Software /
code /
prosody
Annotate
util/sasl/digest-md5.lua @ 2186:1112871916eb sasl
Move each mechanism in an own file.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Thu, 12 Nov 2009 21:57:37 +0100 |
child | 2188:1fd38975addd |
rev | line source |
---|---|
2186
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
1 -- sasl.lua v0.4 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2009 Tobias Markmann |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
3 -- |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
4 -- All rights reserved. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
5 -- |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
7 -- |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
11 -- |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
13 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
14 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
15 --========================= |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
16 --SASL DIGEST-MD5 according to RFC 2831 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
17 local function sasl_mechanism_digest_md5(self, message) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
18 --TODO complete support for authzid |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
19 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
20 local function serialize(message) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
21 local data = "" |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
22 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
23 if type(message) ~= "table" then error("serialize needs an argument of type table.") end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
24 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
25 -- testing all possible values |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
26 if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
27 if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
28 if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
29 if message["charset"] then data = data..[[charset=]]..message.charset.."," end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
30 if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
31 if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
32 data = data:gsub(",$", "") |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
33 return data |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
34 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
35 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
36 local function utf8tolatin1ifpossible(passwd) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
37 local i = 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
38 while i <= #passwd do |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
39 local passwd_i = to_byte(passwd:sub(i, i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
40 if passwd_i > 0x7F then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
41 if passwd_i < 0xC0 or passwd_i > 0xC3 then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
42 return passwd; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
43 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
44 i = i + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
45 passwd_i = to_byte(passwd:sub(i, i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
46 if passwd_i < 0x80 or passwd_i > 0xBF then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
47 return passwd; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
48 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
49 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
50 i = i + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
51 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
52 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
53 local p = {}; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
54 local j = 0; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
55 i = 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
56 while (i <= #passwd) do |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
57 local passwd_i = to_byte(passwd:sub(i, i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
58 if passwd_i > 0x7F then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
59 i = i + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
60 local passwd_i_1 = to_byte(passwd:sub(i, i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
61 t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
62 else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
63 t_insert(p, to_char(passwd_i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
64 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
65 i = i + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
66 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
67 return t_concat(p); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
68 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
69 local function latin1toutf8(str) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
70 local p = {}; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
71 for ch in gmatch(str, ".") do |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
72 ch = to_byte(ch); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
73 if (ch < 0x80) then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
74 t_insert(p, to_char(ch)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
75 elseif (ch < 0xC0) then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
76 t_insert(p, to_char(0xC2, ch)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
77 else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
78 t_insert(p, to_char(0xC3, ch - 64)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
79 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
80 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
81 return t_concat(p); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
82 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
83 local function parse(data) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
84 local message = {} |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
85 for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
86 message[k] = v; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
87 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
88 return message; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
89 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
90 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
91 if not self.nonce then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
92 self.nonce = generate_uuid(); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
93 self.step = 0; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
94 self.nonce_count = {}; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
95 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
96 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
97 self.step = self.step + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
98 if (self.step == 1) then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
99 local challenge = serialize({ nonce = object.nonce, |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
100 qop = "auth", |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
101 charset = "utf-8", |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
102 algorithm = "md5-sess", |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
103 realm = self.realm}); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
104 return "challenge", challenge; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
105 elseif (self.step == 2) then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
106 local response = parse(message); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
107 -- check for replay attack |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
108 if response["nc"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
109 if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
110 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
111 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
112 -- check for username, it's REQUIRED by RFC 2831 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
113 if not response["username"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
114 return "failure", "malformed-request"; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
115 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
116 self["username"] = response["username"]; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
117 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
118 -- check for nonce, ... |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
119 if not response["nonce"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
120 return "failure", "malformed-request"; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
121 else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
122 -- check if it's the right nonce |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
123 if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
124 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
125 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
126 if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
127 if not response["qop"] then response["qop"] = "auth" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
128 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
129 if response["realm"] == nil or response["realm"] == "" then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
130 response["realm"] = ""; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
131 elseif response["realm"] ~= self.realm then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
132 return "failure", "not-authorized", "Incorrect realm value"; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
133 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
134 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
135 local decoder; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
136 if response["charset"] == nil then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
137 decoder = utf8tolatin1ifpossible; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
138 elseif response["charset"] ~= "utf-8" then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
139 return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8."; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
140 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
141 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
142 local domain = ""; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
143 local protocol = ""; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
144 if response["digest-uri"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
145 protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$"); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
146 if protocol == nil or domain == nil then return "failure", "malformed-request" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
147 else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
148 return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
149 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
150 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
151 --TODO maybe realm support |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
152 self.username = response["username"]; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
153 local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
154 if Y == nil then return "failure", "not-authorized" |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
155 elseif Y == false then return "failure", "account-disabled" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
156 local A1 = ""; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
157 if response.authzid then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
158 if response.authzid == self.username.."@"..self.realm then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
159 -- COMPAT |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
160 log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920."); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
161 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
162 else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
163 A1 = "?"; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
164 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
165 else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
166 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
167 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
168 local A2 = "AUTHENTICATE:"..protocol.."/"..domain; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
169 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
170 local HA1 = md5(A1, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
171 local HA2 = md5(A2, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
172 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
173 local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
174 local response_value = md5(KD, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
175 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
176 if response_value == response["response"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
177 -- calculate rspauth |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
178 A2 = ":"..protocol.."/"..domain; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
179 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
180 HA1 = md5(A1, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
181 HA2 = md5(A2, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
182 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
183 KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
184 local rspauth = md5(KD, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
185 self.authenticated = true; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
186 return "challenge", serialize({rspauth = rspauth}); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
187 else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
188 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated." |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
189 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
190 elseif self.step == 3 then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
191 if self.authenticated ~= nil then return "success" |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
192 else return "failure", "malformed-request" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
193 end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
194 end |