Mercurial > prosody-modules
annotate mod_auth_ldap2/mod_auth_ldap2.lua @ 6029:cc665f343690
mod_firewall: SUBSCRIBED: Flip subscription check to match documentation
The documentation claims that this condition checks whether the recipient is
subscribed to the sender.
However, it was using the wrong method, and actually checking whether the
sender was subscribed to the recipient.
A quick poll of folk suggested that the documentation's approach is the right
one, so this should fix the code to match the documentation.
This should also fix the bundled anti-spam rules from blocking presence from
JIDs that you subscribe do (but don't have a mutual subscription with).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 22 Nov 2024 13:50:48 +0000 |
| parents | f2b29183ef08 |
| children |
| rev | line source |
|---|---|
| 809 | 1 -- vim:sts=4 sw=4 |
| 2 | |
| 3 -- Prosody IM | |
| 4 -- Copyright (C) 2008-2010 Matthew Wild | |
| 5 -- Copyright (C) 2008-2010 Waqas Hussain | |
| 6 -- Copyright (C) 2012 Rob Hoelz | |
| 7 -- | |
| 8 -- This project is MIT/X11 licensed. Please see the | |
| 9 -- COPYING file in the source package for more information. | |
| 10 -- | |
| 11 -- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua | |
| 12 -- adapted to use common LDAP store | |
| 13 | |
| 14 local ldap = module:require 'ldap'; | |
| 15 local new_sasl = require 'util.sasl'.new; | |
| 16 local jsplit = require 'util.jid'.split; | |
| 17 | |
| 18 if not ldap then | |
| 19 return; | |
| 20 end | |
| 21 | |
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
809
diff
changeset
|
22 local provider = {} |
| 809 | 23 |
| 24 function provider.test_password(username, password) | |
| 25 return ldap.bind(username, password); | |
| 26 end | |
| 27 | |
| 28 function provider.user_exists(username) | |
| 29 local params = ldap.getparams() | |
| 30 | |
| 31 local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); | |
| 32 | |
| 33 return ldap.singlematch { | |
| 34 base = params.user.basedn, | |
| 35 filter = filter, | |
| 36 }; | |
| 37 end | |
| 38 | |
| 39 function provider.get_password(username) | |
| 40 return nil, "Passwords unavailable for LDAP."; | |
| 41 end | |
| 42 | |
| 43 function provider.set_password(username, password) | |
| 44 return nil, "Passwords unavailable for LDAP."; | |
| 45 end | |
| 46 | |
| 47 function provider.create_user(username, password) | |
| 48 return nil, "Account creation/modification not available with LDAP."; | |
| 49 end | |
| 50 | |
| 51 function provider.get_sasl_handler() | |
| 52 local testpass_authentication_profile = { | |
| 53 plain_test = function(sasl, username, password, realm) | |
|
902
490cb9161c81
mod_auth_{external,internal_yubikey,ldap,ldap2,sql}: No need to nodeprep in SASL handler.
Waqas Hussain <waqas20@gmail.com>
parents:
862
diff
changeset
|
54 return provider.test_password(username, password), true; |
| 809 | 55 end, |
| 56 mechanisms = { PLAIN = true }, | |
| 57 }; | |
| 58 return new_sasl(module.host, testpass_authentication_profile); | |
| 59 end | |
| 60 | |
| 61 function provider.is_admin(jid) | |
|
3869
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
62 local username, userhost = jsplit(jid); |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
63 if userhost ~= module.host then |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
64 return false; |
|
f2b29183ef08
mod_auth_ldap, mod_auth_ldap2: Ensure is_admin() checks of remote JIDs never return positive
Matthew Wild <mwild1@gmail.com>
parents:
902
diff
changeset
|
65 end |
| 809 | 66 local admin_config = ldap.getparams().admin; |
| 67 | |
| 68 if not admin_config then | |
| 69 return; | |
| 70 end | |
| 71 | |
| 72 local ld = ldap:getconnection(); | |
| 73 local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); | |
| 74 | |
| 75 return ldap.singlematch { | |
| 76 base = admin_config.basedn, | |
| 77 filter = filter, | |
| 78 }; | |
| 79 end | |
| 80 | |
|
814
881ec9919144
mod_auth_*: Use module:provides(), and don't explicitly specify provider.name.
Waqas Hussain <waqas20@gmail.com>
parents:
809
diff
changeset
|
81 module:provides("auth", provider); |
