diff options
author | Matthew Wild <mwild1@gmail.com> | 2014-04-02 17:41:38 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2014-04-02 17:41:38 +0100 |
commit | da820882348572de470a13a1a50f529a51243aa5 (patch) | |
tree | 39ca42dddf3935546a0c3c37b2e2456a554899f1 /util/sasl.lua | |
parent | 618661cda2a68afbe445ce079c15af25bdaa177b (diff) | |
parent | f7d4b04bf17c8b634eae00e814a995a88c5ba6cb (diff) | |
download | prosody-da820882348572de470a13a1a50f529a51243aa5.tar.gz prosody-da820882348572de470a13a1a50f529a51243aa5.zip |
Merge 0.9->0.10
Diffstat (limited to 'util/sasl.lua')
-rw-r--r-- | util/sasl.lua | 49 |
1 files changed, 47 insertions, 2 deletions
diff --git a/util/sasl.lua b/util/sasl.lua index afb3861b..b91e29a6 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -27,19 +27,38 @@ Authentication Backend Prototypes: state = false : disabled state = true : enabled state = nil : non-existant + +Channel Binding: + +To enable support of channel binding in some mechanisms you need to provide appropriate callbacks in a table +at profile.cb. + +Example: + profile.cb["tls-unique"] = function(self) + return self.user + end + ]] local method = {}; method.__index = method; local mechanisms = {}; local backend_mechanism = {}; +local mechanism_channelbindings = {}; -- register a new SASL mechanims -function registerMechanism(name, backends, f) +function registerMechanism(name, backends, f, cb_backends) assert(type(name) == "string", "Parameter name MUST be a string."); assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table."); assert(type(f) == "function", "Parameter f MUST be a function."); + if cb_backends then assert(type(cb_backends) == "table"); end mechanisms[name] = f + if cb_backends then + mechanism_channelbindings[name] = {}; + for _, cb_name in ipairs(cb_backends) do + mechanism_channelbindings[name][cb_name] = true; + end + end for _, backend_name in ipairs(backends) do if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end t_insert(backend_mechanism[backend_name], name); @@ -63,6 +82,15 @@ function new(realm, profile) return setmetatable({ profile = profile, realm = realm, mechs = mechanisms }, method); end +-- add a channel binding handler +function method:add_cb_handler(name, f) + if type(self.profile.cb) ~= "table" then + self.profile.cb = {}; + end + self.profile.cb[name] = f; + return self; +end + -- get a fresh clone with the same realm and profile function method:clean_clone() return new(self.realm, self.profile) @@ -70,7 +98,23 @@ end -- get a list of possible SASL mechanims to use function method:mechanisms() - return self.mechs; + local current_mechs = {}; + for mech, _ in pairs(self.mechs) do + if mechanism_channelbindings[mech] then + if self.profile.cb then + local ok = false; + for cb_name, _ in pairs(self.profile.cb) do + if mechanism_channelbindings[mech][cb_name] then + ok = true; + end + end + if ok == true then current_mechs[mech] = true; end + end + else + current_mechs[mech] = true; + end + end + return current_mechs; end -- select a mechanism to use @@ -92,5 +136,6 @@ require "util.sasl.plain" .init(registerMechanism); require "util.sasl.digest-md5".init(registerMechanism); require "util.sasl.anonymous" .init(registerMechanism); require "util.sasl.scram" .init(registerMechanism); +require "util.sasl.external" .init(registerMechanism); return _M; |