diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2015-09-30 22:04:39 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2015-09-30 22:04:39 +0200 |
| commit | 2e597f5218aa163f5b5ea5cd645dd447bb47b295 (patch) | |
| tree | c0c02e42c962b37457db977ff7462f54add0d3f9 | |
| parent | 803fda7486e358dc79fc26884b40f4d739559da2 (diff) | |
| download | prosody_auth-2e597f5218aa163f5b5ea5cd645dd447bb47b295.tar prosody_auth-2e597f5218aa163f5b5ea5cd645dd447bb47b295.tar.gz prosody_auth-2e597f5218aa163f5b5ea5cd645dd447bb47b295.tar.bz2 prosody_auth-2e597f5218aa163f5b5ea5cd645dd447bb47b295.tar.xz prosody_auth-2e597f5218aa163f5b5ea5cd645dd447bb47b295.zip | |
Added alias auth
| -rw-r--r-- | mod_auth_custom/mod_auth_custom.lua | 45 |
1 files changed, 40 insertions, 5 deletions
diff --git a/mod_auth_custom/mod_auth_custom.lua b/mod_auth_custom/mod_auth_custom.lua index 69a41e4..59d5236 100644 --- a/mod_auth_custom/mod_auth_custom.lua +++ b/mod_auth_custom/mod_auth_custom.lua | |||
| @@ -1,22 +1,47 @@ | |||
| 1 | local posix = require "posix.grp"; | 1 | local posix = require "posix.grp"; |
| 2 | local pam = require "pam"; | 2 | local pam = require "pam"; |
| 3 | local new_sasl = require "util.sasl".new; | 3 | local new_sasl = require "util.sasl".new; |
| 4 | local sha2 = require "sha2"; | ||
| 5 | |||
| 6 | local group = module:get_option_string("custom_auth_group", "xmpp"); | ||
| 7 | local pam_module = module:get_option_string("custom_pam_module", "xmpp"); | ||
| 8 | local alias_file = module:get_option_string("custom_alias_file"); | ||
| 9 | local alias_secret_file = module:get_option_string("custom_alias_secret_file"); | ||
| 4 | 10 | ||
| 5 | function is_real_user(username) | 11 | function is_real_user(username) |
| 6 | for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do | 12 | for i,v in ipairs(posix.getgrnam(group).gr_mem) do |
| 7 | if username == v then | 13 | if username == v then |
| 8 | return true; | 14 | return true; |
| 9 | end | 15 | end |
| 10 | end | 16 | end |
| 11 | return false; | 17 | return false; |
| 12 | end | 18 | end |
| 19 | |||
| 20 | function is_alias(username) | ||
| 21 | local f = assert(io.open(alias_file, "r")); | ||
| 22 | local found = false; | ||
| 23 | while true do | ||
| 24 | local line = f:read("*line"); | ||
| 25 | if line == nil then break; end | ||
| 26 | if string.lower(line) == string.lower(username) then found = true; end | ||
| 27 | end | ||
| 28 | f:close(); | ||
| 29 | return found; | ||
| 30 | end | ||
| 31 | |||
| 32 | function alias_pw(username) | ||
| 33 | local f = assert(io.open(alias_secret_file, "r")); | ||
| 34 | local secret = f:read("*all"); | ||
| 35 | f:close(); | ||
| 36 | return sha2.sha512hex(username .. secret); | ||
| 37 | end | ||
| 13 | 38 | ||
| 14 | function user_exists(username) | 39 | function user_exists(username) |
| 15 | return is_real_user(username); | 40 | return is_real_user(username) or is_alias(username); |
| 16 | end | 41 | end |
| 17 | 42 | ||
| 18 | function test_password(username, password) | 43 | function pam_auth(username, password) |
| 19 | local h, err = pam.start("xmpp", username, { | 44 | local h, err = pam.start(pam_module, username, { |
| 20 | function (t) | 45 | function (t) |
| 21 | local responses = {} | 46 | local responses = {} |
| 22 | for i,m in ipairs(t) do | 47 | for i,m in ipairs(t) do |
| @@ -40,7 +65,17 @@ end | |||
| 40 | function get_sasl_handler() | 65 | function get_sasl_handler() |
| 41 | return new_sasl(module.host, { | 66 | return new_sasl(module.host, { |
| 42 | plain_test = function(sasl, ...) | 67 | plain_test = function(sasl, ...) |
| 43 | return test_password(...) | 68 | if is_real_user(username) then |
| 69 | return pam_auth(..); | ||
| 70 | elseif is_alias(username) then | ||
| 71 | if password == alias_pw(username) then | ||
| 72 | return true, true; | ||
| 73 | else | ||
| 74 | return nil, true; | ||
| 75 | end | ||
| 76 | else | ||
| 77 | return nil, true; | ||
| 78 | end | ||
| 44 | end | 79 | end |
| 45 | }); | 80 | }); |
| 46 | end | 81 | end |