Software /
code /
prosody
Annotate
util/sasl.lua @ 2183:44e71e65da86 sasl
Importing SASL Digest-MD5 code. Now for real.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Fri, 28 Aug 2009 19:57:09 +0200 |
parent | 2182:27c7d287345e |
child | 2184:0d1740f7b6e8 |
rev | line source |
---|---|
896 | 1 -- sasl.lua v0.4 |
760
90ce865eebd8
Update copyright notices for 2009
Matthew Wild <mwild1@gmail.com>
parents:
702
diff
changeset
|
2 -- Copyright (C) 2008-2009 Tobias Markmann |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
3 -- |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
4 -- All rights reserved. |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
5 -- |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
7 -- |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
11 -- |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
13 |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
14 |
449
c0a4a1e63d70
Completely switched to new hashes library from the old md5 library
Waqas Hussain <waqas20@gmail.com>
parents:
405
diff
changeset
|
15 local md5 = require "util.hashes".md5; |
38 | 16 local log = require "util.logger".init("sasl"); |
17 local tostring = tostring; | |
18 local st = require "util.stanza"; | |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
19 local generate_uuid = require "util.uuid".generate; |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
20 local pairs, ipairs = pairs, ipairs; |
504
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
21 local t_insert, t_concat = table.insert, table.concat; |
efc5184effa1
Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses
Waqas Hussain <waqas20@gmail.com>
parents:
496
diff
changeset
|
22 local to_byte, to_char = string.byte, string.char; |
1485
fbefd16d2955
Move to-unicode conversion from mod_saslauth.lua to sasl.lua.
Tobias Markmann <tm@ayena.de>
parents:
1376
diff
changeset
|
23 local to_unicode = require "util.encodings".idna.to_unicode; |
38 | 24 local s_match = string.match; |
277
00c2fc751f50
Fixing some parsing and some other stuff.
Tobias Markmann <tm@ayena.de>
parents:
276
diff
changeset
|
25 local gmatch = string.gmatch |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
26 local string = string |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
27 local math = require "math" |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
28 local type = type |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
29 local error = error |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
30 local print = print |
2175
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
31 local setmetatable = setmetatable; |
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
32 local assert = assert; |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
33 |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
34 require "util.iterators" |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
35 local keys = keys |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
36 |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
37 local array = require "util.array" |
38 | 38 module "sasl" |
39 | |
2177 | 40 --[[ |
41 Authentication Backend Prototypes: | |
42 | |
43 plain: | |
44 function(username, realm) | |
45 return password, state; | |
46 end | |
47 | |
48 plain-test: | |
49 function(username, realm, password) | |
50 return true or false, state; | |
51 end | |
52 | |
53 digest-md5: | |
54 function(username, realm, encoding) | |
55 return digesthash, state; | |
56 end | |
57 | |
58 digest-md5-test: | |
59 function(username, realm, encoding, digesthash) | |
60 return true or false, state; | |
61 end | |
62 ]] | |
63 | |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
64 local method = {}; |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
65 method.__index = method; |
2175
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
66 local mechanisms = {}; |
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
67 local backend_mechanism = {}; |
1585
edc066730d11
Switch to using a more generic credentials_callback/handler for SASL auth.
nick@lupine.me.uk
parents:
1518
diff
changeset
|
68 |
2175
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
69 -- register a new SASL mechanims |
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
70 local function registerMechanism(name, backends, f) |
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
71 assert(type(name) == "string", "Parameter name MUST be a string."); |
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
72 assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table."); |
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
73 assert(type(f) == "function", "Parameter f MUST be a function."); |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
74 mechanisms[name] = f |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
75 for _, backend_name in ipairs(backends) do |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
76 if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
77 t_insert(backend_mechanism[backend_name], name); |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
78 end |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
79 end |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
80 |
2175
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
81 -- create a new SASL object which can be used to authenticate clients |
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
82 function new(realm, profile) |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
83 sasl_i = {profile = profile}; |
2179
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
84 sasl_i.realm = realm; |
2175
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
85 return setmetatable(sasl_i, method); |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
86 end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
87 |
2175
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
88 -- get a list of possible SASL mechanims to use |
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
89 function method:mechanisms() |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
90 local mechanisms = {} |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
91 for backend, f in pairs(self.profile) do |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
92 print(backend) |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
93 if backend_mechanism[backend] then |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
94 for _, mechanism in ipairs(backend_mechanism[backend]) do |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
95 mechanisms[mechanism] = true; |
2179
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
96 end |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
97 end |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
98 end |
2177 | 99 self["possible_mechanisms"] = mechanisms; |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
100 return array.collect(keys(mechanisms)); |
799
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
101 end |
b7ea802f3527
Adding inital support for ANONYMOUS mechanism in SASL.
