prosody
d2c1c327a4d1
util/sasl/scram.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

util/sasl/scram.lua @ 12945:d2c1c327a4d1

util.sasl.{scram,plain}: Pass authzid to SASL profile callback For potential future use. Used for logging into a different account than the one used for authentication.
author Kim Alvefur <zash@zash.se>
date Thu, 16 Mar 2023 13:57:30 +0100
parent 12941:e77c607e8da8
child 12975:d10957394a3c
comparison
equal deleted inserted replaced
12944:05ec70a9f755 12945:d2c1c327a4d1
99 if not state then 99 if not state then
100 -- we are processing client_first_message 100 -- we are processing client_first_message
101 local client_first_message = message; 101 local client_first_message = message;
102 102
103 -- TODO: fail if authzid is provided, since we don't support them yet 103 -- TODO: fail if authzid is provided, since we don't support them yet
104 -- luacheck: ignore 211/authzid
105 local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce 104 local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce
106 = s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$"); 105 = s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
107 106
108 if not gs2_cbind_flag then 107 if not gs2_cbind_flag then
109 return "failure", "malformed-request"; 108 return "failure", "malformed-request";
142 self.username = username; 141 self.username = username;
143 142
144 -- retrieve credentials 143 -- retrieve credentials
145 local stored_key, server_key, salt, iteration_count; 144 local stored_key, server_key, salt, iteration_count;
146 if self.profile.plain then 145 if self.profile.plain then
147 local password, status = self.profile.plain(self, username, self.realm) 146 local password, status = self.profile.plain(self, username, self.realm, authzid)
148 if status == nil then return "failure", "not-authorized" 147 if status == nil then return "failure", "not-authorized"
149 elseif status == false then return "failure", "account-disabled" end 148 elseif status == false then return "failure", "account-disabled" end
150 149
151 password = saslprep(password); 150 password = saslprep(password);
152 if not password then 151 if not password then
163 log("error", "Generating authentication database failed. Reason: %s", stored_key); 162 log("error", "Generating authentication database failed. Reason: %s", stored_key);
164 return "failure", "temporary-auth-failure"; 163 return "failure", "temporary-auth-failure";
165 end 164 end
166 elseif self.profile[profile_name] then 165 elseif self.profile[profile_name] then
167 local status; 166 local status;
168 stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm); 167 stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm, authzid);
169 if status == nil then return "failure", "not-authorized" 168 if status == nil then return "failure", "not-authorized"
170 elseif status == false then return "failure", "account-disabled" end 169 elseif status == false then return "failure", "account-disabled" end
171 end 170 end
172 171
173 local nonce = clientnonce .. generate_uuid(); 172 local nonce = clientnonce .. generate_uuid();