Sun, 04 Jul 2010 19:14:27 +0100
mod_component: Read validate_from_addresses option from the config
3157 | 1 | -- Prosody IM |
2 | -- Copyright (C) 2008-2010 Matthew Wild | |
3 | -- Copyright (C) 2008-2010 Waqas Hussain | |
4 | -- Copyright (C) 2010 Jeff Mitchell | |
5 | -- | |
6 | -- This project is MIT/X11 licensed. Please see the | |
7 | -- COPYING file in the source package for more information. | |
8 | -- | |
9 | ||
10 | local datamanager = require "util.datamanager"; | |
3272
5ad2710d7bb8
mod_auth_internal: Log as "auth_internal", not as "usermanager".
Waqas Hussain <waqas20@gmail.com>
parents:
3219
diff
changeset
|
11 | local log = require "util.logger".init("auth_internal"); |
3157 | 12 | local type = type; |
13 | local error = error; | |
14 | local ipairs = ipairs; | |
15 | local hashes = require "util.hashes"; | |
16 | local jid_bare = require "util.jid".bare; | |
17 | local config = require "core.configmanager"; | |
3158 | 18 | local usermanager = require "core.usermanager"; |
3190
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
19 | local new_sasl = require "util.sasl".new; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
20 | local nodeprep = require "util.encodings".stringprep.nodeprep; |
3157 | 21 | local hosts = hosts; |
22 | ||
23 | local prosody = _G.prosody; | |
24 | ||
3158 | 25 | local is_cyrus = usermanager.is_cyrus; |
26 | ||
3157 | 27 | function new_default_provider(host) |
3180
99be525bcfb4
Rename mod_defaultauth -> mod_auth_internal, mod_hashpassauth -> mod_auth_internal_hashed, and the providers to internal and internal_hashed respectively. Also no longer auto-load defaultauth, but instead auto-load the plugin selected for each host at startup based on the provider name.
Matthew Wild <mwild1@gmail.com>
parents:
3158
diff
changeset
|
28 | local provider = { name = "internal" }; |
3158 | 29 | log("debug", "initializing default authentication provider for host '%s'", host); |
30 | ||
3157 | 31 | function provider.test_password(username, password) |
3158 | 32 | log("debug", "test password '%s' for user %s at host %s", password, username, module.host); |
3157 | 33 | if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end |
34 | local credentials = datamanager.load(username, host, "accounts") or {}; | |
35 | ||
36 | if password == credentials.password then | |
37 | return true; | |
38 | else | |
39 | return nil, "Auth failed. Invalid username or password."; | |
40 | end | |
41 | end | |
42 | ||
43 | function provider.get_password(username) | |
3158 | 44 | log("debug", "get_password for username '%s' at host '%s'", username, module.host); |
3157 | 45 | if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
46 | return (datamanager.load(username, host, "accounts") or {}).password; | |
47 | end | |
48 | ||
49 | function provider.set_password(username, password) | |
50 | if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end | |
51 | local account = datamanager.load(username, host, "accounts"); | |
52 | if account then | |
53 | account.password = password; | |
54 | return datamanager.store(username, host, "accounts", account); | |
55 | end | |
56 | return nil, "Account not available."; | |
57 | end | |
58 | ||
59 | function provider.user_exists(username) | |
60 | if is_cyrus(host) then return true; end | |
61 | local account = datamanager.load(username, host, "accounts"); | |
62 | if not account then | |
3158 | 63 | log("debug", "account not found for username '%s' at host '%s'", username, module.host); |
3157 | 64 | return nil, "Auth failed. Invalid username"; |
65 | end | |
66 | if account.password == nil or string.len(account.password) == 0 then | |
3158 | 67 | log("debug", "account password not set or zero-length for username '%s' at host '%s'", username, module.host); |
3157 | 68 | return nil, "Auth failed. Password invalid."; |
69 | end | |
70 | return true; | |
71 | end | |
72 | ||
73 | function provider.create_user(username, password) | |
74 | if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end | |
75 | return datamanager.store(username, host, "accounts", {password = password}); | |
76 | end | |
77 | ||
3190
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
78 | function provider.get_sasl_handler() |
3191
a475fbce1990
mod_auth_internal, mod_auth_internal_hashed: Fixed a global access.
Waqas Hussain <waqas20@gmail.com>
parents:
3190
diff
changeset
|
79 | local realm = module:get_option("sasl_realm") or module.host; |
3190
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
80 | local getpass_authentication_profile = { |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
81 | plain = function(username, realm) |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
82 | local prepped_username = nodeprep(username); |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
83 | if not prepped_username then |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
84 | log("debug", "NODEprep failed on username: %s", username); |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
85 | return "", nil; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
86 | end |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
87 | local password = usermanager.get_password(prepped_username, realm); |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
88 | if not password then |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
89 | return "", nil; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
90 | end |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
91 | return password, true; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
92 | end |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
93 | }; |
b5f261123013
mod_auth_internal, mod_auth_internal_hashed: Updated to provide get_sasl_handler.
Waqas Hussain <waqas20@gmail.com>
parents:
3180
diff
changeset
|
94 | return new_sasl(realm, getpass_authentication_profile); |
3157 | 95 | end |
3287
e425e27c12be
mod_auth_internal, mod_auth_internal_hashed: Remove is_admin method from providers
Matthew Wild <mwild1@gmail.com>
parents:
3272
diff
changeset
|
96 | |
3157 | 97 | return provider; |
98 | end | |
99 | ||
100 | module:add_item("auth-provider", new_default_provider(module.host)); | |
101 |