Software /
code /
prosody
Comparison
plugins/mod_auth_internal_hashed.lua @ 3208:4b660bf61048
mod_auth_internal_hashed: Coverting salted password to stored_key and server_key.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Tue, 08 Jun 2010 15:02:53 +0200 |
parent | 3207:b350d9753804 |
child | 3210:5e51f8a7179b |
comparison
equal
deleted
inserted
replaced
3207:b350d9753804 | 3208:4b660bf61048 |
---|---|
19 local usermanager = require "core.usermanager"; | 19 local usermanager = require "core.usermanager"; |
20 local generate_uuid = require "util.uuid".generate; | 20 local generate_uuid = require "util.uuid".generate; |
21 local new_sasl = require "util.sasl".new; | 21 local new_sasl = require "util.sasl".new; |
22 local nodeprep = require "util.encodings".stringprep.nodeprep; | 22 local nodeprep = require "util.encodings".stringprep.nodeprep; |
23 local hosts = hosts; | 23 local hosts = hosts; |
24 | |
25 -- TODO: remove these two lines in near future | |
26 local hmac_sha1 = require "util.hmac".sha1; | |
27 local sha1 = require "util.hashes".sha1; | |
24 | 28 |
25 local prosody = _G.prosody; | 29 local prosody = _G.prosody; |
26 | 30 |
27 local is_cyrus = usermanager.is_cyrus; | 31 local is_cyrus = usermanager.is_cyrus; |
28 | 32 |
51 | 55 |
52 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then | 56 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then |
53 return nil, "Auth failed. Stored salt and iteration count information is not complete."; | 57 return nil, "Auth failed. Stored salt and iteration count information is not complete."; |
54 end | 58 end |
55 | 59 |
56 if credentials.saltedPasswordSHA1 | 60 local valid, stored_key, server_key |
57 | 61 |
58 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); | 62 if credentials.hexpass then |
63 -- convert hexpass to stored_key and server_key | |
64 -- TODO: remove this in near future | |
65 valid = true; | |
66 local salted_password = credentials.hexpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end); | |
67 | |
68 stored_key = sha1(hmac_sha1(salted_password, "Client Key")) | |
69 server_key = hmac_sha1(salted_password, "Server Key"); | |
70 else | |
71 valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); | |
72 end | |
73 | |
59 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 74 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
60 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 75 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
61 | 76 |
62 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key_hex then | 77 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key_hex then |
63 return true; | 78 return true; |