Annotate

util/sasl.lua @ 2183:44e71e65da86 sasl

Importing SASL Digest-MD5 code. Now for real.
author Tobias Markmann <tm@ayena.de>
date Fri, 28 Aug 2009 19:57:09 +0200
parent 2182:27c7d287345e
child 2184:0d1740f7b6e8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
896
2c0b9e3c11c3 0.3->0.4
Matthew Wild <mwild1@gmail.com>
parents: 801
diff changeset
1 -- sasl.lua v0.4
760
90ce865eebd8 Update copyright notices for 2009
Matthew Wild <mwild1@gmail.com>
parents: 702
diff changeset
2 -- Copyright (C) 2008-2009 Tobias Markmann
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1518
diff changeset
3 --
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 508
diff changeset
4 -- All rights reserved.
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1518
diff changeset
5 --
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 508
diff changeset
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1518
diff changeset
7 --
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 508
diff changeset
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 508
diff changeset
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 508
diff changeset
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1518
diff changeset
11 --
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 508
diff changeset
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 508
diff changeset
13
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
14
449
c0a4a1e63d70 Completely switched to new hashes library from the old md5 library
Waqas Hussain <waqas20@gmail.com>
parents: 405
diff changeset
15 local md5 = require "util.hashes".md5;
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
16 local log = require "util.logger".init("sasl");
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
17 local tostring = tostring;
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
18 local st = require "util.stanza";
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
19 local generate_uuid = require "util.uuid".generate;
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
20 local pairs, ipairs = pairs, ipairs;
504
efc5184effa1 Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents: 496
diff changeset
21 local t_insert, t_concat = table.insert, table.concat;
efc5184effa1 Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents: 496
diff changeset
22 local to_byte, to_char = string.byte, string.char;
1485
fbefd16d2955 Move to-unicode conversion from mod_saslauth.lua to sasl.lua.
Tobias Markmann <tm@ayena.de>
parents: 1376
diff changeset
23 local to_unicode = require "util.encodings".idna.to_unicode;
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
24 local s_match = string.match;
277
00c2fc751f50 Fixing some parsing and some other stuff.
Tobias Markmann <tm@ayena.de>
parents: 276
diff changeset
25 local gmatch = string.gmatch
280
516f4c901991 Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents: 278
diff changeset
26 local string = string
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
27 local math = require "math"
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
28 local type = type
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
29 local error = error
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
30 local print = print
2175
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
31 local setmetatable = setmetatable;
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
32 local assert = assert;
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
33
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
34 require "util.iterators"
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
35 local keys = keys
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
36
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
37 local array = require "util.array"
38
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
38 module "sasl"
Matthew Wild <mwild1@gmail.com>
parents: 32
diff changeset
39
2177
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
40 --[[
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
41 Authentication Backend Prototypes:
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
42
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
43 plain:
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
44 function(username, realm)
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
45 return password, state;
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
46 end
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
47
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
48 plain-test:
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
49 function(username, realm, password)
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
50 return true or false, state;
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
51 end
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
52
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
53 digest-md5:
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
54 function(username, realm, encoding)
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
55 return digesthash, state;
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
56 end
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
57
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
58 digest-md5-test:
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
59 function(username, realm, encoding, digesthash)
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
60 return true or false, state;
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
61 end
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
62 ]]
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
63
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
64 local method = {};
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
65 method.__index = method;
2175
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
66 local mechanisms = {};
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
67 local backend_mechanism = {};
1585
edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents: 1518
diff changeset
68
2175
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
69 -- register a new SASL mechanims
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
70 local function registerMechanism(name, backends, f)
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
71 assert(type(name) == "string", "Parameter name MUST be a string.");
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
72 assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table.");
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
73 assert(type(f) == "function", "Parameter f MUST be a function.");
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
74 mechanisms[name] = f
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
75 for _, backend_name in ipairs(backends) do
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
76 if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
77 t_insert(backend_mechanism[backend_name], name);
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
78 end
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
79 end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
80
2175
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
81 -- create a new SASL object which can be used to authenticate clients
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
82 function new(realm, profile)
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
83 sasl_i = {profile = profile};
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
84 sasl_i.realm = realm;
2175
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
85 return setmetatable(sasl_i, method);
276
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
86 end
30893439d5d1 Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents: 50
diff changeset
87
2175
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
88 -- get a list of possible SASL mechanims to use
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
89 function method:mechanisms()
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
90 local mechanisms = {}
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
91 for backend, f in pairs(self.profile) do
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
92 print(backend)
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
93 if backend_mechanism[backend] then
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
94 for _, mechanism in ipairs(backend_mechanism[backend]) do
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
95 mechanisms[mechanism] = true;
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
96 end
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
97 end
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
98 end
2177
8505e1da5408 Adding some docu.
