1 -- Prosody IM |
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
4 -- |
|
5 -- This project is MIT/X11 licensed. Please see the |
|
6 -- COPYING file in the source package for more information. |
|
7 -- |
|
8 -- luacheck: ignore 212 |
|
9 |
|
10 local log = require "util.logger".init("auth_cyrus"); |
|
11 |
|
12 local usermanager_user_exists = require "core.usermanager".user_exists; |
|
13 |
|
14 local cyrus_service_realm = module:get_option("cyrus_service_realm"); |
|
15 local cyrus_service_name = module:get_option("cyrus_service_name"); |
|
16 local cyrus_application_name = module:get_option("cyrus_application_name"); |
|
17 local require_provisioning = module:get_option("cyrus_require_provisioning") or false; |
|
18 local host_fqdn = module:get_option("cyrus_server_fqdn"); |
|
19 |
|
20 prosody.unlock_globals(); --FIXME: Figure out why this is needed and |
|
21 -- why cyrussasl isn't caught by the sandbox |
|
22 local cyrus_new = require "util.sasl_cyrus".new; |
|
23 prosody.lock_globals(); |
|
24 local new_sasl = function(realm) |
|
25 return cyrus_new( |
|
26 cyrus_service_realm or realm, |
|
27 cyrus_service_name or "xmpp", |
|
28 cyrus_application_name or "prosody", |
|
29 host_fqdn |
|
30 ); |
|
31 end |
|
32 |
|
33 do -- diagnostic |
|
34 local list; |
|
35 for mechanism in pairs(new_sasl(module.host):mechanisms()) do |
|
36 list = (not(list) and mechanism) or (list..", "..mechanism); |
|
37 end |
|
38 if not list then |
|
39 module:log("error", "No Cyrus SASL mechanisms available"); |
|
40 else |
|
41 module:log("debug", "Available Cyrus SASL mechanisms: %s", list); |
|
42 end |
|
43 end |
|
44 |
|
45 local host = module.host; |
|
46 |
|
47 -- define auth provider |
|
48 local provider = {}; |
|
49 log("debug", "initializing default authentication provider for host '%s'", host); |
|
50 |
|
51 function provider.test_password(username, password) |
|
52 return nil, "Legacy auth not supported with Cyrus SASL."; |
|
53 end |
|
54 |
|
55 function provider.get_password(username) |
|
56 return nil, "Passwords unavailable for Cyrus SASL."; |
|
57 end |
|
58 |
|
59 function provider.set_password(username, password) |
|
60 return nil, "Passwords unavailable for Cyrus SASL."; |
|
61 end |
|
62 |
|
63 function provider.user_exists(username) |
|
64 if require_provisioning then |
|
65 return usermanager_user_exists(username, host); |
|
66 end |
|
67 return true; |
|
68 end |
|
69 |
|
70 function provider.create_user(username, password) |
|
71 return nil, "Account creation/modification not available with Cyrus SASL."; |
|
72 end |
|
73 |
|
74 function provider.get_sasl_handler() |
|
75 local handler = new_sasl(host); |
|
76 if require_provisioning then |
|
77 function handler.require_provisioning(username) |
|
78 return usermanager_user_exists(username, host); |
|
79 end |
|
80 end |
|
81 return handler; |
|
82 end |
|
83 |
|
84 module:provides("auth", provider); |
|
85 |
|