79 end |
79 end |
80 |
80 |
81 -- create a new SASL object which can be used to authenticate clients |
81 -- create a new SASL object which can be used to authenticate clients |
82 function new(realm, profile) |
82 function new(realm, profile) |
83 sasl_i = {profile = profile}; |
83 sasl_i = {profile = profile}; |
|
84 sasl_i.realm = realm; |
84 return setmetatable(sasl_i, method); |
85 return setmetatable(sasl_i, method); |
85 end |
86 end |
86 |
87 |
87 -- get a list of possible SASL mechanims to use |
88 -- get a list of possible SASL mechanims to use |
88 function method:mechanisms() |
89 function method:mechanisms() |
90 for backend, f in pairs(self.profile) do |
91 for backend, f in pairs(self.profile) do |
91 print(backend) |
92 print(backend) |
92 if backend_mechanism[backend] then |
93 if backend_mechanism[backend] then |
93 for _, mechanism in ipairs(backend_mechanism[backend]) do |
94 for _, mechanism in ipairs(backend_mechanism[backend]) do |
94 mechanisms[mechanism] = true; |
95 mechanisms[mechanism] = true; |
95 end |
96 end |
96 end |
97 end |
97 end |
98 end |
98 self["possible_mechanisms"] = mechanisms; |
99 self["possible_mechanisms"] = mechanisms; |
99 return array.collect(keys(mechanisms)); |
100 return array.collect(keys(mechanisms)); |
100 end |
101 end |
101 |
102 |
102 -- select a mechanism to use |
103 -- select a mechanism to use |
103 function method:select(mechanism) |
104 function method:select(mechanism) |
104 self.mech_i = mechanisms[mechanism] |
105 self.mech_i = mechanisms[mechanism] |
105 if self.mech_i == nil then return false; end |
106 if self.mech_i == nil then |
|
107 return false; |
|
108 end |
106 return true; |
109 return true; |
107 end |
110 end |
108 |
111 |
109 -- feed new messages to process into the library |
112 -- feed new messages to process into the library |
110 function method:process(message) |
113 function method:process(message) |
118 local response = message |
121 local response = message |
119 local authorization = s_match(response, "([^&%z]+)") |
122 local authorization = s_match(response, "([^&%z]+)") |
120 local authentication = s_match(response, "%z([^&%z]+)%z") |
123 local authentication = s_match(response, "%z([^&%z]+)%z") |
121 local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") |
124 local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") |
122 |
125 |
123 if authentication == nil or password == nil then return "failure", "malformed-request" end |
126 if authentication == nil or password == nil then |
|
127 return "failure", "malformed-request"; |
|
128 end |
124 |
129 |
125 local correct, state = false, false, false; |
130 local correct, state = false, false; |
126 if self.profile.plain then |
131 if self.profile.plain then |
127 local correct_password, state = self.profile.plain(authentication, self.realm); |
132 local correct_password; |
|
133 correct_password, state = self.profile.plain(authentication, self.realm); |
128 if correct_password == password then correct = true; else correct = false; end |
134 if correct_password == password then correct = true; else correct = false; end |
129 else if self.profile.plain_test then |
135 elseif self.profile.plain_test then |
130 correct, state = self.profile.plain_test(authentication, self.realm, password); |
136 correct, state = self.profile.plain_test(authentication, self.realm, password); |
131 end |
137 end |
132 |
138 |
133 self.username = authentication |
139 self.username = authentication |
134 if not state then |
140 if not state then |