Tobias Markmann <tm@ayena.de>
parents:
760
diff
changeset
|
102 |
2175
3ca8755581a1
Initial commit of the SASL redesign.
Tobias Markmann <tm@ayena.de>
parents:
1585
diff
changeset
|
103 -- select a mechanism to use |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
104 function method:select(mechanism) |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
105 self.mech_i = mechanisms[mechanism] |
2179
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
106 if self.mech_i == nil then |
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
107 return false; |
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
108 end |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
109 return true; |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
110 end |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
111 |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
112 -- feed new messages to process into the library |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
113 function method:process(message) |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
114 if message == "" or message == nil then return "failure", "malformed-request" end |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
115 return self.mech_i(self, message); |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
116 end |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
117 |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
118 --========================= |
2181 | 119 --SASL PLAIN according to RFC 4616 |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
120 local function sasl_mechanism_plain(self, message) |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
121 local response = message |
2180
8de2f7f5b870
Allow ampersands in passwords for SASL PLAIN mechanism.
Tobias Markmann <tm@ayena.de>
parents:
2179
diff
changeset
|
122 local authorization = s_match(response, "([^%z]+)") |
8de2f7f5b870
Allow ampersands in passwords for SASL PLAIN mechanism.
Tobias Markmann <tm@ayena.de>
parents:
2179
diff
changeset
|
123 local authentication = s_match(response, "%z([^%z]+)%z") |
8de2f7f5b870
Allow ampersands in passwords for SASL PLAIN mechanism.
Tobias Markmann <tm@ayena.de>
parents:
2179
diff
changeset
|
124 local password = s_match(response, "%z[^%z]+%z([^%z]+)") |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
125 |
2179
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
126 if authentication == nil or password == nil then |
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
127 return "failure", "malformed-request"; |
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
128 end |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
129 |
2179
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
130 local correct, state = false, false; |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
131 if self.profile.plain then |
2179
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
132 local correct_password; |
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
133 correct_password, state = self.profile.plain(authentication, self.realm); |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
134 if correct_password == password then correct = true; else correct = false; end |
2179
c985536d5452
Making mod_saslauth use the new SASL API.
Tobias Markmann <tm@ayena.de>
parents:
2178
diff
changeset
|
135 elseif self.profile.plain_test then |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
136 correct, state = self.profile.plain_test(authentication, self.realm, password); |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
137 end |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
138 |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
139 self.username = authentication |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
140 if not state then |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
141 return "failure", "account-disabled"; |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
142 end |
2178
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
143 |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
144 if correct then |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
145 return "success"; |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
146 else |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
147 return "failure", "not-authorized"; |
28d841403a21
Adjust SASL PLAIN mechanism to the new API.
Tobias Markmann <tm@ayena.de>
parents:
2177
diff
changeset
|
148 end |
2176
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
149 end |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
150 registerMechanism("PLAIN", {"plain", "plain_test"}, sasl_mechanism_plain); |
aaf2b2df61f7
Mostly making the code run; includes fixing typos and so on.
Tobias Markmann <tm@ayena.de>
parents:
2175
diff
changeset
|
151 |
2181 | 152 --========================= |
2182
27c7d287345e
Importing SASL Digest-MD5 code.
