Mercurial > prosody-modules
comparison mod_sasl2_fast/mod_sasl2_fast.lua @ 5082:ddb1940b08e0
mod_sasl2_fast: Clean up backend return values (fixes constant rotation)
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 07 Nov 2022 10:19:10 +0000 |
| parents | 36d3f11724c8 |
| children | 4837232474ca |
comparison
equal
deleted
inserted
replaced
| 5081:660160fe97fa | 5082:ddb1940b08e0 |
|---|---|
| 61 if invalidate then | 61 if invalidate then |
| 62 token_store:set(username, key, nil); | 62 token_store:set(username, key, nil); |
| 63 elseif current_time - token.issued_at > fast_token_min_ttl then | 63 elseif current_time - token.issued_at > fast_token_min_ttl then |
| 64 rotation_needed = true; | 64 rotation_needed = true; |
| 65 end | 65 end |
| 66 return true, username, hmac_f(token.secret, "Responder"..cb_data), token, rotation_needed; | 66 return true, username, hmac_f(token.secret, "Responder"..cb_data), rotation_needed; |
| 67 end | 67 end |
| 68 end | 68 end |
| 69 if not tried_current_token then | 69 if not tried_current_token then |
| 70 log("debug", "Trying next token..."); | 70 log("debug", "Trying next token..."); |
| 71 -- Try again with the current token instead | 71 -- Try again with the current token instead |
| 171 -- HT-* mechanisms | 171 -- HT-* mechanisms |
| 172 | 172 |
| 173 local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) | 173 local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) |
| 174 return function (sasl_handler, message) | 174 return function (sasl_handler, message) |
| 175 local backend = sasl_handler.profile[backend_profile_name]; | 175 local backend = sasl_handler.profile[backend_profile_name]; |
| 176 local username, token_hash = message:match("^([^%z]+)%z(.+)$"); | 176 local authc_username, token_hash = message:match("^([^%z]+)%z(.+)$"); |
| 177 if not username then | 177 if not authc_username then |
| 178 return "failure", "malformed-request"; | 178 return "failure", "malformed-request"; |
| 179 end | 179 end |
| 180 local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; | 180 local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; |
| 181 local ok, status, response, rotation_needed = backend( | 181 local ok, authz_username, response, rotation_needed = backend( |
| 182 mechanism_name, | 182 mechanism_name, |
| 183 username, | 183 authc_username, |
| 184 sasl_handler.client_id, | 184 sasl_handler.client_id, |
| 185 token_hash, | 185 token_hash, |
| 186 cb_data, | 186 cb_data, |
| 187 sasl_handler.invalidate | 187 sasl_handler.invalidate |
| 188 ); | 188 ); |
| 189 if not ok then | 189 if not ok then |
| 190 return "failure", status or "not-authorized"; | 190 -- authz_username is error condition |
| 191 end | 191 return "failure", authz_username or "not-authorized"; |
| 192 sasl_handler.username = status; | 192 end |
| 193 sasl_handler.username = authz_username; | |
| 193 sasl_handler.rotation_needed = rotation_needed; | 194 sasl_handler.rotation_needed = rotation_needed; |
| 194 return "success", response; | 195 return "success", response; |
| 195 end | 196 end |
| 196 end | 197 end |
| 197 | 198 |