Mercurial > prosody-modules
comparison mod_sasl2_fast/mod_sasl2_fast.lua @ 5071:bc983da908e6
mod_sasl2_fast: Take username from SASL exchange rather than stream@from
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 15 Oct 2022 19:42:55 +0100 |
| parents | 5cc6f3749376 |
| children | d41677929f68 |
comparison
equal
deleted
inserted
replaced
| 5070:5cc6f3749376 | 5071:bc983da908e6 |
|---|---|
| 27 return nil; | 27 return nil; |
| 28 end | 28 end |
| 29 return token_info; | 29 return token_info; |
| 30 end | 30 end |
| 31 | 31 |
| 32 local function new_token_tester(username, hmac_f) | 32 local function new_token_tester(hmac_f) |
| 33 return function (mechanism, client_id, token_hash, cb_data) | 33 return function (mechanism, username, client_id, token_hash, cb_data) |
| 34 local tried_current_token = false; | 34 local tried_current_token = false; |
| 35 local key = hash.sha256(client_id, true).."-new"; | 35 local key = hash.sha256(client_id, true).."-new"; |
| 36 local token; | 36 local token; |
| 37 repeat | 37 repeat |
| 38 token = token_store:get(username, key); | 38 token = token_store:get(username, key); |
| 62 end | 62 end |
| 63 until false; | 63 until false; |
| 64 end | 64 end |
| 65 end | 65 end |
| 66 | 66 |
| 67 function get_sasl_handler(username) | 67 function get_sasl_handler() |
| 68 local token_auth_profile = { | 68 local token_auth_profile = { |
| 69 ht_sha_256 = new_token_tester(username, hash.hmac_sha256); | 69 ht_sha_256 = new_token_tester(hash.hmac_sha256); |
| 70 token_test = function (_, client_id, token, mech_name, counter) --luacheck: ignore | 70 token_test = function (_, client_id, token, mech_name, counter) --luacheck: ignore |
| 71 return false; -- FIXME | 71 return false; -- FIXME |
| 72 end; | 72 end; |
| 73 }; | 73 }; |
| 74 return sasl.new(module.host, token_auth_profile); | 74 return sasl.new(module.host, token_auth_profile); |
| 161 -- HT-* mechanisms | 161 -- HT-* mechanisms |
| 162 | 162 |
| 163 local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) | 163 local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) |
| 164 return function (sasl_handler, message) | 164 return function (sasl_handler, message) |
| 165 local backend = sasl_handler.profile[backend_profile_name]; | 165 local backend = sasl_handler.profile[backend_profile_name]; |
| 166 local ok, status, response = backend(mechanism_name, sasl_handler._client_id, message, cb_name and sasl_handler.profile.cb[cb_name] or ""); | 166 local username, token_hash = message:match("^([^%z]+)%z(.+)$"); |
| 167 if not username then | |
| 168 return "failure", "malformed-request"; | |
| 169 end | |
| 170 local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; | |
| 171 local ok, status, response = backend(mechanism_name, username, sasl_handler.profile._client_id, token_hash, cb_data); | |
| 167 if not ok then | 172 if not ok then |
| 168 return "failure", status or "not-authorized"; | 173 return "failure", status or "not-authorized"; |
| 169 end | 174 end |
| 175 sasl_handler.username = status; | |
| 170 return "success", response; | 176 return "success", response; |
| 171 end | 177 end |
| 172 end | 178 end |
| 173 | 179 |
| 174 local function register_ht_mechanism(name, backend_profile_name, cb_name) | 180 local function register_ht_mechanism(name, backend_profile_name, cb_name) |