# HG changeset patch # User Kim Alvefur # Date 1411065158 -7200 # Node ID a8f6fd6a70eddcb69198092ea2a3db6a0f1a4de3 # Parent ed12e00991b16a282e3e2e53284a50bcfb86df76 plugins.sasl: Alter mechanism loading and pass name of loaded mechanism. Fixes attempting SCRAM-PLUS when only SCRAM is offered diff -r ed12e00991b1 -r a8f6fd6a70ed plugins/sasl.lua --- a/plugins/sasl.lua Thu Sep 18 19:17:10 2014 +0200 +++ b/plugins/sasl.lua Thu Sep 18 20:32:38 2014 +0200 @@ -20,7 +20,7 @@ local ok, impl = pcall(require, "util.sasl."..name:lower()); if ok then stream:debug("Loaded SASL %s module", name); - impl(stream, mechanisms, preference); + mechanisms[name], preference[name] = impl(stream, name); elseif not tostring(impl):match("not found") then stream:debug("Loading failed: %s", tostring(impl)); end diff -r ed12e00991b1 -r a8f6fd6a70ed util/sasl/anonymous.lua --- a/util/sasl/anonymous.lua Thu Sep 18 19:17:10 2014 +0200 +++ b/util/sasl/anonymous.lua Thu Sep 18 20:32:38 2014 +0200 @@ -1,8 +1,8 @@ -return function (stream, mechanisms, preference) - mechanisms["ANONYMOUS"] = function () - return coroutine.yield() == "success"; - end; - preference["ANONYMOUS"] = 0; +return function (stream, name) + if name == "ANONYMOUS" then + return function () + return coroutine.yield() == "success"; + end, 0; + end end - diff -r ed12e00991b1 -r a8f6fd6a70ed util/sasl/plain.lua --- a/util/sasl/plain.lua Thu Sep 18 19:17:10 2014 +0200 +++ b/util/sasl/plain.lua Thu Sep 18 20:32:38 2014 +0200 @@ -1,10 +1,9 @@ -return function (stream, mechanisms, preference) - if stream.username and stream.password then - mechanisms["PLAIN"] = function (stream) +return function (stream, name) + if name == "PLAIN" and stream.username and stream.password then + return function (stream) return "success" == coroutine.yield("\0"..stream.username.."\0"..stream.password); - end; - preference["PLAIN"] = 5; + end, 5; end end diff -r ed12e00991b1 -r a8f6fd6a70ed util/sasl/scram.lua --- a/util/sasl/scram.lua Thu Sep 18 19:17:10 2014 +0200 +++ b/util/sasl/scram.lua Thu Sep 18 20:32:38 2014 +0200 @@ -3,27 +3,26 @@ local crypto = require"crypto"; local bit = require"bit"; -local XOR, H, HMAC, Hi; local tonumber = tonumber; local char, byte = string.char, string.byte; local gsub = string.gsub; local xor = bit.bxor; -function XOR(a, b) +local function XOR(a, b) return (gsub(a, "()(.)", function(i, c) return char(xor(byte(c), byte(b, i))) end)); end -function H(str) +local function H(str) return crypto.digest("sha1", str, true); end -function HMAC(key, str) +local function HMAC(key, str) return crypto.hmac.digest("sha1", str, key, true); end -function Hi(str, salt, i) +local function Hi(str, salt, i) local U = HMAC(str, salt .. "\0\0\0\1"); local ret = U; for _ = 2, i do @@ -33,9 +32,6 @@ return ret; end --- assert(Hi("password", "salt", 1) == string.char(0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 0x2f, 0xe0, 0x37, 0xa6)); --- assert(Hi("password", "salt", 2) == string.char(0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 0xd8, 0xde, 0x89, 0x57)); - local function Normalize(str) return str; -- TODO end @@ -98,14 +94,16 @@ return true; end -return function (stream, mechanisms, preference, supported) +return function (stream, name) if stream.username and (stream.password or (stream.client_key or stream.server_key)) then - mechanisms["SCRAM-SHA-1"] = scram; - preference["SCRAM-SHA-1"] = 99; - local sock = stream.conn:ssl() and stream.conn:socket(); - if sock and sock.getfinished then - mechanisms["SCRAM-SHA-1-PLUS"] = scram; - preference["SCRAM-SHA-1-PLUS"] = 100 + if name == "SCRAM-SHA-1" then + return scram, 99; + elseif name = "SCRAM-SHA-1-PLUS" then + local sock = stream.conn:ssl() and stream.conn:socket(); + if sock and sock.getfinished then + return scram, 100; + end end end end +