X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl.lua;h=9c8fff7804a28edd6b7e4e430b846d3d23093696;hb=1acc8f231b80f3806f99ba20a7bd981cf5c85f63;hp=94ed3ac984afdc6645179582ba9023b5dbb613c7;hpb=1a0274c8ffb606a2fbf23056d1dcfc6adad329ea;p=prosody.git diff --git a/util/sasl.lua b/util/sasl.lua index 94ed3ac9..9c8fff78 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -14,22 +14,20 @@ local md5 = require "util.hashes".md5; local log = require "util.logger".init("sasl"); -local tostring = tostring; local st = require "util.stanza"; -local generate_uuid = require "util.uuid".generate; +local set = require "util.set"; +local array = require "util.array"; +local to_unicode = require "util.encodings".idna.to_unicode; + +local tostring = tostring; local pairs, ipairs = pairs, ipairs; local t_insert, t_concat = table.insert, table.concat; -local to_byte, to_char = string.byte, string.char; -local to_unicode = require "util.encodings".idna.to_unicode; local s_match = string.match; -local gmatch = string.gmatch -local string = string -local math = require "math" local type = type local error = error -local print = print local setmetatable = setmetatable; local assert = assert; +local require = require; require "util.iterators" local keys = keys @@ -40,6 +38,10 @@ module "sasl" --[[ Authentication Backend Prototypes: +state = false : disabled +state = true : enabled +state = nil : non-existant + plain: function(username, realm) return password, state; @@ -51,12 +53,13 @@ plain-test: end digest-md5: - function(username, realm, encoding) + function(username, domain, realm, encoding) -- domain and realm are usually the same; for some broken + -- implementations it's not return digesthash, state; end digest-md5-test: - function(username, realm, encoding, digesthash) + function(username, domain, realm, encoding, digesthash) return true or false, state; end ]] @@ -79,20 +82,40 @@ local function registerMechanism(name, backends, f) end -- create a new SASL object which can be used to authenticate clients -function new(realm, profile) - sasl_i = {profile = profile}; +function new(realm, profile, forbidden) + local sasl_i = {profile = profile}; sasl_i.realm = realm; - return setmetatable(sasl_i, method); + local s = setmetatable(sasl_i, method); + if forbidden == nil then forbidden = {} end + s:forbidden(forbidden) + return s; +end + +-- get a fresh clone with the same realm, profiles and forbidden mechanisms +function method:clean_clone() + return new(self.realm, self.profile, self:forbidden()) +end + +-- set the forbidden mechanisms +function method:forbidden( restrict ) + if restrict then + -- set forbidden + self.restrict = set.new(restrict); + else + -- get forbidden + return array.collect(self.restrict:items()); + end end -- get a list of possible SASL mechanims to use function method:mechanisms() local mechanisms = {} for backend, f in pairs(self.profile) do - print(backend) if backend_mechanism[backend] then for _, mechanism in ipairs(backend_mechanism[backend]) do - mechanisms[mechanism] = true; + if not self.restrict:contains(mechanism) then + mechanisms[mechanism] = true; + end end end end @@ -115,13 +138,16 @@ end -- feed new messages to process into the library function method:process(message) - if message == "" or message == nil then return "failure", "malformed-request" end + --if message == "" or message == nil then return "failure", "malformed-request" end return self.mech_i(self, message); end -- load the mechanisms -require "sasl.plain" -require "sasl.digest-md5" -require "sasl.scram" +load_mechs = {"plain", "digest-md5", "anonymous", "scram"} +for _, mech in ipairs(load_mechs) do + local name = "util.sasl."..mech; + local m = require(name); + m.init(registerMechanism) +end return _M;