X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl.lua;h=b91e29a6cd51c4c8da4b54e8e4fec318f4c20488;hb=e1e1bd2dfa385b1003eb6ccbabda639ecb99114e;hp=cd0a1d64233ddf83dab855abc0ce17466590198f;hpb=5253872b6349f75f9937175731263b724050c8b2;p=prosody.git

diff --git a/util/sasl.lua b/util/sasl.lua
index cd0a1d64..b91e29a6 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -44,13 +44,21 @@ local method = {};
 method.__index = method;
 local mechanisms = {};
 local backend_mechanism = {};
+local mechanism_channelbindings = {};
 
 -- register a new SASL mechanims
-local function registerMechanism(name, backends, f)
+function registerMechanism(name, backends, f, cb_backends)
 	assert(type(name) == "string", "Parameter name MUST be a string.");
 	assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table.");
 	assert(type(f) == "function", "Parameter f MUST be a function.");
+	if cb_backends then assert(type(cb_backends) == "table"); end
 	mechanisms[name] = f
+	if cb_backends then
+		mechanism_channelbindings[name] = {};
+		for _, cb_name in ipairs(cb_backends) do
+			mechanism_channelbindings[name][cb_name] = true;
+		end
+	end
 	for _, backend_name in ipairs(backends) do
 		if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end
 		t_insert(backend_mechanism[backend_name], name);
@@ -59,13 +67,17 @@ end
 
 -- create a new SASL object which can be used to authenticate clients
 function new(realm, profile)
-	local mechanisms = {};
-	for backend, f in pairs(profile) do
-		if backend_mechanism[backend] then
-			for _, mechanism in ipairs(backend_mechanism[backend]) do
-				mechanisms[mechanism] = true;
+	local mechanisms = profile.mechanisms;
+	if not mechanisms then
+		mechanisms = {};
+		for backend, f in pairs(profile) do
+			if backend_mechanism[backend] then
+				for _, mechanism in ipairs(backend_mechanism[backend]) do
+					mechanisms[mechanism] = true;
+				end
 			end
 		end
+		profile.mechanisms = mechanisms;
 	end
 	return setmetatable({ profile = profile, realm = realm, mechs = mechanisms }, method);
 end
@@ -86,7 +98,23 @@ end
 
 -- get a list of possible SASL mechanims to use
 function method:mechanisms()
-	return self.mechs;
+	local current_mechs = {};
+	for mech, _ in pairs(self.mechs) do
+		if mechanism_channelbindings[mech] then
+			if self.profile.cb then
+				local ok = false;
+				for cb_name, _ in pairs(self.profile.cb) do
+					if mechanism_channelbindings[mech][cb_name] then
+						ok = true;
+					end
+				end
+				if ok == true then current_mechs[mech] = true; end
+			end
+		else
+			current_mechs[mech] = true;
+		end
+	end
+	return current_mechs;
 end
 
 -- select a mechanism to use
@@ -108,5 +136,6 @@ require "util.sasl.plain"     .init(registerMechanism);
 require "util.sasl.digest-md5".init(registerMechanism);
 require "util.sasl.anonymous" .init(registerMechanism);
 require "util.sasl.scram"     .init(registerMechanism);
+require "util.sasl.external"  .init(registerMechanism);
 
 return _M;