-- sasl.lua v0.4
--- Copyright (C) 2008-2009 Tobias Markmann
+-- Copyright (C) 2008-2010 Tobias Markmann
--
-- All rights reserved.
--
local md5 = require "util.hashes".md5;
local log = require "util.logger".init("sasl");
-local tostring = tostring;
local st = require "util.stanza";
local set = require "util.set";
local array = require "util.array";
+local to_unicode = require "util.encodings".idna.to_unicode;
+
+local tostring = tostring;
local pairs, ipairs = pairs, ipairs;
local t_insert, t_concat = table.insert, table.concat;
-local to_unicode = require "util.encodings".idna.to_unicode;
local s_match = string.match;
-local gmatch = string.gmatch
-local string = string
-local math = require "math"
local type = type
local error = error
-local print = print
local setmetatable = setmetatable;
local assert = assert;
-local dofile = dofile;
local require = require;
require "util.iterators"
state = false : disabled
state = true : enabled
state = nil : non-existant
-
-plain:
- function(username, realm)
- return password, state;
- end
-
-plain-test:
- function(username, realm, password)
- return true or false, state;
- end
-
-digest-md5:
- function(username, domain, realm, encoding) -- domain and realm are usually the same; for some broken
- -- implementations it's not
- return digesthash, state;
- end
-
-digest-md5-test:
- function(username, domain, realm, encoding, digesthash)
- return true or false, state;
- end
]]
local method = {};
-- create a new SASL object which can be used to authenticate clients
function new(realm, profile, forbidden)
- sasl_i = {profile = profile};
+ local sasl_i = {profile = profile};
sasl_i.realm = realm;
- s = setmetatable(sasl_i, method);
- s:forbidden(sasl_i, forbidden)
+ local s = setmetatable(sasl_i, method);
+ if forbidden == nil then forbidden = {} end
+ s:forbidden(forbidden)
return s;
end
+-- get a fresh clone with the same realm, profiles and forbidden mechanisms
+function method:clean_clone()
+ return new(self.realm, self.profile, self:forbidden())
+end
+
-- set the forbidden mechanisms
-function method:forbidden( forbidden )
- if forbidden then
+function method:forbidden( restrict )
+ if restrict then
-- set forbidden
- self.forbidden = set.new(forbidden);
+ self.restrict = set.new(restrict);
else
-- get forbidden
- return array.collect(self.forbidden:items());
+ return array.collect(self.restrict:items());
end
end
for backend, f in pairs(self.profile) do
if backend_mechanism[backend] then
for _, mechanism in ipairs(backend_mechanism[backend]) do
- if not sasl_i.forbidden:contains(mechanism) then
+ if not self.restrict:contains(mechanism) then
mechanisms[mechanism] = true;
end
end
return false;
end
- self.mech_i = mechanisms[mechanism]
- if self.mech_i == nil then
- return false;
- end
- return true;
+ self.mech_i = mechanisms[mechanism];
+ return (self.mech_i ~= nil);
end
-- feed new messages to process into the library
end
-- load the mechanisms
-load_mechs = {"plain", "digest-md5", "anonymous", "scram"}
+local load_mechs = {"plain", "digest-md5", "anonymous", "scram"}
for _, mech in ipairs(load_mechs) do
local name = "util.sasl."..mech;
local m = require(name);