From c11d121c0635f44404e9f3e784190e898609b876 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 16 Mar 2023 13:57:30 +0100
Subject: util.sasl.{scram,plain}: Pass authzid to SASL profile callback

For potential future use.

Used for logging into a different account than the one used for
authentication.
---
 util/sasl/plain.lua | 4 ++--
 util/sasl/scram.lua | 5 ++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index 43a66c5b..9b0341e6 100644
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -69,10 +69,10 @@ local function plain(self, message)
 	local correct, state = false, false;
 	if self.profile.plain then
 		local correct_password;
-		correct_password, state = self.profile.plain(self, authentication, self.realm);
+		correct_password, state = self.profile.plain(self, authentication, self.realm, authorization);
 		correct = (saslprep(correct_password) == password);
 	elseif self.profile.plain_test then
-		correct, state = self.profile.plain_test(self, authentication, password, self.realm);
+		correct, state = self.profile.plain_test(self, authentication, password, self.realm, authorization);
 	end
 
 	if state == false then
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 3a751ebc..e5ca84a0 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -101,7 +101,6 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
 			local client_first_message = message;
 
 			-- TODO: fail if authzid is provided, since we don't support them yet
-			-- luacheck: ignore 211/authzid
 			local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce
 				= s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
 
@@ -144,7 +143,7 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
 			-- retrieve credentials
 			local stored_key, server_key, salt, iteration_count;
 			if self.profile.plain then
-				local password, status = self.profile.plain(self, username, self.realm)
+				local password, status = self.profile.plain(self, username, self.realm, authzid)
 				if status == nil then return "failure", "not-authorized"
 				elseif status == false then return "failure", "account-disabled" end
 
@@ -165,7 +164,7 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb)
 				end
 			elseif self.profile[profile_name] then
 				local status;
-				stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm);
+				stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm, authzid);
 				if status == nil then return "failure", "not-authorized"
 				elseif status == false then return "failure", "account-disabled" end
 			end
-- 
cgit v1.2.3