aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--util/sasl.lua9
-rw-r--r--util/sasl/digest-md5.lua6
-rw-r--r--util/sasl/scram.lua4
3 files changed, 8 insertions, 11 deletions
diff --git a/util/sasl.lua b/util/sasl.lua
index e3ae8087..9c8fff78 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -83,10 +83,11 @@ end
-- create a new SASL object which can be used to authenticate clients
function new(realm, profile, forbidden)
- sasl_i = {profile = profile};
+ local sasl_i = {profile = profile};
sasl_i.realm = realm;
- s = setmetatable(sasl_i, method);
- s:forbidden(sasl_i, forbidden)
+ local s = setmetatable(sasl_i, method);
+ if forbidden == nil then forbidden = {} end
+ s:forbidden(forbidden)
return s;
end
@@ -112,7 +113,7 @@ function method:mechanisms()
for backend, f in pairs(self.profile) do
if backend_mechanism[backend] then
for _, mechanism in ipairs(backend_mechanism[backend]) do
- if not sasl_i.restrict:contains(mechanism) then
+ if not self.restrict:contains(mechanism) then
mechanisms[mechanism] = true;
end
end
diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua
index f8e0e393..a14e875b 100644
--- a/util/sasl/digest-md5.lua
+++ b/util/sasl/digest-md5.lua
@@ -28,10 +28,6 @@ module "digest-md5"
--=========================
--SASL DIGEST-MD5 according to RFC 2831
-local function digest_response()
-
- return response, A1, A2
-end
local function digest(self, message)
--TODO complete support for authzid
@@ -174,7 +170,7 @@ local function digest(self, message)
local password, state = self.profile.plain(response["username"], self.realm)
if state == nil then return "failure", "not-authorized"
elseif state == false then return "failure", "account-disabled" end
- Y = md5(response["username"]..":"..response["realm"]..":"..password);
+ local Y = md5(response["username"]..":"..response["realm"]..":"..password);
elseif self.profile["digest-md5"] then
local Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"])
if state == nil then return "failure", "not-authorized"
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 4413e2a6..1e9c6f7d 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -54,7 +54,7 @@ local function Hi(hmac, str, salt, i)
local Ust = hmac(str, salt.."\0\0\0\1");
local res = Ust;
for n=1,i-1 do
- Und = hmac(str, Ust)
+ local Und = hmac(str, Ust)
res = binaryXOR(res, Und)
Ust = Und
end
@@ -118,7 +118,7 @@ local function scram_sha_1(self, message)
local password;
if self.profile.plain then
- password, state = self.profile.plain(self.state.name, self.realm)
+ local password, state = self.profile.plain(self.state.name, self.realm)
if state == nil then return "failure", "not-authorized"
elseif state == false then return "failure", "account-disabled" end
password = saslprep(password);