- function provider.get_sasl_handler()
- local testpass_authentication_profile = {
- plain_test = function(sasl, username, password, realm)
- local prepped_username = nodeprep(username);
- if not prepped_username then
- log("debug", "NODEprep failed on username: %s", username);
- return "", nil;
- end
- return usermanager.test_password(prepped_username, realm, password), true;
- end,
- scram_sha_1 = function(sasl, username, realm)
- local credentials = datamanager.load(username, host, "accounts");
- if not credentials then return; end
- if credentials.password then
- usermanager.set_password(username, credentials.password, host);
- credentials = datamanager.load(username, host, "accounts");
- if not credentials then return; end
- end
-
- -- convert hexpass to stored_key and server_key
- -- COMPAT w/old trunk: remove before 0.8 release
- if credentials.hashpass then
- local salted_password = from_hex(credentials.hashpass);
- credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key"), true);
- credentials.server_key = to_hex(hmac_sha1(salted_password, "Server Key"));
- credentials.hashpass = nil
- datamanager.store(username, host, "accounts", credentials);
- end
-
- local stored_key, server_key, iteration_count, salt = credentials.stored_key, credentials.server_key, credentials.iteration_count, credentials.salt;
- stored_key = stored_key and from_hex(stored_key);
- server_key = server_key and from_hex(server_key);
- return stored_key, server_key, iteration_count, salt, true;
- end
- };
- return new_sasl(module.host, testpass_authentication_profile);