prosody
6279caf921f1
util/sasl/scram.lua
Software / code / prosody
Comparison
util/sasl/scram.lua @ 5301:6279caf921f1
util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Tue, 22 Jan 2013 08:21:05 +0500 |
| parent | 4368:916834f22d1b |
| child | 5537:15464633d8fb |
comparison
equal
deleted
inserted
replaced
| 5300:fcb1be0b4a5c | 5301:6279caf921f1 |
|---|---|
| 17 local base64 = require "util.encodings".base64; | 17 local base64 = require "util.encodings".base64; |
| 18 local hmac_sha1 = require "util.hmac".sha1; | 18 local hmac_sha1 = require "util.hmac".sha1; |
| 19 local sha1 = require "util.hashes".sha1; | 19 local sha1 = require "util.hashes".sha1; |
| 20 local generate_uuid = require "util.uuid".generate; | 20 local generate_uuid = require "util.uuid".generate; |
| 21 local saslprep = require "util.encodings".stringprep.saslprep; | 21 local saslprep = require "util.encodings".stringprep.saslprep; |
| 22 local nodeprep = require "util.encodings".stringprep.nodeprep; | |
| 22 local log = require "util.logger".init("sasl"); | 23 local log = require "util.logger".init("sasl"); |
| 23 local t_concat = table.concat; | 24 local t_concat = table.concat; |
| 24 local char = string.char; | 25 local char = string.char; |
| 25 local byte = string.byte; | 26 local byte = string.byte; |
| 26 | 27 |
| 74 Ust = Und | 75 Ust = Und |
| 75 end | 76 end |
| 76 return res | 77 return res |
| 77 end | 78 end |
| 78 | 79 |
| 79 local function validate_username(username) | 80 local function validate_username(username, _nodeprep) |
| 80 -- check for forbidden char sequences | 81 -- check for forbidden char sequences |
| 81 for eq in username:gmatch("=(.?.?)") do | 82 for eq in username:gmatch("=(.?.?)") do |
| 82 if eq ~= "2C" and eq ~= "3D" then | 83 if eq ~= "2C" and eq ~= "3D" then |
| 83 return false | 84 return false |
| 84 end | 85 end |
| 88 username = username:gsub("=2C", ","); | 89 username = username:gsub("=2C", ","); |
| 89 username = username:gsub("=3D", "="); | 90 username = username:gsub("=3D", "="); |
| 90 | 91 |
| 91 -- apply SASLprep | 92 -- apply SASLprep |
| 92 username = saslprep(username); | 93 username = saslprep(username); |
| 94 | |
| 95 if username and _nodeprep ~= false then | |
| 96 username = (_nodeprep or nodeprep)(username); | |
| 97 end | |
| 98 | |
| 93 return username and #username>0 and username; | 99 return username and #username>0 and username; |
| 94 end | 100 end |
| 95 | 101 |
| 96 local function hashprep(hashname) | 102 local function hashprep(hashname) |
| 97 return hashname:lower():gsub("-", "_"); | 103 return hashname:lower():gsub("-", "_"); |
| 131 | 137 |
| 132 if not self.state.name or not self.state.clientnonce then | 138 if not self.state.name or not self.state.clientnonce then |
| 133 return "failure", "malformed-request", "Channel binding isn't support at this time."; | 139 return "failure", "malformed-request", "Channel binding isn't support at this time."; |
| 134 end | 140 end |
| 135 | 141 |
| 136 self.state.name = validate_username(self.state.name); | 142 self.state.name = validate_username(self.state.name, self.profile.nodeprep); |
| 137 if not self.state.name then | 143 if not self.state.name then |
| 138 log("debug", "Username violates either SASLprep or contains forbidden character sequences.") | 144 log("debug", "Username violates either SASLprep or contains forbidden character sequences.") |
| 139 return "failure", "malformed-request", "Invalid username."; | 145 return "failure", "malformed-request", "Invalid username."; |
| 140 end | 146 end |
| 141 | 147 |
