prosody
78c9b5255b27
util/sasl/scram.lua
Software / code / prosody
Comparison
util/sasl/scram.lua @ 2210:78c9b5255b27
Adding some human readable error messages.
| author | Tobias Markmann <tm@ayena.de> |
|---|---|
| date | Thu, 19 Nov 2009 17:17:52 +0100 |
| parent | 2206:5f54100bb426 |
| child | 2255:92e329e1cd99 |
comparison
equal
deleted
inserted
replaced
| 2209:adbedc32d41b | 2210:78c9b5255b27 |
|---|---|
| 93 end | 93 end |
| 94 | 94 |
| 95 self.state.name = validate_username(self.state.name); | 95 self.state.name = validate_username(self.state.name); |
| 96 if not self.state.name then | 96 if not self.state.name then |
| 97 log("debug", "Username violates either SASLprep or contains forbidden character sequences.") | 97 log("debug", "Username violates either SASLprep or contains forbidden character sequences.") |
| 98 return "failure", "malformed-request"; | 98 return "failure", "malformed-request", "Invalid username."; |
| 99 end | 99 end |
| 100 | 100 |
| 101 self.state["servernonce"] = generate_uuid(); | 101 self.state["servernonce"] = generate_uuid(); |
| 102 self.state["salt"] = generate_uuid(); | 102 self.state["salt"] = generate_uuid(); |
| 103 | 103 |
| 111 | 111 |
| 112 self.state["proof"] = client_final_message:match("p=(.+)"); | 112 self.state["proof"] = client_final_message:match("p=(.+)"); |
| 113 self.state["nonce"] = client_final_message:match("r=(.+),p="); | 113 self.state["nonce"] = client_final_message:match("r=(.+),p="); |
| 114 self.state["channelbinding"] = client_final_message:match("c=(.+),r="); | 114 self.state["channelbinding"] = client_final_message:match("c=(.+),r="); |
| 115 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then | 115 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then |
| 116 return "failure", "malformed-request"; | 116 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; |
| 117 end | 117 end |
| 118 | 118 |
| 119 local password; | 119 local password; |
| 120 if self.profile.plain then | 120 if self.profile.plain then |
| 121 password, state = self.profile.plain(self.state.name, self.realm) | 121 password, state = self.profile.plain(self.state.name, self.realm) |
| 122 if state == nil then return "failure", "not-authorized" | 122 if state == nil then return "failure", "not-authorized" |
| 123 elseif state == false then return "failure", "account-disabled" end | 123 elseif state == false then return "failure", "account-disabled" end |
| 124 password = saslprep(password); | 124 password = saslprep(password); |
| 125 if not password then | 125 if not password then |
| 126 log("debug", "Password violates SASLprep."); | 126 log("debug", "Password violates SASLprep."); |
| 127 return "failure", "not-authorized" | 127 return "failure", "not-authorized", "Invalid password." |
| 128 end | 128 end |
| 129 end | 129 end |
| 130 | 130 |
| 131 local SaltedPassword = Hi(hmac_sha1, password, self.state.salt, default_i) | 131 local SaltedPassword = Hi(hmac_sha1, password, self.state.salt, default_i) |
| 132 local ClientKey = hmac_sha1(SaltedPassword, "Client Key") | 132 local ClientKey = hmac_sha1(SaltedPassword, "Client Key") |