Tobias Markmann <tm@ayena.de>
parents:
2181
diff
changeset
|
153 --SASL DIGEST-MD5 according to RFC 2831 |
2183
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
154 local function new_digest_md5(realm, credentials_handler) |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
155 --TODO complete support for authzid |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
156 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
157 local function serialize(message) |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
158 local data = "" |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
159 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
160 if type(message) ~= "table" then error("serialize needs an argument of type table.") end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
161 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
162 -- testing all possible values |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
163 if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
164 if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
165 if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
166 if message["charset"] then data = data..[[charset=]]..message.charset.."," end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
167 if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
168 if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
169 data = data:gsub(",$", "") |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
170 return data |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
171 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
172 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
173 local function utf8tolatin1ifpossible(passwd) |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
174 local i = 1; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
175 while i <= #passwd do |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
176 local passwd_i = to_byte(passwd:sub(i, i)); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
177 if passwd_i > 0x7F then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
178 if passwd_i < 0xC0 or passwd_i > 0xC3 then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
179 return passwd; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
180 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
181 i = i + 1; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
182 passwd_i = to_byte(passwd:sub(i, i)); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
183 if passwd_i < 0x80 or passwd_i > 0xBF then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
184 return passwd; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
185 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
186 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
187 i = i + 1; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
188 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
189 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
190 local p = {}; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
191 local j = 0; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
192 i = 1; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
193 while (i <= #passwd) do |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
194 local passwd_i = to_byte(passwd:sub(i, i)); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
195 if passwd_i > 0x7F then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
196 i = i + 1; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
197 local passwd_i_1 = to_byte(passwd:sub(i, i)); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
198 t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
199 else |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
200 t_insert(p, to_char(passwd_i)); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
201 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
202 i = i + 1; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
203 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
204 return t_concat(p); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
205 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
206 local function latin1toutf8(str) |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
207 local p = {}; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
208 for ch in gmatch(str, ".") do |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
209 ch = to_byte(ch); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
210 if (ch < 0x80) then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
211 t_insert(p, to_char(ch)); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
212 elseif (ch < 0xC0) then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
213 t_insert(p, to_char(0xC2, ch)); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
214 else |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
215 t_insert(p, to_char(0xC3, ch - 64)); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
216 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
217 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
218 return t_concat(p); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
219 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
220 local function parse(data) |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
221 local message = {} |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
222 for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
223 message[k] = v; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
224 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
225 return message; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
226 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
227 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
228 local object = { mechanism = "DIGEST-MD5", realm = realm, credentials_handler = credentials_handler}; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
229 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
230 object.nonce = generate_uuid(); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
231 object.step = 0; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
232 object.nonce_count = {}; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
233 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
234 function object.feed(self, message) |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
235 self.step = self.step + 1; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
236 if (self.step == 1) then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
237 local challenge = serialize({ nonce = object.nonce, |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
238 qop = "auth", |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
239 charset = "utf-8", |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
240 algorithm = "md5-sess", |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
241 realm = self.realm}); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
242 return "challenge", challenge; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
243 elseif (self.step == 2) then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
244 local response = parse(message); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
245 -- check for replay attack |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
246 if response["nc"] then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
247 if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
248 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
249 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
250 -- check for username, it's REQUIRED by RFC 2831 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
251 if not response["username"] then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
252 return "failure", "malformed-request"; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
253 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
254 self["username"] = response["username"]; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
255 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
256 -- check for nonce, ... |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
257 if not response["nonce"] then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
258 return "failure", "malformed-request"; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
259 else |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
260 -- check if it's the right nonce |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
261 if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
262 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
263 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
264 if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
265 if not response["qop"] then response["qop"] = "auth" end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
266 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
267 if response["realm"] == nil or response["realm"] == "" then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
268 response["realm"] = ""; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
269 elseif response["realm"] ~= self.realm then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
270 return "failure", "not-authorized", "Incorrect realm value"; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
271 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
272 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
273 local decoder; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
274 if response["charset"] == nil then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
275 decoder = utf8tolatin1ifpossible; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
276 elseif response["charset"] ~= "utf-8" then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
277 return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8."; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
278 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
279 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
280 local domain = ""; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
281 local protocol = ""; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
282 if response["digest-uri"] then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
283 protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$"); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
284 if protocol == nil or domain == nil then return "failure", "malformed-request" end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
285 else |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
286 return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
287 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
288 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
289 --TODO maybe realm support |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
290 self.username = response["username"]; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
291 local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
292 if Y == nil then return "failure", "not-authorized" |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
293 elseif Y == false then return "failure", "account-disabled" end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
294 local A1 = ""; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
295 if response.authzid then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
296 if response.authzid == self.username.."@"..self.realm then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
297 -- COMPAT |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
298 log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920."); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
299 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
300 else |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
301 A1 = "?"; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
302 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
303 else |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
304 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
305 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
306 local A2 = "AUTHENTICATE:"..protocol.."/"..domain; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
307 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
308 local HA1 = md5(A1, true); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
309 local HA2 = md5(A2, true); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
310 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
311 local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
312 local response_value = md5(KD, true); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
313 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
314 if response_value == response["response"] then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
315 -- calculate rspauth |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
316 A2 = ":"..protocol.."/"..domain; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
317 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
318 HA1 = md5(A1, true); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
319 HA2 = md5(A2, true); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
320 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
321 KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
322 local rspauth = md5(KD, true); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
323 self.authenticated = true; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
324 return "challenge", serialize({rspauth = rspauth}); |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
325 else |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
326 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated." |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
327 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
328 elseif self.step == 3 then |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
329 if self.authenticated ~= nil then return "success" |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
330 else return "failure", "malformed-request" end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
331 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
332 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
333 return object; |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
334 end |
44e71e65da86
Importing SASL Digest-MD5 code. Now for real.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
335 |
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
508
diff
changeset
|
336 return _M; |