Wed, 13 Jan 2010 00:03:22 +0000
mod_posix: Adjust file open mode depending on whether file exists (take that fopen designers!!!)
894 | 1 | -- sasl.lua v0.4 |
760
90ce865eebd8
Update copyright notices for 2009
Matthew Wild <mwild1@gmail.com>
parents:
702
diff
changeset
|
2 | -- Copyright (C) 2008-2009 Tobias Markmann |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
3 | -- |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
4 | -- All rights reserved. |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
5 | -- |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
6 | -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
7 | -- |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
8 | -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
9 | -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
10 | -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
11 | -- |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
12 | -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
13 | |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
14 | |
449
c0a4a1e63d70
Completely switched to new hashes library from the old md5 library
Waqas Hussain <waqas20@gmail.com>
parents:
405
diff
changeset
|
15 | local md5 = require "util.hashes".md5; |
38 | 16 | local log = require "util.logger".init("sasl"); |
17 | local tostring = tostring; | |
18 | local st = require "util.stanza"; | |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
19 | local generate_uuid = require "util.uuid".generate; |
504
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
20 | local t_insert, t_concat = table.insert, table.concat; |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
21 | local to_byte, to_char = string.byte, string.char; |
1485
fbefd16d2955
Move to-unicode conversion from mod_saslauth.lua to sasl.lua.
Tobias Markmann <tm@ayena.de>
parents:
1376
diff
changeset
|
22 | local to_unicode = require "util.encodings".idna.to_unicode; |
38 | 23 | local s_match = string.match; |
277
00c2fc751f50
Fixing some parsing and some other stuff.
Tobias Markmann <tm@ayena.de>
parents:
276
diff
changeset
|
24 | local gmatch = string.gmatch |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
25 | local string = string |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
26 | local math = require "math" |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
27 | local type = type |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
28 | local error = error |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
29 | local print = print |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
30 | |
38 | 31 | module "sasl" |
32 | ||
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
33 | -- Credentials handler: |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
34 | -- Arguments: ("PLAIN", user, host, password) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
35 | -- Returns: true (success) | false (fail) | nil (user unknown) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
36 | local function new_plain(realm, credentials_handler) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
37 | local object = { mechanism = "PLAIN", realm = realm, credentials_handler = credentials_handler} |
297
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
38 | function object.feed(self, message) |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
39 | if message == "" or message == nil then return "failure", "malformed-request" end |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
40 | local response = message |
1723
2145daff1a65
Allow ampersands in passwords for SASL PLAIN mechanism and fixing a typo.
Tobias Markmann <tm@ayena.de>
parents:
1722
diff
changeset
|
41 | local authorization = s_match(response, "([^%z]+)") |
2145daff1a65
Allow ampersands in passwords for SASL PLAIN mechanism and fixing a typo.
Tobias Markmann <tm@ayena.de>
parents:
1722
diff
changeset
|
42 | local authentication = s_match(response, "%z([^%z]+)%z") |
2145daff1a65
Allow ampersands in passwords for SASL PLAIN mechanism and fixing a typo.
Tobias Markmann <tm@ayena.de>
parents:
1722
diff
changeset
|
43 | local password = s_match(response, "%z[^%z]+%z([^%z]+)") |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
44 | |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
45 | if authentication == nil or password == nil then return "failure", "malformed-request" end |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
46 | self.username = authentication |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
47 | local auth_success = self.credentials_handler("PLAIN", self.username, self.realm, password) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
48 | |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
49 | if auth_success then |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
50 | return "success" |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
51 | elseif auth_success == nil then |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
52 | return "failure", "account-disabled" |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
53 | else |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
54 | return "failure", "not-authorized" |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
55 | end |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
56 | end |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
57 | return object |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
58 | end |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
59 | |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
60 | -- credentials_handler: |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
61 | -- Arguments: (mechanism, node, domain, realm, decoder) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
62 | -- Returns: Password encoding, (plaintext) password |
1158 | 63 | -- implementing RFC 2831 |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
64 | local function new_digest_md5(realm, credentials_handler) |
1158 | 65 | --TODO complete support for authzid |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
66 | |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
67 | local function serialize(message) |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
68 | local data = "" |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
69 | |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
70 | if type(message) ~= "table" then error("serialize needs an argument of type table.") end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
71 | |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
72 | -- testing all possible values |
1657
1fe566011e2b
Moving realm at the beginning of the digest-md5 message send by the server.
