mod_s2s_auth_dane: Disable now redundant validation done in trunk
Outgoing connections can now be validated natively in trunk since
a38f9e09ca31 so we only need to check incoming connections.
-- Copyright (C) 2018 Minddistrict
--
-- This file is MIT/X11 licensed.
--
local s_match = string.match;
local registerMechanism = require "util.sasl".registerMechanism;
local saslprep = require "util.encodings".stringprep.saslprep;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local log = require "util.logger".init("sasl");
local _ENV = nil;
local function token_auth(self, message)
if not message then
return "failure", "malformed-request";
end
local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)");
if not authorization then
return "failure", "malformed-request";
end
-- SASLprep password and authentication
authentication = saslprep(authentication);
password = saslprep(password);
if (not password) or (password == "") or (not authentication) or (authentication == "") then
log("debug", "Username or password violates SASLprep.");
return "failure", "malformed-request", "Invalid username or password.";
end
local _nodeprep = self.profile.nodeprep;
if _nodeprep ~= false then
authentication = (_nodeprep or nodeprep)(authentication);
if not authentication or authentication == "" then
return "failure", "malformed-request", "Invalid username or password."
end
end
local correct, state = false, false;
correct, state = self.profile.token(self, authentication, password, self.realm);
self.username = authentication
if state == false then
return "failure", "account-disabled";
elseif state == nil or not correct then
return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
end
return "success";
end
registerMechanism("X-TOKEN", {"token"}, token_auth);