aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-03-16 13:57:30 +0100
committerKim Alvefur <zash@zash.se>2023-03-16 13:57:30 +0100
commitc11d121c0635f44404e9f3e784190e898609b876 (patch)
tree296742495d49f41d8ca3378167bc713f4087a767
parentf23ad827a3db94b4f00c6377b082eefb15ffc167 (diff)
downloadprosody-c11d121c0635f44404e9f3e784190e898609b876.tar.gz
prosody-c11d121c0635f44404e9f3e784190e898609b876.zip
util.sasl.{scram,plain}: Pass authzid to SASL profile callback
For potential future use. Used for logging into a different account than the one used for authentication.
-rw-r--r--util/sasl/plain.lua4
-rw-r--r--util/sasl/scram.lua5
2 files changed, 4 insertions, 5 deletions
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index 43a66c5b..9b0341e6 100644
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -69,10 +69,10 @@ local function plain(self, message)
local correct, state = false, false;
if self.profile.plain then
local correct_password;
- correct_password, state = self.profile.plain(self, authentication, self.realm);
+ correct_password, state = self.profile.plain(self, authentication, self.realm, authorization);
correct = (saslprep(correct_password) == password);
elseif self.profile.plain_test then
- correct, state = self.profile.plain_test(self, authentication, password, self.realm);
+ correct, state = self.profile.plain_test(self, authentication, password, self.realm, authorization);
end
if state == false then
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 3a751ebc..e5ca84a0 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -101,7 +101,6 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
local client_first_message = message;
-- TODO: fail if authzid is provided, since we don't support them yet
- -- luacheck: ignore 211/authzid
local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce
= s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
@@ -144,7 +143,7 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
-- retrieve credentials
local stored_key, server_key, salt, iteration_count;
if self.profile.plain then
- local password, status = self.profile.plain(self, username, self.realm)
+ local password, status = self.profile.plain(self, username, self.realm, authzid)
if status == nil then return "failure", "not-authorized"
elseif status == false then return "failure", "account-disabled" end
@@ -165,7 +164,7 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
end
elseif self.profile[profile_name] then
local status;
- stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm);
+ stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm, authzid);
if status == nil then return "failure", "not-authorized"
elseif status == false then return "failure", "account-disabled" end
end