author | Waqas Hussain <waqas20@gmail.com> |
Mon, 07 Jun 2010 02:33:40 +0500 | |
changeset 3186 | b5f261123013 |
parent 3180 | 99be525bcfb4 |
child 3187 | a475fbce1990 |
permissions | -rw-r--r-- |
3162 | 1 |
-- Prosody IM |
2 |
-- Copyright (C) 2008-2010 Matthew Wild |
|
3 |
-- Copyright (C) 2008-2010 Waqas Hussain |
|
4 |
-- Copyright (C) 2010 Jeff Mitchell |
|
5 |
-- |
|
6 |
-- This project is MIT/X11 licensed. Please see the |
|
7 |
-- COPYING file in the source package for more information. |
|
8 |
-- |
|
9 |
||
10 |
local datamanager = require "util.datamanager"; |
|
11 |
local log = require "util.logger".init("usermanager"); |
|
12 |
local type = type; |
|
13 |
local error = error; |
|
14 |
local ipairs = ipairs; |
|
15 |
local hashes = require "util.hashes"; |
|
16 |
local jid_bare = require "util.jid".bare; |
|
17 |
local config = require "core.configmanager"; |
|
3163 | 18 |
local usermanager = require "core.usermanager"; |
3186
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
19 |
local new_sasl = require "util.sasl".new; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
20 |
local nodeprep = require "util.encodings".stringprep.nodeprep; |
3162 | 21 |
local hosts = hosts; |
22 |
||
23 |
local prosody = _G.prosody; |
|
24 |
||
3163 | 25 |
local is_cyrus = usermanager.is_cyrus; |
26 |
||
3162 | 27 |
function new_default_provider(host) |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3163
diff
changeset
|
28 |
local provider = { name = "internal" }; |
3163 | 29 |
log("debug", "initializing default authentication provider for host '%s'", host); |
30 |
||
3162 | 31 |
function provider.test_password(username, password) |
3163 | 32 |
log("debug", "test password '%s' for user %s at host %s", password, username, module.host); |
3162 | 33 |
if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end |
34 |
local credentials = datamanager.load(username, host, "accounts") or {}; |
|
35 |
||
36 |
if password == credentials.password then |
|
37 |
return true; |
|
38 |
else |
|
39 |
return nil, "Auth failed. Invalid username or password."; |
|
40 |
end |
|
41 |
end |
|
42 |
||
43 |
function provider.get_password(username) |
|
3163 | 44 |
log("debug", "get_password for username '%s' at host '%s'", username, module.host); |
3162 | 45 |
if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
46 |
return (datamanager.load(username, host, "accounts") or {}).password; |
|
47 |
end |
|
48 |
||
49 |
function provider.set_password(username, password) |
|
50 |
if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
|
51 |
local account = datamanager.load(username, host, "accounts"); |
|
52 |
if account then |
|
53 |
account.password = password; |
|
54 |
return datamanager.store(username, host, "accounts", account); |
|
55 |
end |
|
56 |
return nil, "Account not available."; |
|
57 |
end |
|
58 |
||
59 |
function provider.user_exists(username) |
|
60 |
if is_cyrus(host) then return true; end |
|
61 |
local account = datamanager.load(username, host, "accounts"); |
|
62 |
if not account then |
|
3163 | 63 |
log("debug", "account not found for username '%s' at host '%s'", username, module.host); |
3162 | 64 |
return nil, "Auth failed. Invalid username"; |
65 |
end |
|
66 |
if account.password == nil or string.len(account.password) == 0 then |
|
3163 | 67 |
log("debug", "account password not set or zero-length for username '%s' at host '%s'", username, module.host); |
3162 | 68 |
return nil, "Auth failed. Password invalid."; |
69 |
end |
|
70 |
return true; |
|
71 |
end |
|
72 |
||
73 |
function provider.create_user(username, password) |
|
74 |
if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end |
|
75 |
return datamanager.store(username, host, "accounts", {password = password}); |
|
76 |
end |
|
77 |
||
3186
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
78 |
function provider.get_sasl_handler() |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
79 |
local realm = module:get_option("sasl_realm") or origin.host; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
80 |
local getpass_authentication_profile = { |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
81 |
plain = function(username, realm) |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
82 |
local prepped_username = nodeprep(username); |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
83 |
if not prepped_username then |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
84 |
log("debug", "NODEprep failed on username: %s", username); |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
85 |
return "", nil; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
86 |
end |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
87 |
local password = usermanager.get_password(prepped_username, realm); |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
88 |
if not password then |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
89 |
return "", nil; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
90 |
end |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
91 |
return password, true; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
92 |
end |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
93 |
}; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
94 |
return new_sasl(realm, getpass_authentication_profile); |
3162 | 95 |
end |
96 |
||
97 |
function provider.is_admin(jid) |
|
98 |
local admins = config.get(host, "core", "admins"); |
|
99 |
if admins ~= config.get("*", "core", "admins") and type(admins) == "table" then |
|
100 |
jid = jid_bare(jid); |
|
101 |
for _,admin in ipairs(admins) do |
|
102 |
if admin == jid then return true; end |
|
103 |
end |
|
104 |
elseif admins then |
|
105 |
log("error", "Option 'admins' for host '%s' is not a table", host); |
|
106 |
end |
|
107 |
return is_admin(jid); -- Test whether it's a global admin instead |
|
108 |
end |
|
109 |
return provider; |
|
110 |
end |
|
111 |
||
112 |
module:add_item("auth-provider", new_default_provider(module.host)); |
|
113 |