prosody
4b484e8feafc
util/sasl/scram.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

util/sasl/scram.lua @ 5840:4b484e8feafc

sasl.util.scarm: Rearrage some code so it makes more sense.
author Tobias Markmann <tm@ayena.de>
date Sun, 06 Feb 2011 13:39:32 +0100
parent 5839:a65b56348034
child 5841:1b0c7e7c6be8
comparison
equal deleted inserted replaced
5839:a65b56348034 5840:4b484e8feafc
130 self.state["client_first_message"] = client_first_message; 130 self.state["client_first_message"] = client_first_message;
131 self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"] 131 self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"]
132 = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); 132 = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*");
133 133
134 -- check for invalid gs2_flag_type start 134 -- check for invalid gs2_flag_type start
135 local gs2_flag_type == string.sub(self.state.gs2_cbind_flag, 0, 1) 135 local gs2_flag_type = string.sub(self.state.gs2_cbind_flag, 0, 1)
136 if gs2_flag_type ~= "y" and gs2_flag_type ~= "n" and gs2_flag_type ~= "p" then 136 if gs2_flag_type ~= "y" and gs2_flag_type ~= "n" and gs2_flag_type ~= "p" then
137 return "failure", "malformed-request", "The GS2 header has to start with 'y', 'n', or 'p'." 137 return "failure", "malformed-request", "The GS2 header has to start with 'y', 'n', or 'p'."
138 end 138 end
139 139
140 if support_channel_binding then 140 if support_channel_binding then
204 -- we are processing client_final_message 204 -- we are processing client_final_message
205 local client_final_message = message; 205 local client_final_message = message;
206 log("debug", "client_final_message: %s", client_final_message); 206 log("debug", "client_final_message: %s", client_final_message);
207 self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); 207 self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)");
208 208
209 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
210 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
211 end
212
209 if self.state.gs2_cbind_name then 213 if self.state.gs2_cbind_name then
214 -- we support channelbinding, so check if the value is valid
210 local client_gs2_header = base64.decode(self.state.channelbinding) 215 local client_gs2_header = base64.decode(self.state.channelbinding)
211 local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self); 216 local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self);
212 217
213 if client_gs2_header ~= our_client_gs2_header then 218 if client_gs2_header ~= our_client_gs2_header then
214 return "failure", "malformed-request", "Invalid channel binding value."; 219 return "failure", "malformed-request", "Invalid channel binding value.";
215 end
216 else
217 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
218 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
219 end 220 end
220 end 221 end
221 222
222 if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then 223 if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then
223 return "failure", "malformed-request", "Wrong nonce in client-final-message."; 224 return "failure", "malformed-request", "Wrong nonce in client-final-message.";