Tobias Markmann <tm@ayena.de>
parents:
1656
diff
changeset
|
73 | if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
74 | if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
75 | if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
76 | if message["charset"] then data = data..[[charset=]]..message.charset.."," end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
77 | if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
78 | if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
79 | data = data:gsub(",$", "") |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
80 | return data |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
81 | end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
82 | |
595
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
83 | local function utf8tolatin1ifpossible(passwd) |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
84 | local i = 1; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
85 | while i <= #passwd do |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
86 | local passwd_i = to_byte(passwd:sub(i, i)); |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
87 | if passwd_i > 0x7F then |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
88 | if passwd_i < 0xC0 or passwd_i > 0xC3 then |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
89 | return passwd; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
90 | end |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
91 | i = i + 1; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
92 | passwd_i = to_byte(passwd:sub(i, i)); |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
93 | if passwd_i < 0x80 or passwd_i > 0xBF then |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
94 | return passwd; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
95 | end |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
96 | end |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
97 | i = i + 1; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
98 | end |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
99 | |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
100 | local p = {}; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
101 | local j = 0; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
102 | i = 1; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
103 | while (i <= #passwd) do |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
104 | local passwd_i = to_byte(passwd:sub(i, i)); |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
105 | if passwd_i > 0x7F then |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
106 | i = i + 1; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
107 | local passwd_i_1 = to_byte(passwd:sub(i, i)); |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
108 | t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
109 | else |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
110 | t_insert(p, to_char(passwd_i)); |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
111 | end |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
112 | i = i + 1; |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
113 | end |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
114 | return t_concat(p); |
08ed4fa2f89d
Latin1 support for SASL DIGEST-MD5 (initial commit)
Waqas Hussain <waqas20@gmail.com>
parents:
529
diff
changeset
|
115 | end |
504
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
116 | local function latin1toutf8(str) |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
117 | local p = {}; |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
118 | for ch in gmatch(str, ".") do |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
119 | ch = to_byte(ch); |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
120 | if (ch < 0x80) then |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
121 | t_insert(p, to_char(ch)); |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
122 | elseif (ch < 0xC0) then |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
123 | t_insert(p, to_char(0xC2, ch)); |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
124 | else |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
125 | t_insert(p, to_char(0xC3, ch - 64)); |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
126 | end |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
127 | end |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
128 | return t_concat(p); |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
129 | end |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
130 | local function parse(data) |
1724
7682a34c13d0
util.sasl: Fix 2 global sets (one a tpyo)
Matthew Wild <mwild1@gmail.com>
parents:
1723
diff
changeset
|
131 | local message = {} |
2088
5a9dc066a388
util.sasl: Add COMPAT comment
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
132 | -- COMPAT: %z in the pattern to work around jwchat bug (sends "charset=utf-8\0") |
2083
47bfc69fb2d2
util.sasl: Added compatibility workaround for jwchat sending an encoded trailing '\0' in SASL responses.
Waqas Hussain <waqas20@gmail.com>
parents:
2080
diff
changeset
|
133 | for k, v in gmatch(data, [[([%w%-]+)="?([^",%z]*)"?,?]]) do -- FIXME The hacky regex makes me shudder |
1160 | 134 | message[k] = v; |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
135 | end |
1160 | 136 | return message; |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
137 | end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
138 | |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
139 | local object = { mechanism = "DIGEST-MD5", realm = realm, credentials_handler = credentials_handler}; |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
140 | |
1160 | 141 | object.nonce = generate_uuid(); |
142 | object.step = 0; | |
143 | object.nonce_count = {}; | |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
144 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
145 | function object.feed(self, message) |
1160 | 146 | self.step = self.step + 1; |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
147 | if (self.step == 1) then |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
148 | local challenge = serialize({ nonce = object.nonce, |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
149 | qop = "auth", |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
150 | charset = "utf-8", |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
151 | algorithm = "md5-sess", |
505
1b938e00412c
Remove that idn stuff for realm because it's either an ugly hack that the password_handler isn't ready for or something worse.
