diff options
| author | Kim Alvefur <zash@zash.se> | 2023-03-16 13:57:30 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2023-03-16 13:57:30 +0100 |
| commit | c11d121c0635f44404e9f3e784190e898609b876 (patch) | |
| tree | 296742495d49f41d8ca3378167bc713f4087a767 /util | |
| parent | f23ad827a3db94b4f00c6377b082eefb15ffc167 (diff) | |
| download | prosody-c11d121c0635f44404e9f3e784190e898609b876.tar.gz prosody-c11d121c0635f44404e9f3e784190e898609b876.zip | |
util.sasl.{scram,plain}: Pass authzid to SASL profile callback
For potential future use.
Used for logging into a different account than the one used for
authentication.
Diffstat (limited to 'util')
| -rw-r--r-- | util/sasl/plain.lua | 4 | ||||
| -rw-r--r-- | util/sasl/scram.lua | 5 |
2 files changed, 4 insertions, 5 deletions
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index 43a66c5b..9b0341e6 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -69,10 +69,10 @@ local function plain(self, message) local correct, state = false, false; if self.profile.plain then local correct_password; - correct_password, state = self.profile.plain(self, authentication, self.realm); + correct_password, state = self.profile.plain(self, authentication, self.realm, authorization); correct = (saslprep(correct_password) == password); elseif self.profile.plain_test then - correct, state = self.profile.plain_test(self, authentication, password, self.realm); + correct, state = self.profile.plain_test(self, authentication, password, self.realm, authorization); end if state == false then diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 3a751ebc..e5ca84a0 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -101,7 +101,6 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb) local client_first_message = message; -- TODO: fail if authzid is provided, since we don't support them yet - -- luacheck: ignore 211/authzid local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce = s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$"); @@ -144,7 +143,7 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb) -- retrieve credentials local stored_key, server_key, salt, iteration_count; if self.profile.plain then - local password, status = self.profile.plain(self, username, self.realm) + local password, status = self.profile.plain(self, username, self.realm, authzid) if status == nil then return "failure", "not-authorized" elseif status == false then return "failure", "account-disabled" end @@ -165,7 +164,7 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb) end elseif self.profile[profile_name] then local status; - stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm); + stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm, authzid); if status == nil then return "failure", "not-authorized" elseif status == false then return "failure", "account-disabled" end end |