From: Aki Tuomi Date: Thu, 12 Apr 2018 10:39:58 +0000 (+0300) Subject: auth: db-lua - Add password_verify to auth request X-Git-Tag: 2.3.2.rc1~81 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6f96dd4d4a7ce45388d7e3c44079b363fa71499f;p=thirdparty%2Fdovecot%2Fcore.git auth: db-lua - Add password_verify to auth request Allows verifying passwords with dovecot when necessary --- diff --git a/src/auth/db-lua.c b/src/auth/db-lua.c index 83de659a4c..0a5ad64000 100644 --- a/src/auth/db-lua.c +++ b/src/auth/db-lua.c @@ -200,6 +200,49 @@ static int auth_request_lua_userdb(lua_State *L) return 1; } +static int auth_request_lua_password_verify(lua_State *L) +{ + struct dlua_script *script = dlua_script_from_state(L); + struct auth_request *request = auth_lua_check_auth_request(script, 1); + const char *crypted_password = lua_tostring(L, 2); + const char *scheme; + const char *plain_password = lua_tostring(L, 3); + const char *error = NULL; + const unsigned char *raw_password = NULL; + size_t raw_password_size; + int ret; + struct password_generate_params gen_params = {.user = request->original_username, + .rounds = 0}; + scheme = password_get_scheme(&crypted_password); + if (scheme == NULL) + scheme = "PLAIN"; + ret = password_decode(crypted_password, scheme, + &raw_password, &raw_password_size, &error); + if (ret <= 0) { + if (ret < 0) { + error = t_strdup_printf("Password data is not valid for scheme %s: %s", + scheme, error); + } else { + error = t_strdup_printf("Unknown scheme %s", scheme); + } + } else { + /* Use original_username since it may be important for some + password schemes (eg. digest-md5). + */ + ret = password_verify(plain_password, &gen_params, + scheme, raw_password, raw_password_size, &error); + } + + lua_pushnumber(script->L, ret); + if (error != NULL) + lua_pushstring(script->L, error); + else + lua_pushnil(script->L); + + return 2; +} + + /* put all methods here */ static const luaL_Reg auth_request_methods[] ={ { "var_expand", auth_request_lua_var_expand }, @@ -208,6 +251,7 @@ static const luaL_Reg auth_request_methods[] ={ { "log_info", auth_request_lua_log_info }, { "log_warning", auth_request_lua_log_warning }, { "log_error", auth_request_lua_log_error }, + { "password_verify", auth_request_lua_password_verify }, { NULL, NULL } };