prosody
30893439d5d1
util/sasl.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Annotate

util/sasl.lua @ 276:30893439d5d1

Some early attempts on DIGEST-MD5.
author Tobias Markmann <tm@ayena.de>
date Sun, 09 Nov 2008 21:16:57 +0100
parent 50:56272224ca4c
child 277:00c2fc751f50
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
1
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
2 local base64 = require "base64"
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
3 local md5 = require "md5"
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
4 local crypto = require "crypto"
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
5 local log = require "util.logger".init("sasl");
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
6 local tostring = tostring;
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
7 local st = require "util.stanza";
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
8 local generate_uuid = require "util.uuid".generate;
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
9 local s_match = string.match;
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
10 local math = require "math"
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
11 local type = type
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
12 local error = error
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
13 local print = print
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
14
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
15 module "sasl"
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
16
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
17 local function new_plain(onAuth, onSuccess, onFail, onWrite)
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
18 local object = { mechanism = "PLAIN", onAuth = onAuth, onSuccess = onSuccess, onFail = onFail,
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
19 onWrite = onWrite}
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
20 local challenge = base64.encode("");
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
21 --onWrite(st.stanza("challenge", {xmlns = "urn:ietf:params:xml:ns:xmpp-sasl"}):text(challenge))
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
22 object.feed = function(self, stanza)
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
23 if stanza.name ~= "response" and stanza.name ~= "auth" then self.onFail("invalid-stanza-tag") end
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
24 if stanza.attr.xmlns ~= "urn:ietf:params:xml:ns:xmpp-sasl" then self.onFail("invalid-stanza-namespace") end
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
25 local response = base64.decode(stanza[1])
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
26 local authorization = s_match(response, "([^&%z]+)")
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
27 local authentication = s_match(response, "%z([^&%z]+)%z")
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
28 local password = s_match(response, "%z[^&%z]+%z([^&%z]+)")
50
56272224ca4c Fix for using wrong auth token as username (fixes Gajim login)
Matthew Wild <mwild1@gmail.com>
parents: 38
diff changeset
29 if self.onAuth(authentication, password) == true then
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
30 self.onWrite(st.stanza("success", {xmlns = "urn:ietf:params:xml:ns:xmpp-sasl"}))
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
31 self.onSuccess(authentication)
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
32 else
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
33 self.onWrite(st.stanza("failure", {xmlns = "urn:ietf:params:xml:ns:xmpp-sasl"}):tag("temporary-auth-failure"));
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
34 end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
35 end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
36 return object
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
37 end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
38
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
39
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
40 --[[
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
41 SERVER:
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
42 nonce="3145176401",qop="auth",charset=utf-8,algorithm=md5-sess
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
43
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
44 CLIENT: username="tobiasfar",nonce="3145176401",cnonce="pJiW7hzeZLvOSAf7gBzwTzLWe4obYOVDlnNESzQCzGg=",nc=00000001,digest-uri="xmpp/jabber.org",qop=auth,response=99a93ba75235136e6403c3a2ba37089d,charset=utf-8
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
45
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
46 username="tobias",nonce="4406697386",cnonce="wUnT7vYrOB0V8D/lKd5bhpaNCk+hLJwc8T4CBCqp7WM=",nc=00000001,digest-uri="xmpp/luaetta.ath.cx",qop=auth,response=d202b8a1bdf8204816fb23c5f87b6b63,charset=utf-8
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
47
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
48 SERVER:
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
49 rspauth=ab66d28c260e97da577ce3aac46a8991
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
50 ]]--
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
51 local function new_digest_md5(onAuth, onSuccess, onFail, onWrite)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
52 local function H(s)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
53 return md5.sum(s)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
54 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
55
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
56 local function KD(k, s)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
57 return H(k..":"..s)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
58 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
59
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
60 local function HEX(n)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
61 return md5.sumhexa(n)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
62 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
63
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
64 local function HMAC(k, s)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
65 return crypto.hmac.digest("md5", s, k, true)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
66 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
67
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
68 local function serialize(message)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
69 local data = ""
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
70
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
71 if type(message) ~= "table" then error("serialize needs an argument of type table.") end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
72
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
73 -- testing all possible values
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
74 if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
75 if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
76 if message["charset"] then data = data..[[charset=]]..message.charset.."," end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
77 if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
78 if message["rspauth"] then data = data..[[rspauth=]]..message.algorith.."," end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
79 data = data:gsub(",$", "")
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
80 return data
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
81 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
82
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
83 local function parse(data)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
84 message = {}
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
85 for k, v in string.gmatch(data, [[([%w%-])="?[%w%-]"?,?]]) do
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
86 message[k] = v
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
87 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
88 return message
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
89 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
90
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
91 local object = { mechanism = "DIGEST-MD5", onAuth = onAuth, onSuccess = onSuccess, onFail = onFail,
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
92 onWrite = onWrite }
