prosody
57192cf193c7
util/sasl/scram.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

util/sasl/scram.lua @ 8095:57192cf193c7

util.sasl.plain,scram: Record username in sasl state earlier
author Kim Alvefur <zash@zash.se>
date Wed, 19 Apr 2017 06:47:02 +0200
parent 7218:6226307f6ac4
child 8382:e5d00bf4a4d5
comparison
equal deleted inserted replaced
8094:dcda2ae4569d 8095:57192cf193c7
144 username = validate_username(username, self.profile.nodeprep); 144 username = validate_username(username, self.profile.nodeprep);
145 if not username then 145 if not username then
146 log("debug", "Username violates either SASLprep or contains forbidden character sequences.") 146 log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
147 return "failure", "malformed-request", "Invalid username."; 147 return "failure", "malformed-request", "Invalid username.";
148 end 148 end
149 self.username = username;
149 150
150 -- retreive credentials 151 -- retreive credentials
151 local stored_key, server_key, salt, iteration_count; 152 local stored_key, server_key, salt, iteration_count;
152 if self.profile.plain then 153 if self.profile.plain then
153 local password, status = self.profile.plain(self, username, self.realm) 154 local password, status = self.profile.plain(self, username, self.realm)
223 local ClientKey = binaryXOR(ClientSignature, base64.decode(proof)) 224 local ClientKey = binaryXOR(ClientSignature, base64.decode(proof))
224 local ServerSignature = HMAC_f(ServerKey, AuthMessage) 225 local ServerSignature = HMAC_f(ServerKey, AuthMessage)
225 226
226 if StoredKey == H_f(ClientKey) then 227 if StoredKey == H_f(ClientKey) then
227 local server_final_message = "v="..base64.encode(ServerSignature); 228 local server_final_message = "v="..base64.encode(ServerSignature);
228 self["username"] = state.username;
229 return "success", server_final_message; 229 return "success", server_final_message;
230 else 230 else
231 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated."; 231 return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated.";
232 end 232 end
233 end 233 end