aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2011-02-07 13:24:42 +0100
committerTobias Markmann <tm@ayena.de>2011-02-07 13:24:42 +0100
commit0a2715f365f2dc28c33933d486fecdb64daf7a89 (patch)
treee3a4d6d317f5efb5d7714e30abc01be35e8a4d2c
parentf575f1eb40aef2e7196badfe41d217b6f7fbf350 (diff)
downloadprosody-0a2715f365f2dc28c33933d486fecdb64daf7a89.tar.gz
prosody-0a2715f365f2dc28c33933d486fecdb64daf7a89.zip
Only advertise mechanisms needing channel binding if a channel binding backend is avaliable.
-rw-r--r--util/sasl.lua27
-rw-r--r--util/sasl/scram.lua2
2 files changed, 26 insertions, 3 deletions
diff --git a/util/sasl.lua b/util/sasl.lua
index cd0a1d64..393a0919 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -18,6 +18,7 @@ local type = type
local setmetatable = setmetatable;
local assert = assert;
local require = require;
+local print = print
module "sasl"
@@ -44,13 +45,21 @@ local method = {};
method.__index = method;
local mechanisms = {};
local backend_mechanism = {};
+local mechanism_channelbindings = {};
-- register a new SASL mechanims
-local function registerMechanism(name, backends, f)
+local function registerMechanism(name, backends, f, cb_backends)
assert(type(name) == "string", "Parameter name MUST be a string.");
assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table.");
assert(type(f) == "function", "Parameter f MUST be a function.");
+ if cb_backends then assert(type(cb_backends) == "table"); end
mechanisms[name] = f
+ if cb_backends then
+ mechanism_channelbindings[name] = {};
+ for _, cb_name in ipairs(cb_backends) do
+ mechanism_channelbindings[name][cb_name] = true;
+ end
+ end
for _, backend_name in ipairs(backends) do
if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end
t_insert(backend_mechanism[backend_name], name);
@@ -86,7 +95,21 @@ end
-- get a list of possible SASL mechanims to use
function method:mechanisms()
- return self.mechs;
+ local current_mechs = {};
+ for mech, _ in pairs(self.mechs) do
+ if mechanism_channelbindings[mech] and self.profile.cb then
+ local ok = false;
+ for cb_name, _ in pairs(self.profile.cb) do
+ if mechanism_channelbindings[mech][cb_name] then
+ ok = true;
+ end
+ end
+ if ok == true then current_mechs[mech] = true; end
+ else
+ current_mechs[mech] = true;
+ end
+ end
+ return current_mechs;
end
-- select a mechanism to use
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index ad26658b..071de505 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -249,7 +249,7 @@ function init(registerMechanism)
registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash));
-- register channel binding equivalent
- registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash));
+ registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash), {"tls-unique"});
end
registerSCRAMMechanism("SHA-1", sha1, hmac_sha1);