comparison mod_sasl2_fast/mod_sasl2_fast.lua @ 5071:bc983da908e6

mod_sasl2_fast: Take username from SASL exchange rather than stream@from
author Matthew Wild <mwild1@gmail.com>
date Sat, 15 Oct 2022 19:42:55 +0100
parents 5cc6f3749376
children d41677929f68
comparison
equal deleted inserted replaced
5070:5cc6f3749376 5071:bc983da908e6
27 return nil; 27 return nil;
28 end 28 end
29 return token_info; 29 return token_info;
30 end 30 end
31 31
32 local function new_token_tester(username, hmac_f) 32 local function new_token_tester(hmac_f)
33 return function (mechanism, client_id, token_hash, cb_data) 33 return function (mechanism, username, client_id, token_hash, cb_data)
34 local tried_current_token = false; 34 local tried_current_token = false;
35 local key = hash.sha256(client_id, true).."-new"; 35 local key = hash.sha256(client_id, true).."-new";
36 local token; 36 local token;
37 repeat 37 repeat
38 token = token_store:get(username, key); 38 token = token_store:get(username, key);
62 end 62 end
63 until false; 63 until false;
64 end 64 end
65 end 65 end
66 66
67 function get_sasl_handler(username) 67 function get_sasl_handler()
68 local token_auth_profile = { 68 local token_auth_profile = {
69 ht_sha_256 = new_token_tester(username, hash.hmac_sha256); 69 ht_sha_256 = new_token_tester(hash.hmac_sha256);
70 token_test = function (_, client_id, token, mech_name, counter) --luacheck: ignore 70 token_test = function (_, client_id, token, mech_name, counter) --luacheck: ignore
71 return false; -- FIXME 71 return false; -- FIXME
72 end; 72 end;
73 }; 73 };
74 return sasl.new(module.host, token_auth_profile); 74 return sasl.new(module.host, token_auth_profile);
161 -- HT-* mechanisms 161 -- HT-* mechanisms
162 162
163 local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) 163 local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name)
164 return function (sasl_handler, message) 164 return function (sasl_handler, message)
165 local backend = sasl_handler.profile[backend_profile_name]; 165 local backend = sasl_handler.profile[backend_profile_name];
166 local ok, status, response = backend(mechanism_name, sasl_handler._client_id, message, cb_name and sasl_handler.profile.cb[cb_name] or ""); 166 local username, token_hash = message:match("^([^%z]+)%z(.+)$");
167 if not username then
168 return "failure", "malformed-request";
169 end
170 local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or "";
171 local ok, status, response = backend(mechanism_name, username, sasl_handler.profile._client_id, token_hash, cb_data);
167 if not ok then 172 if not ok then
168 return "failure", status or "not-authorized"; 173 return "failure", status or "not-authorized";
169 end 174 end
175 sasl_handler.username = status;
170 return "success", response; 176 return "success", response;
171 end 177 end
172 end 178 end
173 179
174 local function register_ht_mechanism(name, backend_profile_name, cb_name) 180 local function register_ht_mechanism(name, backend_profile_name, cb_name)