Comparison

util/sasl.lua @ 602:a977227aa9e6

Return error when the given realm value does not match the sent realm value. Prevents impersonation of an account on one virtual host, but a user with the same username on another host.
author Waqas Hussain <waqas20@gmail.com>
date Mon, 08 Dec 2008 03:23:37 +0500
parent 599:30655c5cc531
child 603:423fd24fff54
comparison
equal deleted inserted replaced
601:6cb908ef01c8 602:a977227aa9e6
174 end 174 end
175 175
176 if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end 176 if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end
177 if not response["qop"] then response["qop"] = "auth" end 177 if not response["qop"] then response["qop"] = "auth" end
178 178
179 if response["realm"] == nil then response["realm"] = "" end 179 if response["realm"] == nil then
180 response["realm"] = ""
181 elseif response["realm"] ~= self.realm then
182 return "failure", "not-authorized", "Incorrect realm value";
183 end
180 local decoder; 184 local decoder;
181 185
182 if response["charset"] == nil then 186 if response["charset"] == nil then
183 decoder = utf8tolatin1ifpossible; 187 decoder = utf8tolatin1ifpossible;
184 elseif response["charset"] ~= "utf-8" then 188 elseif response["charset"] ~= "utf-8" then