1 files changed, 40 insertions, 5 deletions
diff --git a/mod_auth_custom/mod_auth_custom.lua b/mod_auth_custom/mod_auth_custom.lua
index 69a41e4..59d5236 100644
--- a/mod_auth_custom/mod_auth_custom.lua
+++ b/mod_auth_custom/mod_auth_custom.lua
@@ -1,22 +1,47 @@
 local posix = require "posix.grp";  
 local pam = require "pam";  
 local new_sasl = require "util.sasl".new;
+local sha2 = require "sha2";
+local group = module:get_option_string("custom_auth_group", "xmpp");
+local pam_module = module:get_option_string("custom_pam_module", "xmpp");
+local alias_file = module:get_option_string("custom_alias_file");
+local alias_secret_file = module:get_option_string("custom_alias_secret_file");
 function is_real_user(username)
-        for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do
+        for i,v in ipairs(posix.getgrnam(group).gr_mem) do
          if username == v then
            return true;
          end
        end
        return false;
 end
+function is_alias(username)
+        local f = assert(io.open(alias_file, "r"));
+        local found = false;
+        while true do
+          local line = f:read("*line");
+          if line == nil then break; end
+          if string.lower(line) == string.lower(username) then found = true; end
+        end
+        f:close();
+        return found;
+end
+function alias_pw(username)
+        local f = assert(io.open(alias_secret_file, "r"));
+        local secret = f:read("*all");
+        f:close();
+        return sha2.sha512hex(username .. secret);
+end
  
 function user_exists(username)
-        return is_real_user(username);
+        return is_real_user(username) or is_alias(username);
 end  
  
-function test_password(username, password)
+function pam_auth(username, password)
-        local h, err = pam.start("xmpp", username, {
+        local h, err = pam.start(pam_module, username, {
                function (t)
                        local responses = {}
                        for i,m in ipairs(t) do
@@ -40,7 +65,17 @@ end
 function get_sasl_handler()
        return new_sasl(module.host, {
                plain_test = function(sasl, ...)
-                        return test_password(...)
+                        if is_real_user(username) then
+                          return pam_auth(..);
+                        elseif is_alias(username) then
+                          if password == alias_pw(username) then
+                            return true, true;
+                          else
+                            return nil, true;
+                          end
+                        else
+                          return nil, true;
+                        end
                end
        });
 end

diff --git a/mod_auth_custom/mod_auth_custom.lua b/mod_auth_custom/mod_auth_custom.lua index 69a41e4..59d5236 100644 --- a/mod_auth_custom/mod_auth_custom.lua +++ b/mod_auth_custom/mod_auth_custom.lua
@@ -1,22 +1,47 @@
1	local posix = require "posix.grp";	1	local posix = require "posix.grp";
2	local pam = require "pam";	2	local pam = require "pam";
3	local new_sasl = require "util.sasl".new;	3	local new_sasl = require "util.sasl".new;
		4	local sha2 = require "sha2";
		5
		6	local group = module:get_option_string("custom_auth_group", "xmpp");
		7	local pam_module = module:get_option_string("custom_pam_module", "xmpp");
		8	local alias_file = module:get_option_string("custom_alias_file");
		9	local alias_secret_file = module:get_option_string("custom_alias_secret_file");
4		10
5	function is_real_user(username)	11	function is_real_user(username)
6	for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do	12	for i,v in ipairs(posix.getgrnam(group).gr_mem) do
7	if username == v then	13	if username == v then
8	return true;	14	return true;
9	end	15	end
10	end	16	end
11	return false;	17	return false;
12	end	18	end
		19
		20	function is_alias(username)
		21	local f = assert(io.open(alias_file, "r"));
		22	local found = false;
		23	while true do
		24	local line = f:read("*line");
		25	if line == nil then break; end
		26	if string.lower(line) == string.lower(username) then found = true; end
		27	end
		28	f:close();
		29	return found;
		30	end
		31
		32	function alias_pw(username)
		33	local f = assert(io.open(alias_secret_file, "r"));
		34	local secret = f:read("*all");
		35	f:close();
		36	return sha2.sha512hex(username .. secret);
		37	end
13		38
14	function user_exists(username)	39	function user_exists(username)
15	return is_real_user(username);	40	return is_real_user(username) or is_alias(username);
16	end	41	end
17		42
18	function test_password(username, password)	43	function pam_auth(username, password)
19	local h, err = pam.start("xmpp", username, {	44	local h, err = pam.start(pam_module, username, {
20	function (t)	45	function (t)
21	local responses = {}	46	local responses = {}
22	for i,m in ipairs(t) do	47	for i,m in ipairs(t) do
@@ -40,7 +65,17 @@ end
40	function get_sasl_handler()	65	function get_sasl_handler()
41	return new_sasl(module.host, {	66	return new_sasl(module.host, {
42	plain_test = function(sasl, ...)	67	plain_test = function(sasl, ...)
43	return test_password(...)	68	if is_real_user(username) then
		69	return pam_auth(..);
		70	elseif is_alias(username) then
		71	if password == alias_pw(username) then
		72	return true, true;
		73	else
		74	return nil, true;
		75	end
		76	else
		77	return nil, true;
		78	end
44	end	79	end
45	});	80	});
46	end	81	end