prosody
1a84d7d6f667
plugins/mod_auth_internal_hashed.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_auth_internal_hashed.lua @ 3288:1a84d7d6f667

mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
author Matthew Wild <mwild1@gmail.com>
date Tue, 22 Jun 2010 20:52:43 +0100
parent 3287:e425e27c12be
child 3289:180a0b3b018d
comparison
equal deleted inserted replaced
3287:e425e27c12be 3288:1a84d7d6f667
23 local hosts = hosts; 23 local hosts = hosts;
24 24
25 -- TODO: remove these two lines in near future 25 -- TODO: remove these two lines in near future
26 local hmac_sha1 = require "util.hmac".sha1; 26 local hmac_sha1 = require "util.hmac".sha1;
27 local sha1 = require "util.hashes".sha1; 27 local sha1 = require "util.hashes".sha1;
28
29 local to_hex;
30 do
31 local function replace_byte_with_hex(byte)
32 return ("%02x"):format(byte:byte());
33 end
34 function to_hex(binary_string)
35 return binary_string:gsub(".", replace_byte_with_hex);
36 end
37 end
38
39 local from_hex;
40 do
41 local function replace_hex_with_byte(hex)
42 return string.char(tonumber(hex, 16));
43 end
44 function from_hex(hex_string)
45 return hex_string:gsub("..", replace_hex_with_byte);
46 end
47 end
48
28 49
29 local prosody = _G.prosody; 50 local prosody = _G.prosody;
30 51
31 -- Default; can be set per-user 52 -- Default; can be set per-user
32 local iteration_count = 4096; 53 local iteration_count = 4096;
55 end 76 end
56 77
57 -- convert hexpass to stored_key and server_key 78 -- convert hexpass to stored_key and server_key
58 -- TODO: remove this in near future 79 -- TODO: remove this in near future
59 if credentials.hashpass then 80 if credentials.hashpass then
60 local salted_password = credentials.hashpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end); 81 local salted_password = from_hex(credentials.hashpass);
61 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key")):gsub(".", function (c) return ("%02x"):format(c:byte()); end); 82 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key"), true);
62 credentials.server_key = hmac_sha1(salted_password, "Server Key"):gsub(".", function (c) return ("%02x"):format(c:byte()); end); 83 credentials.server_key = to_hex(hmac_sha1(salted_password, "Server Key"));
63 credentials.hashpass = nil 84 credentials.hashpass = nil
64 datamanager.store(username, host, "accounts", credentials); 85 datamanager.store(username, host, "accounts", credentials);
65 end 86 end
66 87
67 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); 88 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
68 89
69 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); 90 local stored_key_hex = to_hex(stored_key);
70 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); 91 local server_key_hex = to_hex(server_key);
71 92
72 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then 93 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then
73 return true; 94 return true;
74 else 95 else
75 return nil, "Auth failed. Invalid username, password, or password hash information."; 96 return nil, "Auth failed. Invalid username, password, or password hash information.";
80 local account = datamanager.load(username, host, "accounts"); 101 local account = datamanager.load(username, host, "accounts");
81 if account then 102 if account then
82 account.salt = account.salt or generate_uuid(); 103 account.salt = account.salt or generate_uuid();
83 account.iteration_count = account.iteration_count or iteration_count; 104 account.iteration_count = account.iteration_count or iteration_count;
84 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); 105 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
85 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); 106 local stored_key_hex = to_hex(stored_key);
86 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); 107 local server_key_hex = to_hex(server_key);
87 108
88 account.stored_key = stored_key_hex 109 account.stored_key = stored_key_hex
89 account.server_key = server_key_hex 110 account.server_key = server_key_hex
90 111
91 account.password = nil; 112 account.password = nil;
108 end 129 end
109 130
110 function provider.create_user(username, password) 131 function provider.create_user(username, password)
111 local salt = generate_uuid(); 132 local salt = generate_uuid();
112 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count); 133 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count);
113 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); 134 local stored_key_hex = to_hex(stored_key);
114 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); 135 local server_key_hex = to_hex(server_key);
115 return datamanager.store(username, host, "accounts", {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count}); 136 return datamanager.store(username, host, "accounts", {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count});
116 end 137 end
117 138
118 function provider.get_sasl_handler() 139 function provider.get_sasl_handler()
119 local realm = module:get_option("sasl_realm") or module.host; 140 local realm = module:get_option("sasl_realm") or module.host;
134 end 155 end
135 156
136 -- convert hexpass to stored_key and server_key 157 -- convert hexpass to stored_key and server_key
137 -- TODO: remove this in near future 158 -- TODO: remove this in near future
138 if credentials.hashpass then 159 if credentials.hashpass then
139 local salted_password = credentials.hashpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end); 160 local salted_password = from_hex(credentials.hashpass);
140 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key")):gsub(".", function (c) return ("%02x"):format(c:byte()); end); 161 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key"), true);
141 credentials.server_key = hmac_sha1(salted_password, "Server Key"):gsub(".", function (c) return ("%02x"):format(c:byte()); end); 162 credentials.server_key = to_hex(hmac_sha1(salted_password, "Server Key"));
142 credentials.hashpass = nil 163 credentials.hashpass = nil
143 datamanager.store(username, host, "accounts", credentials); 164 datamanager.store(username, host, "accounts", credentials);
144 end 165 end
145 166
146 local stored_key, server_key, iteration_count, salt = credentials.stored_key, credentials.server_key, credentials.iteration_count, credentials.salt; 167 local stored_key, server_key, iteration_count, salt = credentials.stored_key, credentials.server_key, credentials.iteration_count, credentials.salt;
147 stored_key = stored_key and stored_key:gsub("..", function(x) return string.char(tonumber(x, 16)); end); 168 stored_key = stored_key and from_hex(stored_key);
148 server_key = server_key and server_key:gsub("..", function(x) return string.char(tonumber(x, 16)); end); 169 server_key = server_key and from_hex(server_key);
149 return stored_key, server_key, iteration_count, salt, true; 170 return stored_key, server_key, iteration_count, salt, true;
150 end 171 end
151 }; 172 };
152 return new_sasl(realm, testpass_authentication_profile); 173 return new_sasl(realm, testpass_authentication_profile);
153 end 174 end