Tobias Markmann <tm@ayena.de>
parents:
496
diff
changeset
|
152 | realm = self.realm}); |
1160 | 153 | return "challenge", challenge; |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
154 | elseif (self.step == 2) then |
1160 | 155 | local response = parse(message); |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
156 | -- check for replay attack |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
157 | if response["nc"] then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
158 | if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
159 | end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
160 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
161 | -- check for username, it's REQUIRED by RFC 2831 |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
162 | if not response["username"] then |
1160 | 163 | return "failure", "malformed-request"; |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
164 | end |
1160 | 165 | self["username"] = response["username"]; |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
166 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
167 | -- check for nonce, ... |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
168 | if not response["nonce"] then |
1160 | 169 | return "failure", "malformed-request"; |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
170 | else |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
171 | -- check if it's the right nonce |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
172 | if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
173 | end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
174 | |
297
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
175 | if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
176 | if not response["qop"] then response["qop"] = "auth" end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
177 | |
702
d344860fdada
sasl: Set realm to be the current realm when the client didn't send a realm, or sent an empty one
Waqas Hussain <waqas20@gmail.com>
parents:
685
diff
changeset
|
178 | if response["realm"] == nil or response["realm"] == "" then |
1376
13587cf24435
Adjust PLAIN and DIGEST-MD5 mechanisms to new password_handler API.
Tobias Markmann <tm@ayena.de>
parents:
1374
diff
changeset
|
179 | response["realm"] = ""; |
702
d344860fdada
sasl: Set realm to be the current realm when the client didn't send a realm, or sent an empty one
Waqas Hussain <waqas20@gmail.com>
parents:
685
diff
changeset
|
180 | elseif response["realm"] ~= self.realm then |
602
a977227aa9e6
Return error when the given realm value does not match the sent realm value. Prevents impersonation of an account on one virtual host, but a user with the same username on another host.
Waqas Hussain <waqas20@gmail.com>
parents:
599
diff
changeset
|
181 | return "failure", "not-authorized", "Incorrect realm value"; |
a977227aa9e6
Return error when the given realm value does not match the sent realm value. Prevents impersonation of an account on one virtual host, but a user with the same username on another host.
Waqas Hussain <waqas20@gmail.com>
parents:
599
diff
changeset
|
182 | end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
183 | |
599
30655c5cc531
Latin1 support for SASL DIGEST-MD5 (second, and possibly final commit)
Waqas Hussain <waqas20@gmail.com>
parents:
595
diff
changeset
|
184 | local decoder; |
508
4fd60ae97535
Converting latin encoded responsed to utf-8 when needed.
Tobias Markmann <tm@ayena.de>
parents:
507
diff
changeset
|
185 | if response["charset"] == nil then |
599
30655c5cc531
Latin1 support for SASL DIGEST-MD5 (second, and possibly final commit)
Waqas Hussain <waqas20@gmail.com>
parents:
595
diff
changeset
|
186 | decoder = utf8tolatin1ifpossible; |
508
4fd60ae97535
Converting latin encoded responsed to utf-8 when needed.
Tobias Markmann <tm@ayena.de>
parents:
507
diff
changeset
|
187 | elseif response["charset"] ~= "utf-8" then |
1160 | 188 | return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8."; |
508
4fd60ae97535
Converting latin encoded responsed to utf-8 when needed.
Tobias Markmann <tm@ayena.de>
parents:
507
diff
changeset
|
189 | end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
190 | |
1160 | 191 | local domain = ""; |
192 | local protocol = ""; | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
193 | if response["digest-uri"] then |
1160 | 194 | protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$"); |
402
50f1c09541cd
Checking some variables for nil so no errors occur that'll break the server.
Tobias Markmann <tm@ayena.de>
parents:
401
diff
changeset
|
195 | if protocol == nil or domain == nil then return "failure", "malformed-request" end |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
196 | else |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
197 | return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
198 | end |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
199 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
200 | --TODO maybe realm support |
1160 | 201 | self.username = response["username"]; |
1656
cf9220a364cd
Fixing a SASL issue by always passing the realm from SASL framework init to the handlers.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
202 | local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder); |
405 | 203 | if Y == nil then return "failure", "not-authorized" |
404
4801dbeccc2a
Some changes to report more correct SASL failures. Support for disabled accounts.
Tobias Markmann <tm@ayena.de>
parents:
402
diff
changeset
|
204 | elseif Y == false then return "failure", "account-disabled" end |
1159
f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Tobias Markmann <tm@ayena.de>
parents:
1158
diff
changeset
|
205 | local A1 = ""; |
f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Tobias Markmann <tm@ayena.de>
parents:
1158
diff
changeset
|
206 | if response.authzid then |
2079
5334723fa24d
util.sasl: Allow authzid=username (for compatibility with Smack's non-compliant behavior).
