From 2e597f5218aa163f5b5ea5cd645dd447bb47b295 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 30 Sep 2015 22:04:39 +0200 Subject: Added alias auth --- mod_auth_custom/mod_auth_custom.lua | 45 ++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 5 deletions(-) (limited to 'mod_auth_custom') diff --git a/mod_auth_custom/mod_auth_custom.lua b/mod_auth_custom/mod_auth_custom.lua index 69a41e4..59d5236 100644 --- a/mod_auth_custom/mod_auth_custom.lua +++ b/mod_auth_custom/mod_auth_custom.lua @@ -1,22 +1,47 @@ local posix = require "posix.grp"; local pam = require "pam"; local new_sasl = require "util.sasl".new; +local sha2 = require "sha2"; + +local group = module:get_option_string("custom_auth_group", "xmpp"); +local pam_module = module:get_option_string("custom_pam_module", "xmpp"); +local alias_file = module:get_option_string("custom_alias_file"); +local alias_secret_file = module:get_option_string("custom_alias_secret_file"); function is_real_user(username) - for i,v in ipairs(posix.getgrnam("xmpp").gr_mem) do + for i,v in ipairs(posix.getgrnam(group).gr_mem) do if username == v then return true; end end return false; end + +function is_alias(username) + local f = assert(io.open(alias_file, "r")); + local found = false; + while true do + local line = f:read("*line"); + if line == nil then break; end + if string.lower(line) == string.lower(username) then found = true; end + end + f:close(); + return found; +end + +function alias_pw(username) + local f = assert(io.open(alias_secret_file, "r")); + local secret = f:read("*all"); + f:close(); + return sha2.sha512hex(username .. secret); +end function user_exists(username) - return is_real_user(username); + return is_real_user(username) or is_alias(username); end -function test_password(username, password) - local h, err = pam.start("xmpp", username, { +function pam_auth(username, password) + local h, err = pam.start(pam_module, username, { function (t) local responses = {} for i,m in ipairs(t) do @@ -40,7 +65,17 @@ end function get_sasl_handler() return new_sasl(module.host, { plain_test = function(sasl, ...) - return test_password(...) + if is_real_user(username) then + return pam_auth(..); + elseif is_alias(username) then + if password == alias_pw(username) then + return true, true; + else + return nil, true; + end + else + return nil, true; + end end }); end -- cgit v1.2.3