Mercurial > prosody-modules
comparison mod_sasl2_fast/mod_sasl2_fast.lua @ 5083:4837232474ca
mod_sasl2_fast: Fixes to make channel binding work again
tls-endpoint isn't a thing that exists.
Also, we needed to copy more channel binding state from the primary
sasl_handler. Ideally we'd have a cleaner way to do this, but I think that's
part of more substantial changes that the SASL API deserves.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 07 Nov 2022 10:21:18 +0000 |
| parents | ddb1940b08e0 |
| children | dda2af7ed02f |
comparison
equal
deleted
inserted
replaced
| 5082:ddb1940b08e0 | 5083:4837232474ca |
|---|---|
| 96 username = jid.node(event.stream.from); | 96 username = jid.node(event.stream.from); |
| 97 if not username then return; end | 97 if not username then return; end |
| 98 end | 98 end |
| 99 local sasl_handler = get_sasl_handler(username); | 99 local sasl_handler = get_sasl_handler(username); |
| 100 if not sasl_handler then return; end | 100 if not sasl_handler then return; end |
| 101 sasl_handler.profile.cb = session.sasl_handler.profile.cb; | |
| 102 sasl_handler.userdata = session.sasl_handler.userdata; | |
| 101 session.fast_sasl_handler = sasl_handler; | 103 session.fast_sasl_handler = sasl_handler; |
| 102 local fast = st.stanza("fast", { xmlns = xmlns_fast }); | 104 local fast = st.stanza("fast", { xmlns = xmlns_fast }); |
| 103 for mech in pairs(sasl_handler:mechanisms()) do | 105 for mech in pairs(sasl_handler:mechanisms()) do |
| 104 fast:text_tag("mechanism", mech); | 106 fast:text_tag("mechanism", mech); |
| 105 end | 107 end |
| 148 local session = event.session; | 150 local session = event.session; |
| 149 | 151 |
| 150 local token_request = session.fast_token_request; | 152 local token_request = session.fast_token_request; |
| 151 local client_id = session.client_id; | 153 local client_id = session.client_id; |
| 152 local sasl_handler = session.sasl_handler; | 154 local sasl_handler = session.sasl_handler; |
| 153 if token_request or sasl_handler.fast and sasl_handler.rotation_needed then | 155 if token_request or (sasl_handler.fast and sasl_handler.rotation_needed) then |
| 154 if not client_id then | 156 if not client_id then |
| 155 session.log("warn", "FAST token requested, but missing client id"); | 157 session.log("warn", "FAST token requested, but missing client id"); |
| 156 return; | 158 return; |
| 157 end | 159 end |
| 158 local mechanism = token_request and token_request.mechanism or session.sasl_handler.selected; | 160 local mechanism = token_request and token_request.mechanism or session.sasl_handler.selected; |
| 200 return sasl.registerMechanism(name, { backend_profile_name }, new_ht_mechanism( | 202 return sasl.registerMechanism(name, { backend_profile_name }, new_ht_mechanism( |
| 201 name, | 203 name, |
| 202 backend_profile_name, | 204 backend_profile_name, |
| 203 cb_name | 205 cb_name |
| 204 ), | 206 ), |
| 205 { cb_name }); | 207 cb_name and { cb_name } or nil); |
| 206 end | 208 end |
| 207 | 209 |
| 208 register_ht_mechanism("HT-SHA-256-NONE", "ht_sha_256", nil); | 210 register_ht_mechanism("HT-SHA-256-NONE", "ht_sha_256", nil); |
| 209 register_ht_mechanism("HT-SHA-256-UNIQ", "ht_sha_256", "tls-unique"); | 211 register_ht_mechanism("HT-SHA-256-UNIQ", "ht_sha_256", "tls-unique"); |
| 210 register_ht_mechanism("HT-SHA-256-ENDP", "ht_sha_256", "tls-endpoint"); | 212 register_ht_mechanism("HT-SHA-256-ENDP", "ht_sha_256", "tls-server-end-point"); |
| 211 register_ht_mechanism("HT-SHA-256-EXPR", "ht_sha_256", "tls-exporter"); | 213 register_ht_mechanism("HT-SHA-256-EXPR", "ht_sha_256", "tls-exporter"); |