# HG changeset patch # User Matthew Wild # Date 1665859753 -3600 # Node ID eb46abc65dfd423f9e2343fcc0d29bbb54d3beec # Parent ba2f1292d5fe24664cf898f3aa486d78dbbc6197 mod_sasl2_fast: Improved logging diff -r ba2f1292d5fe -r eb46abc65dfd mod_sasl2_fast/mod_sasl2_fast.lua --- a/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 15 19:47:05 2022 +0100 +++ b/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 15 19:49:13 2022 +0100 @@ -13,6 +13,8 @@ local token_store = module:open_store("fast_tokens", "map"); +local log = module._log; + local function make_token(username, client_id, mechanism) local new_token = "secret-token:fast-"..id.long(); local key = hash.sha256(client_id, true).."-new"; @@ -35,6 +37,7 @@ local key = hash.sha256(client_id, true).."-new"; local token; repeat + log("debug", "Looking for %s token %s/%s", mechanism, username, key); token = token_store:get(username, key); if token and token.mechanism == mechanism then local expected_hash = hmac_f(token.secret, "Initiator"..cb_data); @@ -54,10 +57,12 @@ end end if not tried_current_token then + log("debug", "Trying next token..."); -- Try again with the current token instead tried_current_token = true; key = key:sub(1, -4).."-cur"; else + log("debug", "No matching %s token found for %s/%s", mechanism, username, key); return nil; end until false; @@ -107,7 +112,7 @@ fast_sasl_handler.userdata = session.sasl_handler.userdata; session.sasl_handler = fast_sasl_handler; else - session.log("warn", "Client asked to auth via FAST, but no SASL handler available"); + session.log("warn", "Client asked to auth via FAST, but SASL handler or client id missing"); local failure = st.stanza("failure", { xmlns = xmlns_sasl2 }) :tag("malformed-request"):up() :text_tag("text", "FAST is not available on this stream");