1 -- Prosody IM

     2 -- Copyright (C) 2008-2010 Matthew Wild

     3 -- Copyright (C) 2008-2010 Waqas Hussain

     4 --

     5 -- This project is MIT/X11 licensed. Please see the

     6 -- COPYING file in the source package for more information.

     7 --

     8 -- luacheck: ignore 212

     9 

    10 local log = require "util.logger".init("auth_cyrus");

    11 

    12 local usermanager_user_exists = require "core.usermanager".user_exists;

    13 

    14 local cyrus_service_realm = module:get_option("cyrus_service_realm");

    15 local cyrus_service_name = module:get_option("cyrus_service_name");

    16 local cyrus_application_name = module:get_option("cyrus_application_name");

    17 local require_provisioning = module:get_option("cyrus_require_provisioning") or false;

    18 local host_fqdn = module:get_option("cyrus_server_fqdn");

    19 

    20 prosody.unlock_globals(); --FIXME: Figure out why this is needed and

    21 						  -- why cyrussasl isn't caught by the sandbox

    22 local cyrus_new = require "util.sasl_cyrus".new;

    23 prosody.lock_globals();

    24 local new_sasl = function(realm)

    25 	return cyrus_new(

    26 		cyrus_service_realm or realm,

    27 		cyrus_service_name or "xmpp",

    28 		cyrus_application_name or "prosody",

    29 		host_fqdn

    30 	);

    31 end

    32 

    33 do -- diagnostic

    34 	local list;

    35 	for mechanism in pairs(new_sasl(module.host):mechanisms()) do

    36 		list = (not(list) and mechanism) or (list..", "..mechanism);

    37 	end

    38 	if not list then

    39 		module:log("error", "No Cyrus SASL mechanisms available");

    40 	else

    41 		module:log("debug", "Available Cyrus SASL mechanisms: %s", list);

    42 	end

    43 end

    44 

    45 local host = module.host;

    46 

    47 -- define auth provider

    48 local provider = {};

    49 log("debug", "initializing default authentication provider for host '%s'", host);

    50 

    51 function provider.test_password(username, password)

    52 	return nil, "Legacy auth not supported with Cyrus SASL.";

    53 end

    54 

    55 function provider.get_password(username)

    56 	return nil, "Passwords unavailable for Cyrus SASL.";

    57 end

    58 

    59 function provider.set_password(username, password)

    60 	return nil, "Passwords unavailable for Cyrus SASL.";

    61 end

    62 

    63 function provider.user_exists(username)

    64 	if require_provisioning then

    65 		return usermanager_user_exists(username, host);

    66 	end

    67 	return true;

    68 end

    69 

    70 function provider.create_user(username, password)

    71 	return nil, "Account creation/modification not available with Cyrus SASL.";

    72 end

    73 

    74 function provider.get_sasl_handler()

    75 	local handler = new_sasl(host);

    76 	if require_provisioning then

    77 		function handler.require_provisioning(username)

    78 			return usermanager_user_exists(username, host);

    79 		end

    80 	end

    81 	return handler;

    82 end

    83 

    84 module:provides("auth", provider);

    85