function provider.get_sasl_handler()
local realm = module:get_option("sasl_realm") or module.host;
local anonymous_authentication_profile = {
- anonymous = function(username, realm)
+ anonymous = function(sasl, username, realm)
return true; -- for normal usage you should always return true here
end
};
function provider.get_sasl_handler()
local realm = module:get_option("sasl_realm") or module.host;
local testpass_authentication_profile = {
- plain_test = function(username, password, realm)
+ plain_test = function(sasl, username, password, realm)
local prepped_username = nodeprep(username);
if not prepped_username then
log("debug", "NODEprep failed on username: %s", username);
end
return usermanager.test_password(prepped_username, realm, password), true;
end,
- scram_sha_1 = function(username, realm)
+ scram_sha_1 = function(sasl, username, realm)
local credentials = datamanager.load(username, host, "accounts");
if not credentials then return; end
if credentials.password then
function provider.get_sasl_handler()
local realm = module:get_option("sasl_realm") or module.host;
local getpass_authentication_profile = {
- plain = function(username, realm)
+ plain = function(sasl, username, realm)
local prepped_username = nodeprep(username);
if not prepped_username then
log("debug", "NODEprep failed on username: %s", username);
local new_sasl = require "util.sasl".new;
local anonymous_authentication_profile = {
- anonymous = function(username, realm)
+ anonymous = function(sasl, username, realm)
return true; -- for normal usage you should always return true here
end
};
local username;
repeat
username = generate_uuid();
- until self.profile.anonymous(username, self.realm);
+ until self.profile.anonymous(self, username, self.realm);
self.username = username;
return "success"
end
self.username = response["username"];
local Y, state;
if self.profile.plain then
- local password, state = self.profile.plain(response["username"], self.realm)
+ local password, state = self.profile.plain(self, response["username"], self.realm)
if state == nil then return "failure", "not-authorized"
elseif state == false then return "failure", "account-disabled" end
Y = md5(response["username"]..":"..response["realm"]..":"..password);
elseif self.profile["digest-md5"] then
- Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"])
+ Y, state = self.profile["digest-md5"](self, response["username"], self.realm, response["realm"], response["charset"])
if state == nil then return "failure", "not-authorized"
elseif state == false then return "failure", "account-disabled" end
elseif self.profile["digest-md5-test"] then
local correct, state = false, false;
if self.profile.plain then
local correct_password;
- correct_password, state = self.profile.plain(authentication, self.realm);
+ correct_password, state = self.profile.plain(self, authentication, self.realm);
correct = (correct_password == password);
elseif self.profile.plain_test then
- correct, state = self.profile.plain_test(authentication, password, self.realm);
+ correct, state = self.profile.plain_test(self, authentication, password, self.realm);
end
self.username = authentication
-- retreive credentials
if self.profile.plain then
- local password, state = self.profile.plain(self.state.name, self.realm)
+ local password, state = self.profile.plain(self, self.state.name, self.realm)
if state == nil then return "failure", "not-authorized"
elseif state == false then return "failure", "account-disabled" end
return "failure", "temporary-auth-failure";
end
elseif self.profile["scram_"..hashprep(hash_name)] then
- local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
+ local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self, self.state.name, self.realm);
if state == nil then return "failure", "not-authorized"
elseif state == false then return "failure", "account-disabled" end