Mercurial > prosody-hg
comparison plugins/mod_auth_internal_hashed.lua @ 3267:8f5d76cc4162
mod_auth_internal_hashed: Removed all checks for Cyrus SASL.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Tue, 15 Jun 2010 09:08:02 +0500 |
| parents | dc7131d4e189 |
| children | c1b687a5818d |
comparison
equal
deleted
inserted
replaced
| 3266:a06120464079 | 3267:8f5d76cc4162 |
|---|---|
| 26 local hmac_sha1 = require "util.hmac".sha1; | 26 local hmac_sha1 = require "util.hmac".sha1; |
| 27 local sha1 = require "util.hashes".sha1; | 27 local sha1 = require "util.hashes".sha1; |
| 28 | 28 |
| 29 local prosody = _G.prosody; | 29 local prosody = _G.prosody; |
| 30 | 30 |
| 31 local is_cyrus = usermanager.is_cyrus; | |
| 32 | |
| 33 -- Default; can be set per-user | 31 -- Default; can be set per-user |
| 34 local iteration_count = 4096; | 32 local iteration_count = 4096; |
| 35 | 33 |
| 36 function new_hashpass_provider(host) | 34 function new_hashpass_provider(host) |
| 37 local provider = { name = "internal_hashed" }; | 35 local provider = { name = "internal_hashed" }; |
| 38 log("debug", "initializing hashpass authentication provider for host '%s'", host); | 36 log("debug", "initializing hashpass authentication provider for host '%s'", host); |
| 39 | 37 |
| 40 function provider.test_password(username, password) | 38 function provider.test_password(username, password) |
| 41 if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end | |
| 42 local credentials = datamanager.load(username, host, "accounts") or {}; | 39 local credentials = datamanager.load(username, host, "accounts") or {}; |
| 43 | 40 |
| 44 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then | 41 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then |
| 45 if credentials.password ~= password then | 42 if credentials.password ~= password then |
| 46 return nil, "Auth failed. Provided password is incorrect."; | 43 return nil, "Auth failed. Provided password is incorrect."; |
| 78 return nil, "Auth failed. Invalid username, password, or password hash information."; | 75 return nil, "Auth failed. Invalid username, password, or password hash information."; |
| 79 end | 76 end |
| 80 end | 77 end |
| 81 | 78 |
| 82 function provider.set_password(username, password) | 79 function provider.set_password(username, password) |
| 83 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end | |
| 84 local account = datamanager.load(username, host, "accounts"); | 80 local account = datamanager.load(username, host, "accounts"); |
| 85 if account then | 81 if account then |
| 86 account.salt = account.salt or generate_uuid(); | 82 account.salt = account.salt or generate_uuid(); |
| 87 account.iteration_count = account.iteration_count or iteration_count; | 83 account.iteration_count = account.iteration_count or iteration_count; |
| 88 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); | 84 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); |
| 97 end | 93 end |
| 98 return nil, "Account not available."; | 94 return nil, "Account not available."; |
| 99 end | 95 end |
| 100 | 96 |
| 101 function provider.user_exists(username) | 97 function provider.user_exists(username) |
| 102 if is_cyrus(host) then return true; end | |
| 103 local account = datamanager.load(username, host, "accounts"); | 98 local account = datamanager.load(username, host, "accounts"); |
| 104 if not account then | 99 if not account then |
| 105 log("debug", "account not found for username '%s' at host '%s'", username, module.host); | 100 log("debug", "account not found for username '%s' at host '%s'", username, module.host); |
| 106 return nil, "Auth failed. Invalid username"; | 101 return nil, "Auth failed. Invalid username"; |
| 107 end | 102 end |
| 111 end | 106 end |
| 112 return true; | 107 return true; |
| 113 end | 108 end |
| 114 | 109 |
| 115 function provider.create_user(username, password) | 110 function provider.create_user(username, password) |
| 116 if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end | |
| 117 local salt = generate_uuid(); | 111 local salt = generate_uuid(); |
| 118 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count); | 112 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count); |
| 119 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 113 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 120 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 114 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 121 return datamanager.store(username, host, "accounts", {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count}); | 115 return datamanager.store(username, host, "accounts", {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count}); |