Tobias Markmann <tm@ayena.de>
parents: 2176
diff changeset
99 self["possible_mechanisms"] = mechanisms;
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
100 return array.collect(keys(mechanisms));
799
b7ea802f3527 Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents: 760
diff changeset
101 end
b7ea802f3527 Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents: 760
diff changeset
102
2175
3ca8755581a1 Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents: 1585
diff changeset
103 -- select a mechanism to use
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
104 function method:select(mechanism)
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
105 self.mech_i = mechanisms[mechanism]
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
106 if self.mech_i == nil then
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
107 return false;
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
108 end
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
109 return true;
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
110 end
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
111
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
112 -- feed new messages to process into the library
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
113 function method:process(message)
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
114 if message == "" or message == nil then return "failure", "malformed-request" end
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
115 return self.mech_i(self, message);
15
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
116 end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff changeset
117
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
118 --=========================
2181
d5cd6a868959 List RFC numbers.
Tobias Markmann <tm@ayena.de>
parents: 2180
diff changeset
119 --SASL PLAIN according to RFC 4616
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
120 local function sasl_mechanism_plain(self, message)
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
121 local response = message
2180
8de2f7f5b870 Allow ampersands in passwords for SASL PLAIN mechanism.
Tobias Markmann <tm@ayena.de>
parents: 2179
diff changeset
122 local authorization = s_match(response, "([^%z]+)")
8de2f7f5b870 Allow ampersands in passwords for SASL PLAIN mechanism.
Tobias Markmann <tm@ayena.de>
parents: 2179
diff changeset
123 local authentication = s_match(response, "%z([^%z]+)%z")
8de2f7f5b870 Allow ampersands in passwords for SASL PLAIN mechanism.
Tobias Markmann <tm@ayena.de>
parents: 2179
diff changeset
124 local password = s_match(response, "%z[^%z]+%z([^%z]+)")
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
125
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
126 if authentication == nil or password == nil then
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
127 return "failure", "malformed-request";
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
128 end
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
129
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
130 local correct, state = false, false;
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
131 if self.profile.plain then
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
132 local correct_password;
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
133 correct_password, state = self.profile.plain(authentication, self.realm);
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
134 if correct_password == password then correct = true; else correct = false; end
2179
c985536d5452 Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents: 2178
diff changeset
135 elseif self.profile.plain_test then
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
136 correct, state = self.profile.plain_test(authentication, self.realm, password);
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
137 end
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
138
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
139 self.username = authentication
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
140 if not state then
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
141 return "failure", "account-disabled";
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
142 end
2178
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
143
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
144 if correct then
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
145 return "success";
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
146 else
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
147 return "failure", "not-authorized";
28d841403a21 Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents: 2177
diff changeset
148 end
2176
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
149 end
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
150 registerMechanism("PLAIN", {"plain", "plain_test"}, sasl_mechanism_plain);
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents: 2175
diff changeset
151
2181
d5cd6a868959 List RFC numbers.
Tobias Markmann <tm@ayena.de>
parents: 2180
diff changeset
152 --=========================
2182
27c7d287345e Importing SASL Digest-MD5 code.
