local md5 = require "util.hashes".md5;
local log = require "util.logger".init("sasl");
-local tostring = tostring;
local st = require "util.stanza";
+local set = require "util.set";
+local array = require "util.array";
+local to_unicode = require "util.encodings".idna.to_unicode;
+
+local tostring = tostring;
local pairs, ipairs = pairs, ipairs;
local t_insert, t_concat = table.insert, table.concat;
-local to_unicode = require "util.encodings".idna.to_unicode;
local s_match = string.match;
-local gmatch = string.gmatch
-local string = string
-local math = require "math"
local type = type
local error = error
-local print = print
local setmetatable = setmetatable;
local assert = assert;
-local dofile = dofile;
local require = require;
require "util.iterators"
end
-- create a new SASL object which can be used to authenticate clients
-function new(realm, profile)
+function new(realm, profile, forbidden)
sasl_i = {profile = profile};
sasl_i.realm = realm;
- return setmetatable(sasl_i, method);
+ s = setmetatable(sasl_i, method);
+ s:forbidden(sasl_i, forbidden)
+ return s;
+end
+
+-- set the forbidden mechanisms
+function method:forbidden( restrict )
+ if restrict then
+ -- set forbidden
+ self.restrict = set.new(restrict);
+ else
+ -- get forbidden
+ return array.collect(self.restrict:items());
+ end
end
-- get a list of possible SASL mechanims to use
function method:mechanisms()
local mechanisms = {}
for backend, f in pairs(self.profile) do
- print(backend)
if backend_mechanism[backend] then
for _, mechanism in ipairs(backend_mechanism[backend]) do
- mechanisms[mechanism] = true;
+ if not sasl_i.restrict:contains(mechanism) then
+ mechanisms[mechanism] = true;
+ end
end
end
end
end
-- load the mechanisms
-load_mechs = {"plain", "digest-md5"}
+load_mechs = {"plain", "digest-md5", "anonymous", "scram"}
for _, mech in ipairs(load_mechs) do
local name = "util.sasl."..mech;
local m = require(name);