summaryrefslogtreecommitdiff
path: root/mod_auth_custom
diff options
context:
space:
mode:
Diffstat (limited to 'mod_auth_custom')
-rw-r--r--mod_auth_custom/mod_auth_custom.lua45
1 files changed, 40 insertions, 5 deletions
diff --git a/mod_auth_custom/mod_auth_custom.lua b/mod_auth_custom/mod_auth_custom.lua
index 69a41e4..59d5236 100644
--- a/mod_auth_custom/mod_auth_custom.lua
+++ b/mod_auth_custom/mod_auth_custom.lua
@@ -1,22 +1,47 @@
1local posix = require "posix.grp"; 1local posix = require "posix.grp";
2local pam = require "pam"; 2local pam = require "pam";
3local new_sasl = require "util.sasl".new; 3local new_sasl = require "util.sasl".new;
4local sha2 = require "sha2";
5
6local group = module:get_option_string("custom_auth_group", "xmpp");
7local pam_module = module:get_option_string("custom_pam_module", "xmpp");
8local alias_file = module:get_option_string("custom_alias_file");
9local alias_secret_file = module:get_option_string("custom_alias_secret_file");
4 10
5function is_real_user(username) 11function is_real_user(username)
6 for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do 12 for i,v in ipairs(posix.getgrnam(group).gr_mem) do
7 if username == v then 13 if username == v then
8 return true; 14 return true;
9 end 15 end
10 end 16 end
11 return false; 17 return false;
12end 18end
19
20function is_alias(username)
21 local f = assert(io.open(alias_file, "r"));
22 local found = false;
23 while true do
24 local line = f:read("*line");
25 if line == nil then break; end
26 if string.lower(line) == string.lower(username) then found = true; end
27 end
28 f:close();
29 return found;
30end
31
32function alias_pw(username)
33 local f = assert(io.open(alias_secret_file, "r"));
34 local secret = f:read("*all");
35 f:close();
36 return sha2.sha512hex(username .. secret);
37end
13 38
14function user_exists(username) 39function user_exists(username)
15 return is_real_user(username); 40 return is_real_user(username) or is_alias(username);
16end 41end
17 42
18function test_password(username, password) 43function pam_auth(username, password)
19 local h, err = pam.start("xmpp", username, { 44 local h, err = pam.start(pam_module, username, {
20 function (t) 45 function (t)
21 local responses = {} 46 local responses = {}
22 for i,m in ipairs(t) do 47 for i,m in ipairs(t) do
@@ -40,7 +65,17 @@ end
40function get_sasl_handler() 65function get_sasl_handler()
41 return new_sasl(module.host, { 66 return new_sasl(module.host, {
42 plain_test = function(sasl, ...) 67 plain_test = function(sasl, ...)
43 return test_password(...) 68 if is_real_user(username) then
69 return pam_auth(..);
70 elseif is_alias(username) then
71 if password == alias_pw(username) then
72 return true, true;
73 else
74 return nil, true;
75 end
76 else
77 return nil, true;
78 end
44 end 79 end
45 }); 80 });
46end 81end