mod_sasl2_fast: Fix malformed-request when using HT-*-NONE (thanks lnj!)
This crept into the previous commit which tried to fail early when CB was
requested but unavailable - that commit did not actually check that CB *was*
requested.
--- a/mod_sasl2_fast/mod_sasl2_fast.lua Fri Jun 07 16:14:58 2024 +0100
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua Fri Jun 07 16:26:54 2024 +0100
@@ -196,14 +196,17 @@
if not authc_username then
return "failure", "malformed-request";
end
- if not sasl_handler.profile.cb then
- module:log("warn", "Attempt to use channel binding %s with SASL profile that does not support any channel binding (FAST: %s)", cb_name, sasl_handler.fast);
- return "failure", "malformed-request";
- elseif not sasl_handler.profile.cb[cb_name] then
- module:log("warn", "SASL profile does not support %s channel binding (FAST: %s)", cb_name, sasl_handler.fast);
- return "failure", "malformed-request";
+ local cb_data;
+ if cb_name then
+ if not sasl_handler.profile.cb then
+ module:log("warn", "Attempt to use channel binding %s with SASL profile that does not support any channel binding (FAST: %s)", cb_name, sasl_handler.fast);
+ return "failure", "malformed-request";
+ elseif not sasl_handler.profile.cb[cb_name] then
+ module:log("warn", "SASL profile does not support %s channel binding (FAST: %s)", cb_name, sasl_handler.fast);
+ return "failure", "malformed-request";
+ end
+ cb_data = sasl_handler.profile.cb[cb_name](sasl_handler) or "";
end
- local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or "";
local ok, authz_username, response, rotation_needed = backend(
mechanism_name,
authc_username,