Software /
code /
prosody-modules
Comparison
mod_sasl2_fast/mod_sasl2_fast.lua @ 5082:ddb1940b08e0
mod_sasl2_fast: Clean up backend return values (fixes constant rotation)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 07 Nov 2022 10:19:10 +0000 |
parent | 5078:36d3f11724c8 |
child | 5083:4837232474ca |
comparison
equal
deleted
inserted
replaced
5081:660160fe97fa | 5082:ddb1940b08e0 |
---|---|
61 if invalidate then | 61 if invalidate then |
62 token_store:set(username, key, nil); | 62 token_store:set(username, key, nil); |
63 elseif current_time - token.issued_at > fast_token_min_ttl then | 63 elseif current_time - token.issued_at > fast_token_min_ttl then |
64 rotation_needed = true; | 64 rotation_needed = true; |
65 end | 65 end |
66 return true, username, hmac_f(token.secret, "Responder"..cb_data), token, rotation_needed; | 66 return true, username, hmac_f(token.secret, "Responder"..cb_data), rotation_needed; |
67 end | 67 end |
68 end | 68 end |
69 if not tried_current_token then | 69 if not tried_current_token then |
70 log("debug", "Trying next token..."); | 70 log("debug", "Trying next token..."); |
71 -- Try again with the current token instead | 71 -- Try again with the current token instead |
171 -- HT-* mechanisms | 171 -- HT-* mechanisms |
172 | 172 |
173 local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) | 173 local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) |
174 return function (sasl_handler, message) | 174 return function (sasl_handler, message) |
175 local backend = sasl_handler.profile[backend_profile_name]; | 175 local backend = sasl_handler.profile[backend_profile_name]; |
176 local username, token_hash = message:match("^([^%z]+)%z(.+)$"); | 176 local authc_username, token_hash = message:match("^([^%z]+)%z(.+)$"); |
177 if not username then | 177 if not authc_username then |
178 return "failure", "malformed-request"; | 178 return "failure", "malformed-request"; |
179 end | 179 end |
180 local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; | 180 local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; |
181 local ok, status, response, rotation_needed = backend( | 181 local ok, authz_username, response, rotation_needed = backend( |
182 mechanism_name, | 182 mechanism_name, |
183 username, | 183 authc_username, |
184 sasl_handler.client_id, | 184 sasl_handler.client_id, |
185 token_hash, | 185 token_hash, |
186 cb_data, | 186 cb_data, |
187 sasl_handler.invalidate | 187 sasl_handler.invalidate |
188 ); | 188 ); |
189 if not ok then | 189 if not ok then |
190 return "failure", status or "not-authorized"; | 190 -- authz_username is error condition |
191 end | 191 return "failure", authz_username or "not-authorized"; |
192 sasl_handler.username = status; | 192 end |
193 sasl_handler.username = authz_username; | |
193 sasl_handler.rotation_needed = rotation_needed; | 194 sasl_handler.rotation_needed = rotation_needed; |
194 return "success", response; | 195 return "success", response; |
195 end | 196 end |
196 end | 197 end |
197 | 198 |