util.sasl.{scram,plain}: Pass authzid to SASL profile callback For potential future use. Used for logging into a different account than the one used for authentication.

author: Kim Alvefur <zash@zash.se>
date: Thu, 16 Mar 2023 13:57:30 +0100
parent: 12941:e77c607e8da8
child: 12975:d10957394a3c
--- a/util/sasl/scram.lua	Sat Mar 11 12:12:49 2023 +0100
+++ b/util/sasl/scram.lua	Thu Mar 16 13:57:30 2023 +0100
@@ -101,7 +101,6 @@
 			local client_first_message = message;
 
 			-- TODO: fail if authzid is provided, since we don't support them yet
-			-- luacheck: ignore 211/authzid
 			local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce
 				= s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
 
@@ -144,7 +143,7 @@
 			-- retrieve credentials
 			local stored_key, server_key, salt, iteration_count;
 			if self.profile.plain then
-				local password, status = self.profile.plain(self, username, self.realm)
+				local password, status = self.profile.plain(self, username, self.realm, authzid)
 				if status == nil then return "failure", "not-authorized"
 				elseif status == false then return "failure", "account-disabled" end
 
@@ -165,7 +164,7 @@
 				end
 			elseif self.profile[profile_name] then
 				local status;
-				stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm);
+				stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm, authzid);
 				if status == nil then return "failure", "not-authorized"
 				elseif status == false then return "failure", "account-disabled" end
 			end