Tobias Markmann <tm@ayena.de>
parents: 2181
diff changeset
153 --SASL DIGEST-MD5 according to RFC 2831
2183
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
154 local function new_digest_md5(realm, credentials_handler)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
155 --TODO complete support for authzid
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
156
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
157 local function serialize(message)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
158 local data = ""
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
159
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
160 if type(message) ~= "table" then error("serialize needs an argument of type table.") end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
161
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
162 -- testing all possible values
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
163 if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
164 if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
165 if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
166 if message["charset"] then data = data..[[charset=]]..message.charset.."," end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
167 if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
168 if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
169 data = data:gsub(",$", "")
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
170 return data
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
171 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
172
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
173 local function utf8tolatin1ifpossible(passwd)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
174 local i = 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
175 while i <= #passwd do
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
176 local passwd_i = to_byte(passwd:sub(i, i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
177 if passwd_i > 0x7F then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
178 if passwd_i < 0xC0 or passwd_i > 0xC3 then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
179 return passwd;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
180 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
181 i = i + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
182 passwd_i = to_byte(passwd:sub(i, i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
183 if passwd_i < 0x80 or passwd_i > 0xBF then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
184 return passwd;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
185 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
186 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
187 i = i + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
188 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
189
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
190 local p = {};
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
191 local j = 0;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
192 i = 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
193 while (i <= #passwd) do
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
194 local passwd_i = to_byte(passwd:sub(i, i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
195 if passwd_i > 0x7F then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
196 i = i + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
197 local passwd_i_1 = to_byte(passwd:sub(i, i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
198 t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
199 else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
200 t_insert(p, to_char(passwd_i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
201 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
202 i = i + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
203 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
204 return t_concat(p);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
205 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
206 local function latin1toutf8(str)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
207 local p = {};
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
208 for ch in gmatch(str, ".") do
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
209 ch = to_byte(ch);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
210 if (ch < 0x80) then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
211 t_insert(p, to_char(ch));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
212 elseif (ch < 0xC0) then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
213 t_insert(p, to_char(0xC2, ch));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
214 else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
215 t_insert(p, to_char(0xC3, ch - 64));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
216 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
217 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
218 return t_concat(p);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
219 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
220 local function parse(data)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
221 local message = {}
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
222 for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
223 message[k] = v;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
224 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
225 return message;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
226 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
227
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
228 local object = { mechanism = "DIGEST-MD5", realm = realm, credentials_handler = credentials_handler};
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
229
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
230 object.nonce = generate_uuid();
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
231 object.step = 0;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
232 object.nonce_count = {};
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
233
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
234 function object.feed(self, message)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
235 self.step = self.step + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
236 if (self.step == 1) then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
237 local challenge = serialize({ nonce = object.nonce,
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
238 qop = "auth",
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
239 charset = "utf-8",
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
240 algorithm = "md5-sess",
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
241 realm = self.realm});
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
242 return "challenge", challenge;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
243 elseif (self.step == 2) then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
244 local response = parse(message);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
245 -- check for replay attack
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
246 if response["nc"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
247 if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
248 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
249
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
250 -- check for username, it's REQUIRED by RFC 2831
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
251 if not response["username"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
252 return "failure", "malformed-request";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
253 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
254 self["username"] = response["username"];
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
255
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
256 -- check for nonce, ...
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
257 if not response["nonce"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
258 return "failure", "malformed-request";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
259 else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
260 -- check if it's the right nonce
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
261 if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
262 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
263
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
264 if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
265 if not response["qop"] then response["qop"] = "auth" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
266
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
267 if response["realm"] == nil or response["realm"] == "" then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
268 response["realm"] = "";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
269 elseif response["realm"] ~= self.realm then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
270 return "failure", "not-authorized", "Incorrect realm value";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
271 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
272
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
273 local decoder;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
274 if response["charset"] == nil then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
275 decoder = utf8tolatin1ifpossible;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
276 elseif response["charset"] ~= "utf-8" then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
277 return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8.";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
278 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
279
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
280 local domain = "";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
281 local protocol = "";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
282 if response["digest-uri"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
283 protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$");
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
284 if protocol == nil or domain == nil then return "failure", "malformed-request" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
285 else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
286 return "failure", "malformed-request", "Missing entry for digest-uri in SASL message."
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
287 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
288
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
289 --TODO maybe realm support
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
290 self.username = response["username"];
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
291 local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
292 if Y == nil then return "failure", "not-authorized"
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
293 elseif Y == false then return "failure", "account-disabled" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
294 local A1 = "";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
295 if response.authzid then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
296 if response.authzid == self.username.."@"..self.realm then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
297 -- COMPAT
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
298 log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920.");
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
299 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
300 else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
301 A1 = "?";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
302 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
303 else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
304 A1 = Y..":"..response["nonce"]..":"..response["cnonce"];
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
305 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
306 local A2 = "AUTHENTICATE:"..protocol.."/"..domain;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
307
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
308 local HA1 = md5(A1, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
309 local HA2 = md5(A2, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
310
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
311 local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
312 local response_value = md5(KD, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
313
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
314 if response_value == response["response"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
315 -- calculate rspauth
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
316 A2 = ":"..protocol.."/"..domain;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
317
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
318 HA1 = md5(A1, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
319 HA2 = md5(A2, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
320
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
321 KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
322 local rspauth = md5(KD, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
323 self.authenticated = true;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
324 return "challenge", serialize({rspauth = rspauth});
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
325 else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
326 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated."
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
327 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
328 elseif self.step == 3 then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
329 if self.authenticated ~= nil then return "success"
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
330 else return "failure", "malformed-request" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
331 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
332 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
333 return object;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
334 end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents: 2182
diff changeset
335
519
cccd610a0ef9 Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents: 508
diff changeset
336 return _M;