Software /
code /
verse
Diff
util/sasl/scram.lua @ 453:e60c776b7760
util.sasl.scram: Refactor channel binding
This will ease support for new channel binding methods.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 03 Aug 2022 03:04:17 +0200 |
parent | 407:c99db5172309 |
child | 454:9f27a2075e9e |
line wrap: on
line diff
--- a/util/sasl/scram.lua Wed Aug 03 02:59:09 2022 +0200 +++ b/util/sasl/scram.lua Wed Aug 03 03:04:17 2022 +0200 @@ -35,16 +35,25 @@ return (gsub(str, "[,=]", { [","] = "=2C", ["="] = "=3D" })); end +local function cb(conn) + if conn:ssl() then + if sock.getfinished then + return "p=tls-unique", sock:getfinished(); + end + end +end + local function scram(stream, name) local username = "n=" .. value_safe(stream.username); local c_nonce = base64(random.bytes(15)); local our_nonce = "r=" .. c_nonce; local client_first_message_bare = username .. "," .. our_nonce; local cbind_data = ""; - local gs2_cbind_flag = stream.conn:ssl() and "y" or "n"; + local gs2_cbind_flag = "n"; if name == "SCRAM-SHA-1-PLUS" then - cbind_data = stream.conn:socket():getfinished(); - gs2_cbind_flag = "p=tls-unique"; + gs2_cbind_flag, cbind_data = cb(stream.conn); + elseif cb(stream.conn) then + gs2_cbind_flag = "y"; end local gs2_header = gs2_cbind_flag .. ",,"; local client_first_message = gs2_header .. client_first_message_bare; @@ -107,8 +116,7 @@ if name == "SCRAM-SHA-1" then return scram, 99; elseif name == "SCRAM-SHA-1-PLUS" then - local sock = stream.conn:ssl() and stream.conn:socket(); - if sock and sock.getfinished then + if cb(stream.conn) then return scram, 100; end end