X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl_cyrus.lua;h=b5b0e08d0a5adf1662075bf024fc93e85ced0c6a;hb=d1157fba90d49dfe56c340da082bc6a5ce19a8b3;hp=57c6ba3cbb3b68c3ad6d1ef9f1b75e123ad94011;hpb=90b69aa7a3a97f7fee8e6aebaa98ce3da359e7fc;p=prosody.git

diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua
index 57c6ba3c..b5b0e08d 100644
--- a/util/sasl_cyrus.lua
+++ b/util/sasl_cyrus.lua
@@ -39,7 +39,7 @@ local function init(service_name)
 		if st then
 			initialized = true;
 		else
-			log("error", "Failed to initialize CyrusSASL: %s", errmsg);
+			log("error", "Failed to initialize Cyrus SASL: %s", errmsg);
 		end
 	end
 end
@@ -52,11 +52,24 @@ function new(realm, service_name)
 
 	sasl_i.realm = realm;
 	sasl_i.service_name = service_name;
-	sasl_i.cyrus = cyrussasl.server_new(service_name, nil, nil, nil, nil)
-	if sasl_i.cyrus == 0 then
-		log("error", "got NULL return value from server_new")
+
+	local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil)
+	if st then
+		sasl_i.cyrus = ret;
+	else
+		log("error", "Creating SASL server connection failed: %s", ret);
 		return nil;
 	end
+
+	if cyrussasl.set_canon_cb then
+		local c14n_cb = function (user)
+			local node = s_match(user, "^([^@]+)");
+			log("debug", "Canonicalizing username %s to %s", user, node)
+			return node
+		end
+		cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb);
+	end
+
 	cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff)
 	local s = setmetatable(sasl_i, method);
 	return s;
@@ -69,7 +82,7 @@ end
 
 -- set the forbidden mechanisms
 function method:forbidden( restrict )
-	log("debug", "Called method:forbidden. NOT IMPLEMENTED.")
+	log("warn", "Called method:forbidden. NOT IMPLEMENTED.")
 	return {}
 end
 
@@ -87,6 +100,7 @@ end
 -- select a mechanism to use
 function method:select(mechanism)
 	self.mechanism = mechanism;
+	if not self.mechs then self:mechanisms(); end
 	return self.mechs[mechanism];
 end
 
@@ -109,16 +123,12 @@ function method:process(message)
 	   return "challenge", data
 	elseif (err == -4) then -- SASL_NOMECH
 	   log("debug", "SASL mechanism not available from remote end")
-	   return "failure", 
-	     "undefined-condition",
-	     "SASL mechanism not available"
+	   return "failure", "invalid-mechanism", "SASL mechanism not available"
 	elseif (err == -13) then -- SASL_BADAUTH
 	   return "failure", "not-authorized", cyrussasl.get_message( self.cyrus )
 	else
 	   log("debug", "Got SASL error condition %d", err)
-	   return "failure", 
-	     "undefined-condition",
-	     cyrussasl.get_message( self.cyrus )
+	   return "failure", "undefined-condition", cyrussasl.get_message( self.cyrus )
 	end
 end