diff options
author | Tobias Markmann <tm@ayena.de> | 2009-11-18 22:56:50 +0100 |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2009-11-18 22:56:50 +0100 |
commit | 2519d3119c21701d6265bd1238becbdf30873909 (patch) | |
tree | d97074b51ef49578ef2f8c9865dc805fa54df007 | |
parent | fd57560a965a70db6591a5847a12dc320c2cdf0f (diff) | |
download | prosody-2519d3119c21701d6265bd1238becbdf30873909.tar.gz prosody-2519d3119c21701d6265bd1238becbdf30873909.zip |
Enable restriction of supported mechanisms in the SASL library.
-rw-r--r-- | util/sasl.lua | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/util/sasl.lua b/util/sasl.lua index 82fc1226..9df74c1b 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -16,6 +16,8 @@ local md5 = require "util.hashes".md5; local log = require "util.logger".init("sasl"); local tostring = tostring; local st = require "util.stanza"; +local set = require "util.set"; +local array = require "util.array"; local pairs, ipairs = pairs, ipairs; local t_insert, t_concat = table.insert, table.concat; local to_unicode = require "util.encodings".idna.to_unicode; @@ -84,20 +86,34 @@ local function registerMechanism(name, backends, f) end -- create a new SASL object which can be used to authenticate clients -function new(realm, profile) +function new(realm, profile, forbidden) sasl_i = {profile = profile}; sasl_i.realm = realm; - return setmetatable(sasl_i, method); + s = setmetatable(sasl_i, method); + s:forbidden(sasl_i, forbidden) + return s; +end + +-- set the forbidden mechanisms +function method:forbidden( forbidden ) + if forbidden then + -- set forbidden + self.forbidden = set.new(forbidden); + else + -- get forbidden + return array.collect(self.forbidden:items()); + end end -- get a list of possible SASL mechanims to use function method:mechanisms() local mechanisms = {} for backend, f in pairs(self.profile) do - print(backend) if backend_mechanism[backend] then for _, mechanism in ipairs(backend_mechanism[backend]) do - mechanisms[mechanism] = true; + if not sasl_i.forbidden:contains(mechanism) then + mechanisms[mechanism] = true; + end end end end |