prosody
a2ccfabfda82
util/sasl.lua
Software / code / prosody
Comparison
util/sasl.lua @ 497:a2ccfabfda82
Merge with Tobias
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 30 Nov 2008 00:38:41 +0000 |
| parent | 496:b3251b137d68 |
| child | 504:efc5184effa1 |
| child | 505:1b938e00412c |
comparison
equal
deleted
inserted
replaced
| 494:457d0c750826 | 497:a2ccfabfda82 |
|---|---|
| 10 local math = require "math" | 10 local math = require "math" |
| 11 local type = type | 11 local type = type |
| 12 local error = error | 12 local error = error |
| 13 local print = print | 13 local print = print |
| 14 local idna_ascii = require "util.encodings".idna.to_ascii | 14 local idna_ascii = require "util.encodings".idna.to_ascii |
| 15 local idna_unicode = require "util.encodings".idna.to_unicode | |
| 15 | 16 |
| 16 module "sasl" | 17 module "sasl" |
| 17 | 18 |
| 18 local function new_plain(realm, password_handler) | 19 local function new_plain(realm, password_handler) |
| 19 local object = { mechanism = "PLAIN", realm = realm, password_handler = password_handler} | 20 local object = { mechanism = "PLAIN", realm = realm, password_handler = password_handler} |
| 85 if (self.step == 1) then | 86 if (self.step == 1) then |
| 86 local challenge = serialize({ nonce = object.nonce, | 87 local challenge = serialize({ nonce = object.nonce, |
| 87 qop = "auth", | 88 qop = "auth", |
| 88 charset = "utf-8", | 89 charset = "utf-8", |
| 89 algorithm = "md5-sess", | 90 algorithm = "md5-sess", |
| 90 realm = self.realm}); | 91 realm = idna_ascii(self.realm)}); |
| 91 return "challenge", challenge | 92 return "challenge", challenge |
| 92 elseif (self.step == 2) then | 93 elseif (self.step == 2) then |
| 93 local response = parse(message) | 94 local response = parse(message) |
| 94 -- check for replay attack | 95 -- check for replay attack |
| 95 if response["nc"] then | 96 if response["nc"] then |
| 124 return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." | 125 return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." |
| 125 end | 126 end |
| 126 | 127 |
| 127 --TODO maybe realm support | 128 --TODO maybe realm support |
| 128 self.username = response["username"] | 129 self.username = response["username"] |
| 129 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5") | 130 local password_encoding, Y = self.password_handler(response["username"], idna_unicode(response["realm"]), "DIGEST-MD5") |
| 130 if Y == nil then return "failure", "not-authorized" | 131 if Y == nil then return "failure", "not-authorized" |
| 131 elseif Y == false then return "failure", "account-disabled" end | 132 elseif Y == false then return "failure", "account-disabled" end |
| 132 | 133 |
| 133 local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid | 134 local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid |
| 134 local A2 = "AUTHENTICATE:"..protocol.."/"..idna_ascii(domain) | 135 local A2 = "AUTHENTICATE:"..protocol.."/"..idna_ascii(domain) |
