From 2519d3119c21701d6265bd1238becbdf30873909 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Wed, 18 Nov 2009 22:56:50 +0100 Subject: Enable restriction of supported mechanisms in the SASL library. --- util/sasl.lua | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'util') diff --git a/util/sasl.lua b/util/sasl.lua index 82fc1226..9df74c1b 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -16,6 +16,8 @@ local md5 = require "util.hashes".md5; local log = require "util.logger".init("sasl"); local tostring = tostring; local st = require "util.stanza"; +local set = require "util.set"; +local array = require "util.array"; local pairs, ipairs = pairs, ipairs; local t_insert, t_concat = table.insert, table.concat; local to_unicode = require "util.encodings".idna.to_unicode; @@ -84,20 +86,34 @@ local function registerMechanism(name, backends, f) end -- create a new SASL object which can be used to authenticate clients -function new(realm, profile) +function new(realm, profile, forbidden) sasl_i = {profile = profile}; sasl_i.realm = realm; - return setmetatable(sasl_i, method); + s = setmetatable(sasl_i, method); + s:forbidden(sasl_i, forbidden) + return s; +end + +-- set the forbidden mechanisms +function method:forbidden( forbidden ) + if forbidden then + -- set forbidden + self.forbidden = set.new(forbidden); + else + -- get forbidden + return array.collect(self.forbidden:items()); + end end -- get a list of possible SASL mechanims to use function method:mechanisms() local mechanisms = {} for backend, f in pairs(self.profile) do - print(backend) if backend_mechanism[backend] then for _, mechanism in ipairs(backend_mechanism[backend]) do - mechanisms[mechanism] = true; + if not sasl_i.forbidden:contains(mechanism) then + mechanisms[mechanism] = true; + end end end end -- cgit v1.2.3