mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-06 22:57:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

util.sasl.{scram,plain}: Pass authzid to SASL profile callback

Browse source 
For potential future use.

Used for logging into a different account than the one used for
authentication.
This commit is contained in:
Kim Alvefur 2023-03-16 13:57:30 +01:00
parent f23ad827a3
commit c11d121c06
2 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
util/sasl/plain.lua
View file

@ -69,10 +69,10 @@ local function plain(self, message)
local correct, state = false, false; local correct, state = false, false;
if self.profile.plain then if self.profile.plain then
local correct_password; local correct_password;
correct_password, state = self.profile.plain(self, authentication, self.realm); correct_password, state = self.profile.plain(self, authentication, self.realm, authorization);
correct = (saslprep(correct_password) == password); correct = (saslprep(correct_password) == password);
elseif self.profile.plain_test then elseif self.profile.plain_test then
correct, state = self.profile.plain_test(self, authentication, password, self.realm); correct, state = self.profile.plain_test(self, authentication, password, self.realm, authorization);
end end
if state == false then if state == false then

5
util/sasl/scram.lua
View file

@ -101,7 +101,6 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
local client_first_message = message; local client_first_message = message;
-- TODO: fail if authzid is provided, since we don't support them yet -- TODO: fail if authzid is provided, since we don't support them yet
-- luacheck: ignore 211/authzid
local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce
= s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$"); = s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
@ -144,7 +143,7 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
-- retrieve credentials -- retrieve credentials
local stored_key, server_key, salt, iteration_count; local stored_key, server_key, salt, iteration_count;
if self.profile.plain then if self.profile.plain then
local password, status = self.profile.plain(self, username, self.realm) local password, status = self.profile.plain(self, username, self.realm, authzid)
if status == nil then return "failure", "not-authorized" if status == nil then return "failure", "not-authorized"
elseif status == false then return "failure", "account-disabled" end elseif status == false then return "failure", "account-disabled" end
@ -165,7 +164,7 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
end end
elseif self.profile[profile_name] then elseif self.profile[profile_name] then
local status; local status;
stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm); stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm, authzid);
if status == nil then return "failure", "not-authorized" if status == nil then return "failure", "not-authorized"
elseif status == false then return "failure", "account-disabled" end elseif status == false then return "failure", "account-disabled" end
end end