Waqas Hussain <waqas20@gmail.com>
parents:
2078
diff
changeset
|
207 | if response.authzid == self.username or response.authzid == self.username.."@"..self.realm then |
1374 | 208 | -- COMPAT |
2080
ca419b92a8c7
util.sasl: Improved a log message.
Waqas Hussain <waqas20@gmail.com>
parents:
2079
diff
changeset
|
209 | log("warn", "Client is violating RFC 3920 (section 6.1, point 7)."); |
1159
f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Tobias Markmann <tm@ayena.de>
parents:
1158
diff
changeset
|
210 | A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; |
f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Tobias Markmann <tm@ayena.de>
parents:
1158
diff
changeset
|
211 | else |
2078
a5f154548154
util.sasl: Return proper error when client provides authzid.
Waqas Hussain <waqas20@gmail.com>
parents:
1725
diff
changeset
|
212 | return "failure", "invalid-authzid"; |
1159
f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Tobias Markmann <tm@ayena.de>
parents:
1158
diff
changeset
|
213 | end |
f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Tobias Markmann <tm@ayena.de>
parents:
1158
diff
changeset
|
214 | else |
f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Tobias Markmann <tm@ayena.de>
parents:
1158
diff
changeset
|
215 | A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; |
f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Tobias Markmann <tm@ayena.de>
parents:
1158
diff
changeset
|
216 | end |
603
423fd24fff54
Removed the unnecessary idna.to_ascii applied to the DIGEST-MD5 disgest-uri response values, which was causing auth failures with some clients.
Waqas Hussain <waqas20@gmail.com>
parents:
602
diff
changeset
|
217 | local A2 = "AUTHENTICATE:"..protocol.."/"..domain; |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
218 | |
1160 | 219 | local HA1 = md5(A1, true); |
220 | local HA2 = md5(A2, true); | |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
221 | |
1160 | 222 | local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2; |
223 | local response_value = md5(KD, true); | |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
224 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
225 | if response_value == response["response"] then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
226 | -- calculate rspauth |
603
423fd24fff54
Removed the unnecessary idna.to_ascii applied to the DIGEST-MD5 disgest-uri response values, which was causing auth failures with some clients.
Waqas Hussain <waqas20@gmail.com>
parents:
602
diff
changeset
|
227 | A2 = ":"..protocol.."/"..domain; |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
228 | |
1160 | 229 | HA1 = md5(A1, true); |
230 | HA2 = md5(A2, true); | |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
231 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
232 | KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
1160 | 233 | local rspauth = md5(KD, true); |
234 | self.authenticated = true; | |
235 | return "challenge", serialize({rspauth = rspauth}); | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
236 | else |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
237 | return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated." |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
238 | end |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
239 | elseif self.step == 3 then |
297
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
240 | if self.authenticated ~= nil then return "success" |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
241 | else return "failure", "malformed-request" end |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
242 | end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
243 | end |
1160 | 244 | return object; |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
245 | end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
246 | |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
247 | -- Credentials handler: Can be nil. If specified, should take the mechanism as |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
248 | -- the only argument, and return true for OK, or false for not-OK (TODO) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
249 | local function new_anonymous(realm, credentials_handler) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
250 | local object = { mechanism = "ANONYMOUS", realm = realm, credentials_handler = credentials_handler} |
799
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
251 | function object.feed(self, message) |
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
252 | return "success" |
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
253 | end |
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
254 | object["username"] = generate_uuid() |
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
255 | return object |
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
256 | end |
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
257 | |
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
258 | |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
259 | function new(mechanism, realm, credentials_handler) |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
260 | local object |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
261 | if mechanism == "PLAIN" then object = new_plain(realm, credentials_handler) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
262 | elseif mechanism == "DIGEST-MD5" then object = new_digest_md5(realm, credentials_handler) |
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
263 | elseif mechanism == "ANONYMOUS" then object = new_anonymous(realm, credentials_handler) |
38 | 264 | else |
265 | log("debug", "Unsupported SASL mechanism: "..tostring(mechanism)); | |
285
372d0891e8fd
Made PLAIN method in sasl.lua module follow new interface.
Tobias Markmann <tm@ayena.de>
parents:
280
diff
changeset
|
266 | return nil |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
267 | end |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
268 | return object |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
269 | end |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
270 | |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
271 | return _M; |