author | Kim Alvefur <zash@zash.se> |
Tue, 16 Sep 2014 19:53:41 +0200 | |
changeset 1506 | a40f9b8661d8 |
parent 1491 | e7294423512f |
child 2015 | 1831c7b23286 |
permissions | -rw-r--r-- |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
-- mod_net_dovecotauth.lua |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
-- |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
-- Protocol spec: |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
-- http://dovecot.org/doc/auth-protocol.txt |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
-- |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
-- Example postfix config: |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
-- sudo postconf smtpd_sasl_path=inet:127.0.0.1:28484 |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
-- sudo postconf smtpd_sasl_type=dovecot |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
-- sudo postconf smtpd_sasl_auth_enable=yes |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
module:set_global(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
-- Imports |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
local new_sasl = require "core.usermanager".get_sasl_handler; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
local user_exists = require "core.usermanager".user_exists; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
local base64 = require"util.encodings".base64; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
local new_buffer = module:require"buffer".new; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
local dump = require"util.serialization".serialize; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
-- Config |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
local vhost = module:get_option_string("dovecotauth_host", (next(hosts))); -- TODO Is there a better solution? |
1491
e7294423512f
mod_net_dovecotauth: Fix typo in config option
Kim Alvefur <zash@zash.se>
parents:
1088
diff
changeset
|
22 |
local allow_master = module:get_option_boolean("dovecotauth_allow_master", false); |
1088
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
-- Active sessions |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
local sessions = {}; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
-- Session methods |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
local new_session; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
local sess = { }; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
local sess_mt = { __index = sess }; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
function new_session(conn) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
local sess = { type = "?", conn = conn, buf = assert(new_buffer()), sasl = {} } |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
function sess:log(l, m, ...) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
return module:log(l, self.type..tonumber(tostring(self):match("%x+$"), 16)..": "..m, ...); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
return setmetatable(sess, sess_mt); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 |
function sess:send(...) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 |
local data = table.concat({...}, "\t") .. "\n" |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 |
-- self:log("debug", "SEND: %s", dump(ret)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
return self.conn:write(data); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
local mech_params = { |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
ANONYMOUS = "anonymous"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
PLAIN = "plaintext"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
["DIGEST-MD5"] = "mutual-auth"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
["SCRAM-SHA-1"] = "mutual-auth"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 |
["SCRAM-SHA-1-PLUS"] = "mutual-auth"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 |
} |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
function sess:handshake() |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 |
self:send("VERSION", 1, 1); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 |
self:send("SPID", pposix.getpid()); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 |
self:send("CUID", tonumber(tostring(self):match"%x+$", 16)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
for mech in pairs(self.g_sasl:mechanisms()) do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 |
self:send("MECH", mech, mech_params[mech]); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
self:send("DONE"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 |
function sess:feed(data) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 |
-- TODO break this up a bit |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 |
-- module:log("debug", "sess = %s", dump(self)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 |
local buf = self.buf; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
buf:write(data); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 |
local line = buf:read("*l") |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
while line and line ~= "" do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 |
local part = line:gmatch("[^\t]+"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 |
local command = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 |
if command == "VERSION" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 |
local major = tonumber(part()); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 |
local minor = tonumber(part()); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 |
if major ~= 1 then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 |
self:log("warn", "Wrong version, expected 1.1, got %s.%s", tostring(major), tostring(minor)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 |
self.conn:close(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 |
break; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 |
elseif command == "CPID" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 |
self.type = "C"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 |
self.pid = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |
elseif command == "SPID" and allow_master then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 |
self.type = "M"; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 |
self.pid = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 |
elseif command == "AUTH" and self.type ~= "?" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 |
-- C: "AUTH" TAB <id> TAB <mechanism> TAB service=<service> [TAB <parameters>] |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 |
local id = part() -- <id> |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 |
local sasl = self.sasl[id]; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 |
local mech = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 |
if not sasl then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
-- TODO Should maybe initialize SASL handler after parsing the line? |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 |
sasl = self.g_sasl:clean_clone(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 |
self.sasl[id] = sasl; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 |
if not sasl:select(mech) then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 |
self:send("FAIL", id, "reason=invalid-mechanism"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 |
self.sasl[id] = nil; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 |
sasl = false |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 |
if sasl then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 |
local params = {}; -- Not used for anything yet |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 |
for p in part do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 |
local k,v = p:match("^([^=]*)=(.*)$"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 |
if k == "resp" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 |
self:log("debug", "params = %s", dump(params)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
109 |
v = base64.decode(v); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
110 |
local status, ret, err = sasl:process(v); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 |
self:log("debug", status); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 |
if status == "challenge" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 |
self:send("CONT", id, base64.encode(ret)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 |
elseif status == "failure" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 |
self.sasl[id] = nil; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 |
self:send("FAIL", id, "reason="..tostring(err)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
117 |
elseif status == "success" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 |
self.sasl[id] = nil; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 |
self:send("OK", id, "user="..sasl.username, ret and "resp="..base64.encode(ret)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
120 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 |
break; -- resp MUST be the last param |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
122 |
else |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
123 |
params[k or p] = v or true; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
124 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
125 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
126 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
127 |
elseif command == "USER" and self.type == "M" then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
128 |
-- FIXME Should this be on a separate listener? |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
129 |
local id = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
130 |
local user = part(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
131 |
if user and user_exists(user, vhost) then |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
132 |
self:send("USER", id); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 |
else |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 |
self:send("NOTFOUND", id); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 |
else |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 |
self:log("warn", "Unhandled command %s", tostring(command)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 |
self.conn:close(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 |
break; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 |
line = buf:read("*l"); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
146 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 |
local listener = {} |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
149 |
function listener.onconnect(conn) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
150 |
s = new_session(conn); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
151 |
sessions[conn] = s; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
152 |
local g_sasl = new_sasl(vhost, s); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
153 |
s.g_sasl = g_sasl; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
154 |
s:handshake(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
155 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
156 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 |
function listener.onincoming(conn, data) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 |
local s = sessions[conn]; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
159 |
-- s:log("debug", "RECV %s", dump(data)); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
160 |
return s:feed(data); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
162 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
163 |
function listener.ondisconnect(conn) |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
164 |
sessions[conn] = nil; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
165 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
166 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
167 |
function module.unload() |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
168 |
for c in pairs(sessions) do |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
169 |
c:close(); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
170 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
171 |
end |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
172 |
|
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
173 |
module:provides("net", { |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
174 |
default_port = 28484; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
175 |
listener = listener; |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
176 |
}); |
6f8e7f65f704
mod_net_dovecotauth: Initial commit of server implementation of the Dovecot authentication protocol
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
177 |