From e5a50872bb62aec41b74052c2f5b22fc777daca6 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 13 Jun 2013 18:20:49 +0200
Subject: util.sasl.external: Add SASL EXTERNAL mechanism

---
 util/sasl.lua          |  1 +
 util/sasl/external.lua | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 util/sasl/external.lua

diff --git a/util/sasl.lua b/util/sasl.lua
index afb3861b..d0da9435 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -92,5 +92,6 @@ require "util.sasl.plain"     .init(registerMechanism);
 require "util.sasl.digest-md5".init(registerMechanism);
 require "util.sasl.anonymous" .init(registerMechanism);
 require "util.sasl.scram"     .init(registerMechanism);
+require "util.sasl.external"  .init(registerMechanism);
 
 return _M;
diff --git a/util/sasl/external.lua b/util/sasl/external.lua
new file mode 100644
index 00000000..4c5c4343
--- /dev/null
+++ b/util/sasl/external.lua
@@ -0,0 +1,25 @@
+local saslprep = require "util.encodings".stringprep.saslprep;
+
+module "sasl.external"
+
+local function external(self, message)
+	message = saslprep(message);
+	local state
+	self.username, state = self.profile.external(message);
+
+	if state == false then
+		return "failure", "account-disabled";
+	elseif state == nil  then
+		return "failure", "not-authorized";
+	elseif state == "expired" then
+		return "false", "credentials-expired";
+	end
+
+	return "success";
+end
+
+function init(registerMechanism)
+	registerMechanism("EXTERNAL", {"external"}, external);
+end
+
+return _M;
-- 
cgit v1.2.3