Mercurial Mercurial > prosody > prosody-modules / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_auth_ldap/mod_auth_ldap.lua
author Kim Alvefur <zash@zash.se>
Tue, 17 Sep 2013 16:02:33 +0200
changeset 1192 db4085433e5f
parent 1190 c99d8b666eb4
child 1221 3e5f8e844325
permissions -rw-r--r--
mod_auth_ldap: Implement password change
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
293
d76f47a608ab mod_auth_ldap: Convert to real line endings
Matthew Wild <mwild1@gmail.com>
parents: 286
diff changeset 
     1
 












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




     2


local new_sasl = require "util.sasl".new;












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




     3


local log = require "util.logger".init("auth_ldap");












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




     4









1162






8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




     5


local ldap_server = module:get_option_string("ldap_server", "localhost");












8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




     6


local ldap_rootdn = module:get_option_string("ldap_rootdn", "");












8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




     7


local ldap_password = module:get_option_string("ldap_password", "");












8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




     8


local ldap_tls = module:get_option_boolean("ldap_tls");







1163






52bee1247014
mod_auth_ldap: Add a configurable scope, defaulting to onelevel



Kim Alvefur <zash@zash.se>


parents: 
1162

diff
changeset




     9


local ldap_scope = module:get_option_string("ldap_scope", "onelevel");







1190






c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    10


local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)");







1162






8e3420d48508
mod_auth_ldap: Switch to type-specific get_option variants



Kim Alvefur <zash@zash.se>


parents: 
902

diff
changeset




    11


local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    12














d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    13


local lualdap = require "lualdap";












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    14


local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls));












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    15


module.unload = function() ld:close(); end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    16









1190






c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    17


local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    18














c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    19


local function get_user(username)












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    20


	module:log("debug", "get_user(%q)", username);












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    21


	return ld:search({












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    22


		base = ldap_base;












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    23


		scope = ldap_scope;












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    24


		filter = ldap_filter:format(ldap_filter_escape(username));












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    25


	})();







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    26


end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    27









814






881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.



Waqas Hussain <waqas20@gmail.com>


parents: 
342

diff
changeset




    28


local provider = {};







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    29









1190






c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    30


function provider.get_password(username)












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    31


	local dn, attr = get_user(username);












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    32


	if dn and attr then












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    33


		return attr.userPassword;












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    34


	end












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    35


end












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    36









293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    37


function provider.test_password(username, password)







1190






c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    38


	return provider.get_password(username) == password;







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    39


end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    40


function provider.user_exists(username)







1190






c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    41


	return not not get_user(username);







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    42


end







1192






db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    43


function provider.set_password(username, password)












db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    44


	local dn, attr = get_user(username);












db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    45


	if not dn then return nil, attr end












db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    46


	if attr.password ~= password then












db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    47


		ld:modify(dn, { '=', userPassword = password });












db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    48


	end












db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    49


	return true












db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    50


end












db4085433e5f
mod_auth_ldap: Implement password change



Kim Alvefur <zash@zash.se>


parents: 
1190

diff
changeset




    51


function provider.create_user(username, password) return nil, "Account creation not available with LDAP."; end







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    52














d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    53


function provider.get_sasl_handler()







1190






c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    54


	return new_sasl(module.host, {












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    55


		plain = function(sasl, username)












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    56


			local password = provider.get_password(username);












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    57


			if not password then return "", nil; end












c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    58


			return password, true;







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    59


		end







1190






c99d8b666eb4
mod_auth_ldap: Convert from plain_test to plain mode, allowing SCRAM and similar.



Kim Alvefur <zash@zash.se>


parents: 
1163

diff
changeset




    60


	});







293






d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    61


end












d76f47a608ab
mod_auth_ldap: Convert to real line endings



Matthew Wild <mwild1@gmail.com>


parents: 
286

diff
changeset




    62









814






881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.



Waqas Hussain <waqas20@gmail.com>


parents: 
342

diff
changeset




    63


module:provides("auth", provider);














prosody-modules