Software /
code /
prosody-modules
Diff
mod_sasl2_fast/mod_sasl2_fast.lua @ 5071:bc983da908e6
mod_sasl2_fast: Take username from SASL exchange rather than stream@from
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 15 Oct 2022 19:42:55 +0100 |
parent | 5070:5cc6f3749376 |
child | 5072:d41677929f68 |
line wrap: on
line diff
--- a/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 15 19:41:33 2022 +0100 +++ b/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 15 19:42:55 2022 +0100 @@ -29,8 +29,8 @@ return token_info; end -local function new_token_tester(username, hmac_f) - return function (mechanism, client_id, token_hash, cb_data) +local function new_token_tester(hmac_f) + return function (mechanism, username, client_id, token_hash, cb_data) local tried_current_token = false; local key = hash.sha256(client_id, true).."-new"; local token; @@ -64,9 +64,9 @@ end end -function get_sasl_handler(username) +function get_sasl_handler() local token_auth_profile = { - ht_sha_256 = new_token_tester(username, hash.hmac_sha256); + ht_sha_256 = new_token_tester(hash.hmac_sha256); token_test = function (_, client_id, token, mech_name, counter) --luacheck: ignore return false; -- FIXME end; @@ -163,10 +163,16 @@ local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) return function (sasl_handler, message) local backend = sasl_handler.profile[backend_profile_name]; - local ok, status, response = backend(mechanism_name, sasl_handler._client_id, message, cb_name and sasl_handler.profile.cb[cb_name] or ""); + local username, token_hash = message:match("^([^%z]+)%z(.+)$"); + if not username then + return "failure", "malformed-request"; + end + local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; + local ok, status, response = backend(mechanism_name, username, sasl_handler.profile._client_id, token_hash, cb_data); if not ok then return "failure", status or "not-authorized"; end + sasl_handler.username = status; return "success", response; end end