Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
util.sasl.{scram,plain}: Pass authzid to SASL profile callback
authorKim Alvefur <zash@zash.se>
Thu, 16 Mar 2023 13:57:30 +0100
changeset 12949 d2c1c327a4d1
parent 12948 05ec70a9f755
child 12950 59478b295137
util.sasl.{scram,plain}: Pass authzid to SASL profile callback For potential future use. Used for logging into a different account than the one used for authentication.
util/sasl/plain.lua file | annotate | diff | comparison | revisions
util/sasl/scram.lua file | annotate | diff | comparison | revisions 
--- a/util/sasl/plain.lua	Sat Mar 11 12:12:49 2023 +0100
+++ b/util/sasl/plain.lua	Thu Mar 16 13:57:30 2023 +0100
@@ -69,10 +69,10 @@
 	local correct, state = false, false;
 	if self.profile.plain then
 		local correct_password;
-		correct_password, state = self.profile.plain(self, authentication, self.realm);
+		correct_password, state = self.profile.plain(self, authentication, self.realm, authorization);
 		correct = (saslprep(correct_password) == password);
 	elseif self.profile.plain_test then
-		correct, state = self.profile.plain_test(self, authentication, password, self.realm);
+		correct, state = self.profile.plain_test(self, authentication, password, self.realm, authorization);
 	end
 
 	if state == false then
--- a/util/sasl/scram.lua	Sat Mar 11 12:12:49 2023 +0100
+++ b/util/sasl/scram.lua	Thu Mar 16 13:57:30 2023 +0100
@@ -101,7 +101,6 @@
 			local client_first_message = message;
 
 			-- TODO: fail if authzid is provided, since we don't support them yet
-			-- luacheck: ignore 211/authzid
 			local gs2_header, gs2_cbind_flag, gs2_cbind_name, authzid, client_first_message_bare, username, clientnonce
 				= s_match(client_first_message, "^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
 
@@ -144,7 +143,7 @@
 			-- retrieve credentials
 			local stored_key, server_key, salt, iteration_count;
 			if self.profile.plain then
-				local password, status = self.profile.plain(self, username, self.realm)
+				local password, status = self.profile.plain(self, username, self.realm, authzid)
 				if status == nil then return "failure", "not-authorized"
 				elseif status == false then return "failure", "account-disabled" end
 
@@ -165,7 +164,7 @@
 				end
 			elseif self.profile[profile_name] then
 				local status;
-				stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm);
+				stored_key, server_key, iteration_count, salt, status = self.profile[profile_name](self, username, self.realm, authzid);
 				if status == nil then return "failure", "not-authorized"
 				elseif status == false then return "failure", "account-disabled" end
 			end
prosody