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
93
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
94 --TODO: something better than math.random would be nice, maybe OpenSSL's random number generator
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
95 object.nonce = math.random(0, 9)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
96 for i = 1, 9 do object.nonce = object.nonce..math.random(0, 9) end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
97 object.step = 1
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
98 object.nonce_count = {}
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
99 local challenge = base64.encode(serialize({ nonce = object.nonce,
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
100 qop = "auth",
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
101 charset = "utf-8",
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
102 algorithm = "md5-sess"} ));
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
103 object.onWrite(st.stanza("challenge", {xmlns = "urn:ietf:params:xml:ns:xmpp-sasl"}):text(challenge))
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
104 object.feed = function(self, stanza)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
105 print(tostring(stanza))
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
106 if stanza.name ~= "response" and stanza.name ~= "auth" then self.onFail("invalid-stanza-tag") end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
107 if stanza.attr.xmlns ~= "urn:ietf:params:xml:ns:xmpp-sasl" then self.onFail("invalid-stanza-namespace") end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
108 if stanza.name == "auth" then return end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
109 self.step = self.step + 1
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
110 if (self.step == 2) then
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
111
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
112 log("debug", tostring(stanza[1]))
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
113 local response = parse(base64.decode(stanza[1]))
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
114 -- check for replay attack
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
115 if response["nonce-count"] then
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
116 if self.nonce_count[response["nonce-count"]] then self.onFail("not-authorized") end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
117 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
118
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
119 -- check for username, it's REQUIRED by RFC 2831
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
120 if not response["username"] then
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
121 self.onFail("malformed-request")
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
122 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
123
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
124 -- check for nonce, ...
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
125 if not response["nonce"] then
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
126 self.onFail("malformed-request")
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
127 else
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
128 -- check if it's the right nonce
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
129 if response["nonce"] ~= self.nonce then self.onFail("malformed-request") end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
130 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
131
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
132 if not response["cnonce"] then self.onFail("malformed-request") end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
133 if not response["qop"] then response["qop"] = "auth" end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
134
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
135 local hostname = ""
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
136 if response["digest-uri"] then
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
137 local uri = response["digest-uri"]:gmatch("^(%w)/(%w)")
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
138 local protocol = uri[1]
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
139 log(protocol)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
140 local hostname = uri[2]
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
141 log(hostname)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
142 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
143
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
144 -- compare response_value with own calculation
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
145 local A1-- = H(response["username"]..":"..realm-value, ":", passwd } ),
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
146 -- ":", nonce-value, ":", cnonce-value)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
147 local A2
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
148
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
149 local response_value = HEX(KD(HEX(H(A1)), response["nonce"]..":"..response["nonce-count"]..":"..response["cnonce-value"]..":"..response["qop"]..":"..HEX(H(A2))))
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
150
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
151 if response["qop"] == "auth" then
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
152
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
153 else
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
154
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
155 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
156
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
157 local response_value = HEX(KD(HEX(H(A1)), response["nonce"]..":"..response["nonce-count"]..":"..response["cnonce-value"]..":"..response["qop"]..":"..HEX(H(A2))))
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
158
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
159 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
160 --[[
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
161 local authorization = s_match(response, "([^&%z]+)")
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
162 local authentication = s_match(response, "%z([^&%z]+)%z")
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
163 local password = s_match(response, "%z[^&%z]+%z([^&%z]+)")
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
164 if self.onAuth(authentication, password) == true then
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
165 self.onWrite(st.stanza("success", {xmlns = "urn:ietf:params:xml:ns:xmpp-sasl"}))
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
166 self.onSuccess(authentication)
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
167 else
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
168 self.onWrite(st.stanza("failure", {xmlns = "urn:ietf:params:xml:ns:xmpp-sasl"}):tag("temporary-auth-failure"));
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
169 end]]--
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
170 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
171 return object
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
172 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
173
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
174 function new(mechanism, onAuth, onSuccess, onFail, onWrite)
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
175 local object
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
176 if mechanism == "PLAIN" then object = new_plain(onAuth, onSuccess, onFail, onWrite)
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
177 elseif mechanism == "DIGEST-MD5" then object = new_digest_md5(onAuth, onSuccess, onFail, onWrite)
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
178 else
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
179 log("debug", "Unsupported SASL mechanism: "..tostring(mechanism));
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
180 onFail("unsupported-mechanism")
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
181 end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
182 return object
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
183 end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
184
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
185 return _M;