Merge with Tobias

3 files changed, 8 insertions, 11 deletions

diff --git a/util/sasl.lua b/util/sasl.lua
index e3ae8087..9c8fff78 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -83,10 +83,11 @@ end
 
 -- create a new SASL object which can be used to authenticate clients
 function new(realm, profile, forbidden)
-	sasl_i = {profile = profile};
+	local sasl_i = {profile = profile};
 	sasl_i.realm = realm;
-	s = setmetatable(sasl_i, method);
-	s:forbidden(sasl_i, forbidden)
+	local s = setmetatable(sasl_i, method);
+	if forbidden == nil then forbidden = {} end
+	s:forbidden(forbidden)
 	return s;
 end
 
@@ -112,7 +113,7 @@ function method:mechanisms()
 	for backend, f in pairs(self.profile) do
 		if backend_mechanism[backend] then
 			for _, mechanism in ipairs(backend_mechanism[backend]) do
-				if not sasl_i.restrict:contains(mechanism) then
+				if not self.restrict:contains(mechanism) then
 					mechanisms[mechanism] = true;
 				end
 			end
diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua
index f8e0e393..a14e875b 100644
--- a/util/sasl/digest-md5.lua
+++ b/util/sasl/digest-md5.lua
@@ -28,10 +28,6 @@ module "digest-md5"
 
 --=========================
 --SASL DIGEST-MD5 according to RFC 2831
-local function digest_response()
-	
-	return response, A1, A2
-end
 
 local function digest(self, message)
 	--TODO complete support for authzid
@@ -174,7 +170,7 @@ local function digest(self, message)
 			local password, state = self.profile.plain(response["username"], self.realm)
 			if state == nil then return "failure", "not-authorized"
 			elseif state == false then return "failure", "account-disabled" end
-			Y = md5(response["username"]..":"..response["realm"]..":"..password);
+			local Y = md5(response["username"]..":"..response["realm"]..":"..password);
 		elseif self.profile["digest-md5"] then
 			local Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"])
 			if state == nil then return "failure", "not-authorized"
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 4413e2a6..1e9c6f7d 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -54,7 +54,7 @@ local function Hi(hmac, str, salt, i)
 	local Ust = hmac(str, salt.."\0\0\0\1");
 	local res = Ust;	
 	for n=1,i-1 do
-		Und = hmac(str, Ust)
+		local Und = hmac(str, Ust)
 		res = binaryXOR(res, Und)
 		Ust = Und
 	end
@@ -118,7 +118,7 @@ local function scram_sha_1(self, message)
 		
 		local password;
 		if self.profile.plain then
-			password, state = self.profile.plain(self.state.name, self.realm)
+			local password, state = self.profile.plain(self.state.name, self.realm)
 			if state == nil then return "failure", "not-authorized"
 			elseif state == false then return "failure", "account-disabled" end
 			password = saslprep(password);