equal
deleted
inserted
replaced
108 return usermanager.test_password(username, realm, password), true; |
108 return usermanager.test_password(username, realm, password), true; |
109 end |
109 end |
110 }; |
110 }; |
111 return new_sasl(realm, getpass_authentication_profile); |
111 return new_sasl(realm, getpass_authentication_profile); |
112 end |
112 end |
113 |
113 |
114 module:provides("auth", provider); |
114 module:provides("auth", provider); |
115 |
115 |
116 function module.command(arg) |
116 function module.command(arg) |
117 local command = arg[1]; |
117 local command = arg[1]; |
118 table.remove(arg, 1); |
118 table.remove(arg, 1); |
120 local user_jid = arg[1]; |
120 local user_jid = arg[1]; |
121 if not user_jid or user_jid == "help" then |
121 if not user_jid or user_jid == "help" then |
122 prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]); |
122 prosodyctl.show_usage([[mod_auth_internal_yubikey associate JID]], [[Set the Yubikey details for a user]]); |
123 return 1; |
123 return 1; |
124 end |
124 end |
125 |
125 |
126 local username, host = jid.prepped_split(user_jid); |
126 local username, host = jid.prepped_split(user_jid); |
127 if not username or not host then |
127 if not username or not host then |
128 print("Invalid JID: "..user_jid); |
128 print("Invalid JID: "..user_jid); |
129 return 1; |
129 return 1; |
130 end |
130 end |
131 |
131 |
132 local password, public_id, private_id, key; |
132 local password, public_id, private_id, key; |
133 |
133 |
134 for i=2,#arg do |
134 for i=2,#arg do |
135 local k, v = arg[i]:match("^%-%-(%w+)=(.*)$"); |
135 local k, v = arg[i]:match("^%-%-(%w+)=(.*)$"); |
136 if not k then |
136 if not k then |
137 k, v = arg[i]:match("^%-(%w)(.*)$"); |
137 k, v = arg[i]:match("^%-(%w)(.*)$"); |
138 end |
138 end |
144 private_id = v; |
144 private_id = v; |
145 elseif k == "key" or k == "a" then |
145 elseif k == "key" or k == "a" then |
146 key = v; |
146 key = v; |
147 end |
147 end |
148 end |
148 end |
149 |
149 |
150 if not password then |
150 if not password then |
151 print(":: Password ::"); |
151 print(":: Password ::"); |
152 print("This is an optional password that should be always"); |
152 print("This is an optional password that should be always"); |
153 print("entered during login *before* the yubikey password."); |
153 print("entered during login *before* the yubikey password."); |
154 print("If the yubikey is lost/stolen, unless the attacker"); |
154 print("If the yubikey is lost/stolen, unless the attacker"); |
158 if not password then |
158 if not password then |
159 print("Cancelled."); |
159 print("Cancelled."); |
160 return 1; |
160 return 1; |
161 end |
161 end |
162 end |
162 end |
163 |
163 |
164 if not public_id then |
164 if not public_id then |
165 print(":: Public Yubikey ID ::"); |
165 print(":: Public Yubikey ID ::"); |
166 print("This is a fixed string of characters between 0 and 16"); |
166 print("This is a fixed string of characters between 0 and 16"); |
167 print("bytes long that the Yubikey prefixes to every token."); |
167 print("bytes long that the Yubikey prefixes to every token."); |
168 print("The ID should be entered in modhex encoding, meaning "); |
168 print("The ID should be entered in modhex encoding, meaning "); |
169 print("a string up to 32 characters. This *must* match"); |
169 print("a string up to 32 characters. This *must* match"); |
179 else |
179 else |
180 break; |
180 break; |
181 end |
181 end |
182 end |
182 end |
183 end |
183 end |
184 |
184 |
185 if not private_id then |
185 if not private_id then |
186 print(":: Private Yubikey ID ::"); |
186 print(":: Private Yubikey ID ::"); |
187 print("This is a fixed secret UID programmed into the yubikey"); |
187 print("This is a fixed secret UID programmed into the yubikey"); |
188 print("during configuration. It must be entered in hex (not modhex)"); |
188 print("during configuration. It must be entered in hex (not modhex)"); |
189 print("encoding. It is always 6 bytes long, which is 12 characters"); |
189 print("encoding. It is always 6 bytes long, which is 12 characters"); |
198 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); |
198 print("The key contains invalid characters - it must be in hex encoding (not modhex). Please try again."); |
199 else |
199 else |
200 break; |
200 break; |
201 end |
201 end |
202 end |
202 end |
203 end |
203 end |
204 |
204 |
205 if not key then |
205 if not key then |
206 print(":: AES Encryption Key ::"); |
206 print(":: AES Encryption Key ::"); |
207 print("This is the secret key that the Yubikey uses to encrypt the"); |
207 print("This is the secret key that the Yubikey uses to encrypt the"); |
208 print("generated tokens. It is 32 characters in hex encoding."); |
208 print("generated tokens. It is 32 characters in hex encoding."); |
209 print(""); |
209 print(""); |
217 else |
217 else |
218 break; |
218 break; |
219 end |
219 end |
220 end |
220 end |
221 end |
221 end |
222 |
222 |
223 local hash = hashes.sha1(public_id..private_id..password, true); |
223 local hash = hashes.sha1(public_id..private_id..password, true); |
224 local account = { |
224 local account = { |
225 yubikey_hash = hash; |
225 yubikey_hash = hash; |
226 yubikey_key = key; |
226 yubikey_key = key; |
227 }; |
227 }; |