search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mod_muc_webchat_url: Fix default url
[prosody-modules.git] / mod_auth_ha1 / mod_auth_ha1.lua
blob8392efd8ead0ba2b939838a578fac36a5923841c
1 -- Prosody IM
2 -- Copyright (C) 2014 Matthew Wild
3 --
4 -- This project is MIT/X11 licensed. Please see the
5 -- COPYING file in the source package for more information.
6 --
7
8 local usermanager = require "core.usermanager";
9 local new_sasl = require "util.sasl".new;
10
11 local nodeprep = require "util.encodings".stringprep.nodeprep;
12 local nameprep = require "util.encodings".stringprep.nameprep;
13 local md5 = require "util.hashes".md5;
14
15 local host = module.host;
16
17 local auth_filename = module:get_option_string("auth_ha1_file", "auth.txt");
18 local auth_data = {};
19
20 function reload_auth_data()
21 local f, err = io.open(auth_filename);
22 if not f then
23 module:log("error", "Failed to read from auth file: %s", err);
24 return;
25 end
26 auth_data = {};
27 local line_number, imported_count, not_authorized_count = 0, 0, 0;
28 for line in f:lines() do
29 line_number = line_number + 1;
30 local username, hash, realm, state = line:match("^([^:]+):(%x+):([^:]+):(.+)$");
31 if not username then
32 if line:sub(1,1) ~= "#" then
33 module:log("error", "Unable to parse line %d of auth file, skipping", line_number);
34 end
35 else
36 username, realm = nodeprep(username), nameprep(realm);
37 if not username then
38 module:log("error", "Invalid username on line %d of auth file, skipping", line_number);
39 elseif not realm then
40 module:log("error", "Invalid hostname/realm on line %d of auth file, skipping", line_number);
41 elseif state ~= "authorized" then
42 not_authorized_count = not_authorized_count + 1;
43 elseif realm == host then
44 auth_data[username] = hash;
45 imported_count = imported_count + 1;
46 end
47 end
48 end
49 f:close();
50 module:log("debug", "Loaded %d accounts from auth file (%d authorized)", imported_count, imported_count-not_authorized_count);
51 end
52
53 function module.load()
54 reload_auth_data();
55 end
56
57 module:hook_global("config-reloaded", reload_auth_data);
58
59 -- define auth provider
60 local provider = {};
61
62 function provider.test_password(username, password)
63 module:log("debug", "test password for user %s at host %s, %s", username, host, password);
64
65 local test_hash = md5(username..":"..host..":"..password, true);
66
67 if test_hash == auth_data[username] then
68 return true;
69 else
70 return nil, "Auth failed. Invalid username or password.";
71 end
72 end
73
74 function provider.set_password(username, password)
75 return nil, "Changing passwords not supported";
76 end
77
78 function provider.user_exists(username)
79 if not auth_data[username] then
80 module:log("debug", "account not found for username '%s' at host '%s'", username, host);
81 return nil, "Auth failed. Invalid username";
82 end
83 return true;
84 end
85
86 function provider.create_user(username, password)
87 return nil, "User creation not supported";
88 end
89
90 function provider.delete_user(username)
91 return nil , "User deletion not supported";
92 end
93
94 function provider.get_sasl_handler()
95 return new_sasl(host, {
96 plain_test = function(sasl, username, password, realm)
97 return usermanager.test_password(username, realm, password), true;
98 end
99 });
100 end
101
102 module:provides("auth", provider);
103
Non-core, unofficial and/or experimental plugins for Prosody.