Comparison

plugins/mod_auth_internal_hashed.lua @ 3208:4b660bf61048

mod_auth_internal_hashed: Coverting salted password to stored_key and server_key.
author Tobias Markmann <tm@ayena.de>
date Tue, 08 Jun 2010 15:02:53 +0200
parent 3207:b350d9753804
child 3210:5e51f8a7179b
comparison
equal deleted inserted replaced
3207:b350d9753804 3208:4b660bf61048
19 local usermanager = require "core.usermanager"; 19 local usermanager = require "core.usermanager";
20 local generate_uuid = require "util.uuid".generate; 20 local generate_uuid = require "util.uuid".generate;
21 local new_sasl = require "util.sasl".new; 21 local new_sasl = require "util.sasl".new;
22 local nodeprep = require "util.encodings".stringprep.nodeprep; 22 local nodeprep = require "util.encodings".stringprep.nodeprep;
23 local hosts = hosts; 23 local hosts = hosts;
24
25 -- TODO: remove these two lines in near future
26 local hmac_sha1 = require "util.hmac".sha1;
27 local sha1 = require "util.hashes".sha1;
24 28
25 local prosody = _G.prosody; 29 local prosody = _G.prosody;
26 30
27 local is_cyrus = usermanager.is_cyrus; 31 local is_cyrus = usermanager.is_cyrus;
28 32
51 55
52 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then 56 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then
53 return nil, "Auth failed. Stored salt and iteration count information is not complete."; 57 return nil, "Auth failed. Stored salt and iteration count information is not complete.";
54 end 58 end
55 59
56 if credentials.saltedPasswordSHA1 60 local valid, stored_key, server_key
57 61
58 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); 62 if credentials.hexpass then
63 -- convert hexpass to stored_key and server_key
64 -- TODO: remove this in near future
65 valid = true;
66 local salted_password = credentials.hexpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
67
68 stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
69 server_key = hmac_sha1(salted_password, "Server Key");
70 else
71 valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
72 end
73
59 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); 74 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
60 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); 75 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
61 76
62 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key_hex then 77 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key_hex then
63 return true; 78 return true;