diff options
| author | Tobias Markmann <tm@ayena.de> | 2011-01-15 17:59:15 +0100 |
|---|---|---|
| committer | Tobias Markmann <tm@ayena.de> | 2011-01-15 17:59:15 +0100 |
| commit | 1e72875d5263b9478b257b27a3784dcd7fc4dcc3 (patch) | |
| tree | c9965ea1157433946f3999babd24aa32cbe37d0f | |
| parent | b73cbae8a5e49f7f3300e7c028e570ad8a58e46d (diff) | |
| download | prosody-1e72875d5263b9478b257b27a3784dcd7fc4dcc3.tar.gz prosody-1e72875d5263b9478b257b27a3784dcd7fc4dcc3.zip | |
Check whether we support the proposed channel binding type.
| -rw-r--r-- | util/sasl.lua | 11 | ||||
| -rw-r--r-- | util/sasl/scram.lua | 5 |
2 files changed, 16 insertions, 0 deletions
diff --git a/util/sasl.lua b/util/sasl.lua index 93b79a86..37a234c9 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -27,6 +27,17 @@ Authentication Backend Prototypes: state = false : disabled state = true : enabled state = nil : non-existant + +Channel Binding: + +To enable support of channel binding in some mechanisms you need to provide appropriate callbacks in a table +at profile.cb. + +Example: + profile.cb["tls-unique"] = function(self) + return self.user + end + ]] local method = {}; diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index fbe3547b..76e9c152 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -137,6 +137,11 @@ local function scram_gen(hash_name, H_f, HMAC_f) if string.sub(self.state.gs2_cbind_flag, 0, 1) == "y" then return "failure", "malformed-request"; end + + -- check whether we support the proposed channel binding type + if not self.profile.cb[self.state.gs2_cbind_name] then + return "failure", "malformed-request", "Proposed channel binding type isn't supported."; + end else if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then return "failure", "malformed-request"; |