1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local datamanager = require "util.datamanager";
local log = require "util.logger".init("usermanager");
local type = type;
local error = error;
local ipairs = ipairs;
local hashes = require "util.hashes";
local jid_bare = require "util.jid".bare;
local config = require "core.configmanager";
local hosts = hosts;
local require_provisioning = config.get("*", "core", "cyrus_require_provisioning") or false;
module "usermanager"
local function is_cyrus(host) return config.get(host, "core", "sasl_backend") == "cyrus"; end
function validate_credentials(host, username, password, method)
log("debug", "User '%s' is being validated", username);
if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end
local credentials = datamanager.load(username, host, "accounts") or {};
if method == nil then method = "PLAIN"; end
if method == "PLAIN" and credentials.password then -- PLAIN, do directly
if password == credentials.password then
return true;
else
return nil, "Auth failed. Invalid username or password.";
end
end
-- must do md5
-- make credentials md5
local pwd = credentials.password;
if not pwd then pwd = credentials.md5; else pwd = hashes.md5(pwd, true); end
-- make password md5
if method == "PLAIN" then
password = hashes.md5(password or "", true);
elseif method ~= "DIGEST-MD5" then
return nil, "Unsupported auth method";
end
-- compare
if password == pwd then
return true;
else
return nil, "Auth failed. Invalid username or password.";
end
end
function get_password(username, host)
if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
return (datamanager.load(username, host, "accounts") or {}).password
end
function set_password(username, host, password)
if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
local account = datamanager.load(username, host, "accounts");
if account then
account.password = password;
return datamanager.store(username, host, "accounts", account);
end
return nil, "Account not available.";
end
function user_exists(username, host)
if not(require_provisioning) and is_cyrus(host) then return true; end
local account, err = datamanager.load(username, host, "accounts");
return (account or err) ~= nil; -- FIXME also check for empty credentials
end
function create_user(username, password, host)
if not(require_provisioning) and is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
return datamanager.store(username, host, "accounts", {password = password});
end
function get_supported_methods(host)
return {["PLAIN"] = true, ["DIGEST-MD5"] = true}; -- TODO this should be taken from the config
end
function is_admin(jid, host)
host = host or "*";
local admins = config.get(host, "core", "admins");
if host ~= "*" and admins == config.get("*", "core", "admins") then
return nil;
end
if type(admins) == "table" then
jid = jid_bare(jid);
for _,admin in ipairs(admins) do
if admin == jid then return true; end
end
elseif admins then log("warn", "Option 'admins' for host '%s' is not a table", host); end
return nil;
end
return _M;
|
