Software /
code /
prosody-modules
Changeset
5082:ddb1940b08e0
mod_sasl2_fast: Clean up backend return values (fixes constant rotation)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 07 Nov 2022 10:19:10 +0000 |
parents | 5081:660160fe97fa |
children | 5083:4837232474ca |
files | mod_sasl2_fast/mod_sasl2_fast.lua |
diffstat | 1 files changed, 8 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 29 12:01:32 2022 +0200 +++ b/mod_sasl2_fast/mod_sasl2_fast.lua Mon Nov 07 10:19:10 2022 +0000 @@ -63,7 +63,7 @@ elseif current_time - token.issued_at > fast_token_min_ttl then rotation_needed = true; end - return true, username, hmac_f(token.secret, "Responder"..cb_data), token, rotation_needed; + return true, username, hmac_f(token.secret, "Responder"..cb_data), rotation_needed; end end if not tried_current_token then @@ -173,23 +173,24 @@ local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) return function (sasl_handler, message) local backend = sasl_handler.profile[backend_profile_name]; - local username, token_hash = message:match("^([^%z]+)%z(.+)$"); - if not username then + local authc_username, token_hash = message:match("^([^%z]+)%z(.+)$"); + if not authc_username then return "failure", "malformed-request"; end local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; - local ok, status, response, rotation_needed = backend( + local ok, authz_username, response, rotation_needed = backend( mechanism_name, - username, + authc_username, sasl_handler.client_id, token_hash, cb_data, sasl_handler.invalidate ); if not ok then - return "failure", status or "not-authorized"; + -- authz_username is error condition + return "failure", authz_username or "not-authorized"; end - sasl_handler.username = status; + sasl_handler.username = authz_username; sasl_handler.rotation_needed = rotation_needed; return "success", response; end