid characters. It must be entered in modhex encoding. Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
179 |
else |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 |
break; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
183 |
end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
184 |
|
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 |
if not private_id then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 |
print(":: Private Yubikey ID ::"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 |
print("This is a fixed secret UID programmed into the yubikey"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 |
print("during configuration. It must be entered in hex (not modhex)"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 |
print("encoding. It is always 6 bytes long, which is 12 characters"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 |
print("in hex encoding."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 |
print(""); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
192 |
while true do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 |
io.write("Enter private UID (hex): "); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
194 |
private_id = io.read("*l"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 |
if #private_id ~= 12 then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
196 |
print("The id length must be 12 characters in hex encoding. Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 |
elseif private_id:match("%X") then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 |
print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 |
else |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 |
break; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
201 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 |
end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
203 |
end |
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
204 |
|
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 |
if not key then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
206 |
print(":: AES Encryption Key ::"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
207 |
print("This is the secret key that the Yubikey uses to encrypt the"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
208 |
print("generated tokens. It is 32 characters in hex encoding."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
209 |
print(""); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
210 |
while true do |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
211 |
io.write("Enter AES key (hex): "); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
212 |
key = io.read("*l"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
213 |
if #key ~= 32 then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
214 |
print("The key length must be 32 characters in hex encoding. Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
215 |
elseif key:match("%X") then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
216 |
print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
217 |
else |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
218 |
break; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
219 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
220 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
221 |
end |
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
902
diff
changeset
|
222 |
|
341
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
223 |
local hash = hashes.sha1(public_id..private_id..password, true); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
224 |
local account = { |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
225 |
yubikey_hash = hash; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
226 |
yubikey_key = key; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
227 |
}; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
228 |
storagemanager.initialize_host(host); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
229 |
local ok, err = datamanager.store(username, host, "accounts", account); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
230 |
if not ok then |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
231 |
print("Error saving configuration:"); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
232 |
print("", err); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
233 |
return 1; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
234 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
235 |
print("Saved."); |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
236 |
return 0; |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
237 |
end |
f801ce6826d5
mod_auth_internal_yubikey: New authentication provider for two-factor authentication with Yubikeys
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
238 |
end |