From 2e597f5218aa163f5b5ea5cd645dd447bb47b295 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 30 Sep 2015 22:04:39 +0200
Subject: Added alias auth

---
 mod_auth_custom/mod_auth_custom.lua | 45 ++++++++++++++++++++++++++++++++-----
 1 file changed, 40 insertions(+), 5 deletions(-)

diff --git a/mod_auth_custom/mod_auth_custom.lua b/mod_auth_custom/mod_auth_custom.lua
index 69a41e4..59d5236 100644
--- a/mod_auth_custom/mod_auth_custom.lua
+++ b/mod_auth_custom/mod_auth_custom.lua
@@ -1,22 +1,47 @@
 local posix = require "posix.grp";  
 local pam = require "pam";  
 local new_sasl = require "util.sasl".new;
+local sha2 = require "sha2";
+
+local group = module:get_option_string("custom_auth_group", "xmpp");
+local pam_module = module:get_option_string("custom_pam_module", "xmpp");
+local alias_file = module:get_option_string("custom_alias_file");
+local alias_secret_file = module:get_option_string("custom_alias_secret_file");
 
 function is_real_user(username)
-        for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do
+        for i,v in ipairs(posix.getgrnam(group).gr_mem) do
           if username == v then
             return true;
           end
         end
         return false;
 end
+
+function is_alias(username)
+        local f = assert(io.open(alias_file, "r"));
+        local found = false;
+        while true do
+          local line = f:read("*line");
+          if line == nil then break; end
+          if string.lower(line) == string.lower(username) then found = true; end
+        end
+        f:close();
+        return found;
+end
+
+function alias_pw(username)
+        local f = assert(io.open(alias_secret_file, "r"));
+        local secret = f:read("*all");
+        f:close();
+        return sha2.sha512hex(username .. secret);
+end
   
 function user_exists(username)
-        return is_real_user(username);
+        return is_real_user(username) or is_alias(username);
 end  
   
-function test_password(username, password)
-        local h, err = pam.start("xmpp", username, {
+function pam_auth(username, password)
+        local h, err = pam.start(pam_module, username, {
                 function (t)
                         local responses = {}
                         for i,m in ipairs(t) do
@@ -40,7 +65,17 @@ end
 function get_sasl_handler()
         return new_sasl(module.host, {
                 plain_test = function(sasl, ...)
-                        return test_password(...)
+                        if is_real_user(username) then
+                          return pam_auth(..);
+                        elseif is_alias(username) then
+                          if password == alias_pw(username) then
+                            return true, true;
+                          else
+                            return nil, true;
+                          end
+                        else
+                          return nil, true;
+                        end
                 end
         });
 end
-- 
cgit v1.2.3