Annotate

util/sasl/digest-md5.lua @ 2186:1112871916eb sasl

Move each mechanism in an own file.
author Tobias Markmann <tm@ayena.de>
date Thu, 12 Nov 2009 21:57:37 +0100
child 2188:1fd38975addd
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2186
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
1 -- sasl.lua v0.4
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
2 -- Copyright (C) 2008-2009 Tobias Markmann
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
3 --
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
4 -- All rights reserved.
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
5 --
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
7 --
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
11 --
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
13
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
14
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
15 --=========================
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
16 --SASL DIGEST-MD5 according to RFC 2831
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
17 local function sasl_mechanism_digest_md5(self, message)
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
18 --TODO complete support for authzid
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
19
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
20 local function serialize(message)
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
21 local data = ""
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
22
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
23 if type(message) ~= "table" then error("serialize needs an argument of type table.") end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
24
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
25 -- testing all possible values
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
26 if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
27 if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
28 if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
29 if message["charset"] then data = data..[[charset=]]..message.charset.."," end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
30 if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
31 if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
32 data = data:gsub(",$", "")
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
33 return data
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
34 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
35
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
36 local function utf8tolatin1ifpossible(passwd)
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
37 local i = 1;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
38 while i <= #passwd do
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
39 local passwd_i = to_byte(passwd:sub(i, i));
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
40 if passwd_i > 0x7F then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
41 if passwd_i < 0xC0 or passwd_i > 0xC3 then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
42 return passwd;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
43 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
44 i = i + 1;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
45 passwd_i = to_byte(passwd:sub(i, i));
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
46 if passwd_i < 0x80 or passwd_i > 0xBF then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
47 return passwd;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
48 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
49 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
50 i = i + 1;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
51 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
52
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
53 local p = {};
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
54 local j = 0;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
55 i = 1;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
56 while (i <= #passwd) do
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
57 local passwd_i = to_byte(passwd:sub(i, i));
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
58 if passwd_i > 0x7F then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
59 i = i + 1;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
60 local passwd_i_1 = to_byte(passwd:sub(i, i));
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
61 t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
62 else
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
63 t_insert(p, to_char(passwd_i));
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
64 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
65 i = i + 1;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
66 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
67 return t_concat(p);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
68 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
69 local function latin1toutf8(str)
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
70 local p = {};
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
71 for ch in gmatch(str, ".") do
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
72 ch = to_byte(ch);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
73 if (ch < 0x80) then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
74 t_insert(p, to_char(ch));
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
75 elseif (ch < 0xC0) then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
76 t_insert(p, to_char(0xC2, ch));
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
77 else
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
78 t_insert(p, to_char(0xC3, ch - 64));
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
79 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
80 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
81 return t_concat(p);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
82 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
83 local function parse(data)
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
84 local message = {}
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
85 for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
86 message[k] = v;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
87 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
88 return message;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
89 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
90
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
91 if not self.nonce then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
92 self.nonce = generate_uuid();
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
93 self.step = 0;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
94 self.nonce_count = {};
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
95 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
96
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
97 self.step = self.step + 1;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
98 if (self.step == 1) then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
99 local challenge = serialize({ nonce = object.nonce,
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
100 qop = "auth",
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
101 charset = "utf-8",
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
102 algorithm = "md5-sess",
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
103 realm = self.realm});
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
104 return "challenge", challenge;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
105 elseif (self.step == 2) then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
106 local response = parse(message);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
107 -- check for replay attack
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
108 if response["nc"] then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
109 if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
110 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
111
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
112 -- check for username, it's REQUIRED by RFC 2831
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
113 if not response["username"] then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
114 return "failure", "malformed-request";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
115 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
116 self["username"] = response["username"];
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
117
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
118 -- check for nonce, ...
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
119 if not response["nonce"] then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
120 return "failure", "malformed-request";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
121 else
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
122 -- check if it's the right nonce
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
123 if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
124 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
125
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
126 if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
127 if not response["qop"] then response["qop"] = "auth" end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
128
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
129 if response["realm"] == nil or response["realm"] == "" then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
130 response["realm"] = "";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
131 elseif response["realm"] ~= self.realm then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
132 return "failure", "not-authorized", "Incorrect realm value";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
133 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
134
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
135 local decoder;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
136 if response["charset"] == nil then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
137 decoder = utf8tolatin1ifpossible;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
138 elseif response["charset"] ~= "utf-8" then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
139 return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8.";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
140 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
141
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
142 local domain = "";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
143 local protocol = "";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
144 if response["digest-uri"] then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
145 protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$");
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
146 if protocol == nil or domain == nil then return "failure", "malformed-request" end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
147 else
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
148 return "failure", "malformed-request", "Missing entry for digest-uri in SASL message."
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
149 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
150
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
151 --TODO maybe realm support
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
152 self.username = response["username"];
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
153 local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
154 if Y == nil then return "failure", "not-authorized"
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
155 elseif Y == false then return "failure", "account-disabled" end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
156 local A1 = "";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
157 if response.authzid then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
158 if response.authzid == self.username.."@"..self.realm then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
159 -- COMPAT
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
160 log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920.");
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
161 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
162 else
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
163 A1 = "?";
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
164 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
165 else
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
166 A1 = Y..":"..response["nonce"]..":"..response["cnonce"];
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
167 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
168 local A2 = "AUTHENTICATE:"..protocol.."/"..domain;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
169
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
170 local HA1 = md5(A1, true);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
171 local HA2 = md5(A2, true);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
172
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
173 local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
174 local response_value = md5(KD, true);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
175
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
176 if response_value == response["response"] then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
177 -- calculate rspauth
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
178 A2 = ":"..protocol.."/"..domain;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
179
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
180 HA1 = md5(A1, true);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
181 HA2 = md5(A2, true);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
182
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
183 KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
184 local rspauth = md5(KD, true);
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
185 self.authenticated = true;
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
186 return "challenge", serialize({rspauth = rspauth});
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
187 else
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
188 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated."
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
189 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
190 elseif self.step == 3 then
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
191 if self.authenticated ~= nil then return "success"
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
192 else return "failure", "malformed-request" end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
193 end
1112871916eb Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
194 end