--- a/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 15 19:47:05 2022 +0100
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua Sat Oct 15 19:49:13 2022 +0100
@@ -13,6 +13,8 @@
local token_store = module:open_store("fast_tokens", "map");
+local log = module._log;
+
local function make_token(username, client_id, mechanism)
local new_token = "secret-token:fast-"..id.long();
local key = hash.sha256(client_id, true).."-new";
@@ -35,6 +37,7 @@
local key = hash.sha256(client_id, true).."-new";
local token;
repeat
+ log("debug", "Looking for %s token %s/%s", mechanism, username, key);
token = token_store:get(username, key);
if token and token.mechanism == mechanism then
local expected_hash = hmac_f(token.secret, "Initiator"..cb_data);
@@ -54,10 +57,12 @@
end
end
if not tried_current_token then
+ log("debug", "Trying next token...");
-- Try again with the current token instead
tried_current_token = true;
key = key:sub(1, -4).."-cur";
else
+ log("debug", "No matching %s token found for %s/%s", mechanism, username, key);
return nil;
end
until false;
@@ -107,7 +112,7 @@
fast_sasl_handler.userdata = session.sasl_handler.userdata;
session.sasl_handler = fast_sasl_handler;
else
- session.log("warn", "Client asked to auth via FAST, but no SASL handler available");
+ session.log("warn", "Client asked to auth via FAST, but SASL handler or client id missing");
local failure = st.stanza("failure", { xmlns = xmlns_sasl2 })
:tag("malformed-request"):up()
:text_tag("text", "FAST is not available on this stream");