SASL API

Here's an example SASL implementation:

local sasl = {};
local sasl_mt = { __index = sasl };
 
-- Returns a set of supported mechanisms
function sasl:mechanisms()
    return {
        ["PLAIN"] = true;
        ["COMPLEX"] = true;
    };
end
 
-- Called when the user starts authentication
function sasl:select(mechanism)
    if self:mechanisms()[mechanism] then
        self.selected = mechanism;
        return true;
    else
        return false;
    end
end
 
-- Process a SASL message
-- returns one of
-- - "success", message
-- - "challenge", message
-- - "error", error, textual_error
-- should set self.username
function sasl:process(message)
    if message == "I'm bob" then
        self.username = "bob";
        return "success"
    else
        return "failure", "not-authorized", "You are not bob";
    end
end
 
-- Forget any state
function sasl:clean_clone()
    return setmetatable({}, sasl_mt);
end
 
-- Channel binding
-- eg ("tls-unique", callback)
-- mod_saslauth then sets sasl.userdata[name]
function sasl:add_cb_handler(name, data)
    self._cb_handlers = self._cb_handlers or {}
    self._cb_handlers[name] = data;
end
 
doc/developers/authentication/sasl.txt · Last modified: 2016/01/14 21:40 by Kim Alvefur