# HG changeset patch # User Matthew Wild # Date 1665859375 -3600 # Node ID bc983da908e6dd1a2b0f3d1f4367251d42f9f5f5 # Parent 5cc6f37493766683f6bff5fed0983dcb0de07065 mod_sasl2_fast: Take username from SASL exchange rather than stream@from diff -r 5cc6f3749376 -r bc983da908e6 mod_sasl2_fast/mod_sasl2_fast.lua --- a/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 15 19:41:33 2022 +0100 +++ b/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 15 19:42:55 2022 +0100 @@ -29,8 +29,8 @@ return token_info; end -local function new_token_tester(username, hmac_f) - return function (mechanism, client_id, token_hash, cb_data) +local function new_token_tester(hmac_f) + return function (mechanism, username, client_id, token_hash, cb_data) local tried_current_token = false; local key = hash.sha256(client_id, true).."-new"; local token; @@ -64,9 +64,9 @@ end end -function get_sasl_handler(username) +function get_sasl_handler() local token_auth_profile = { - ht_sha_256 = new_token_tester(username, hash.hmac_sha256); + ht_sha_256 = new_token_tester(hash.hmac_sha256); token_test = function (_, client_id, token, mech_name, counter) --luacheck: ignore return false; -- FIXME end; @@ -163,10 +163,16 @@ local function new_ht_mechanism(mechanism_name, backend_profile_name, cb_name) return function (sasl_handler, message) local backend = sasl_handler.profile[backend_profile_name]; - local ok, status, response = backend(mechanism_name, sasl_handler._client_id, message, cb_name and sasl_handler.profile.cb[cb_name] or ""); + local username, token_hash = message:match("^([^%z]+)%z(.+)$"); + if not username then + return "failure", "malformed-request"; + end + local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; + local ok, status, response = backend(mechanism_name, username, sasl_handler.profile._client_id, token_hash, cb_data); if not ok then return "failure", status or "not-authorized"; end + sasl_handler.username = status; return "success", response; end end