-- Prosody IM
-- Copyright (C) 2014 Matthew Wild
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local usermanager = require "core.usermanager";
local new_sasl = require "util.sasl".new;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local nameprep = require "util.encodings".stringprep.nameprep;
local md5 = require "util.hashes".md5;
local host = module.host;
local auth_filename = module:get_option_string("auth_ha1_file", "auth.txt");
local auth_data = {};
function reload_auth_data()
local f, err = io.open(auth_filename);
if not f then
module:log("error", "Failed to read from auth file: %s", err);
return;
end
auth_data = {};
local line_number, imported_count, not_authorized_count = 0, 0, 0;
for line in f:lines() do
line_number = line_number + 1;
local username, hash, realm, state = line:match("^([^:]+):(%x+):([^:]+):(.+)$");
if not username then
if line:sub(1,1) ~= "#" then
module:log("error", "Unable to parse line %d of auth file, skipping", line_number);
end
else
username, realm = nodeprep(username), nameprep(realm);
if not username then
module:log("error", "Invalid username on line %d of auth file, skipping", line_number);
elseif not realm then
module:log("error", "Invalid hostname/realm on line %d of auth file, skipping", line_number);
elseif state ~= "authorized" then
not_authorized_count = not_authorized_count + 1;
elseif realm == host then
auth_data[username] = hash;
imported_count = imported_count + 1;
end
end
end
f:close();
module:log("debug", "Loaded %d accounts from auth file (%d authorized)", imported_count, imported_count-not_authorized_count);
end
function module.load()
reload_auth_data();
end
module:hook_global("config-reloaded", reload_auth_data);
-- define auth provider
local provider = {};
function provider.test_password(username, password)
module:log("debug", "test password for user %s at host %s, %s", username, host, password);
local test_hash = md5(username..":"..host..":"..password, true);
if test_hash == auth_data[username] then
return true;
else
return nil, "Auth failed. Invalid username or password.";
end
end
function provider.set_password(username, password)
return nil, "Changing passwords not supported";
end
function provider.user_exists(username)
if not auth_data[username] then
module:log("debug", "account not found for username '%s' at host '%s'", username, host);
return nil, "Auth failed. Invalid username";
end
return true;
end
function provider.create_user(username, password)
return nil, "User creation not supported";
end
function provider.delete_user(username)
return nil , "User deletion not supported";
end
function provider.get_sasl_handler()
return new_sasl(host, {
plain_test = function(sasl, username, password, realm)
return usermanager.test_password(username, realm, password), true;
end
});
end
module:provides("auth", provider);