diff options
-rw-r--r-- | util/sasl.lua | 9 | ||||
-rw-r--r-- | util/sasl/digest-md5.lua | 6 | ||||
-rw-r--r-- | util/sasl/scram.lua | 4 |
3 files changed, 8 insertions, 11 deletions
diff --git a/util/sasl.lua b/util/sasl.lua index e3ae8087..9c8fff78 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -83,10 +83,11 @@ end -- create a new SASL object which can be used to authenticate clients function new(realm, profile, forbidden) - sasl_i = {profile = profile}; + local sasl_i = {profile = profile}; sasl_i.realm = realm; - s = setmetatable(sasl_i, method); - s:forbidden(sasl_i, forbidden) + local s = setmetatable(sasl_i, method); + if forbidden == nil then forbidden = {} end + s:forbidden(forbidden) return s; end @@ -112,7 +113,7 @@ function method:mechanisms() for backend, f in pairs(self.profile) do if backend_mechanism[backend] then for _, mechanism in ipairs(backend_mechanism[backend]) do - if not sasl_i.restrict:contains(mechanism) then + if not self.restrict:contains(mechanism) then mechanisms[mechanism] = true; end end diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua index f8e0e393..a14e875b 100644 --- a/util/sasl/digest-md5.lua +++ b/util/sasl/digest-md5.lua @@ -28,10 +28,6 @@ module "digest-md5" --========================= --SASL DIGEST-MD5 according to RFC 2831 -local function digest_response() - - return response, A1, A2 -end local function digest(self, message) --TODO complete support for authzid @@ -174,7 +170,7 @@ local function digest(self, message) local password, state = self.profile.plain(response["username"], self.realm) if state == nil then return "failure", "not-authorized" elseif state == false then return "failure", "account-disabled" end - Y = md5(response["username"]..":"..response["realm"]..":"..password); + local Y = md5(response["username"]..":"..response["realm"]..":"..password); elseif self.profile["digest-md5"] then local Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"]) if state == nil then return "failure", "not-authorized" diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 4413e2a6..1e9c6f7d 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -54,7 +54,7 @@ local function Hi(hmac, str, salt, i) local Ust = hmac(str, salt.."\0\0\0\1"); local res = Ust; for n=1,i-1 do - Und = hmac(str, Ust) + local Und = hmac(str, Ust) res = binaryXOR(res, Und) Ust = Und end @@ -118,7 +118,7 @@ local function scram_sha_1(self, message) local password; if self.profile.plain then - password, state = self.profile.plain(self.state.name, self.realm) + local password, state = self.profile.plain(self.state.name, self.realm) if state == nil then return "failure", "not-authorized" elseif state == false then return "failure", "account-disabled" end password = saslprep(password); |