diff options
author | Tobias Markmann <tm@ayena.de> | 2011-02-07 13:24:42 +0100 |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2011-02-07 13:24:42 +0100 |
commit | 0a2715f365f2dc28c33933d486fecdb64daf7a89 (patch) | |
tree | e3a4d6d317f5efb5d7714e30abc01be35e8a4d2c | |
parent | f575f1eb40aef2e7196badfe41d217b6f7fbf350 (diff) | |
download | prosody-0a2715f365f2dc28c33933d486fecdb64daf7a89.tar.gz prosody-0a2715f365f2dc28c33933d486fecdb64daf7a89.zip |
Only advertise mechanisms needing channel binding if a channel binding backend is avaliable.
-rw-r--r-- | util/sasl.lua | 27 | ||||
-rw-r--r-- | util/sasl/scram.lua | 2 |
2 files changed, 26 insertions, 3 deletions
diff --git a/util/sasl.lua b/util/sasl.lua index cd0a1d64..393a0919 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -18,6 +18,7 @@ local type = type local setmetatable = setmetatable; local assert = assert; local require = require; +local print = print module "sasl" @@ -44,13 +45,21 @@ local method = {}; method.__index = method; local mechanisms = {}; local backend_mechanism = {}; +local mechanism_channelbindings = {}; -- register a new SASL mechanims -local function registerMechanism(name, backends, f) +local function registerMechanism(name, backends, f, cb_backends) assert(type(name) == "string", "Parameter name MUST be a string."); assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table."); assert(type(f) == "function", "Parameter f MUST be a function."); + if cb_backends then assert(type(cb_backends) == "table"); end mechanisms[name] = f + if cb_backends then + mechanism_channelbindings[name] = {}; + for _, cb_name in ipairs(cb_backends) do + mechanism_channelbindings[name][cb_name] = true; + end + end for _, backend_name in ipairs(backends) do if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end t_insert(backend_mechanism[backend_name], name); @@ -86,7 +95,21 @@ end -- get a list of possible SASL mechanims to use function method:mechanisms() - return self.mechs; + local current_mechs = {}; + for mech, _ in pairs(self.mechs) do + if mechanism_channelbindings[mech] and self.profile.cb then + local ok = false; + for cb_name, _ in pairs(self.profile.cb) do + if mechanism_channelbindings[mech][cb_name] then + ok = true; + end + end + if ok == true then current_mechs[mech] = true; end + else + current_mechs[mech] = true; + end + end + return current_mechs; end -- select a mechanism to use diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index ad26658b..071de505 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -249,7 +249,7 @@ function init(registerMechanism) registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash)); -- register channel binding equivalent - registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash)); + registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash), {"tls-unique"}); end registerSCRAMMechanism("SHA-1", sha1, hmac_sha1); |