prosody
c98aebe601f9
plugins/mod_auth_internal_plain.lua
Software / code / prosody
Comparison
plugins/mod_auth_internal_plain.lua @ 11544:c98aebe601f9 0.11
mod_auth_internal_{plain,hashed}: Use constant-time string comparison for secrets
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 10 May 2021 16:50:24 +0100 |
| parent | 10914:0d7d71dee0a0 |
| child | 12646:3f38f4735c7a |
comparison
equal
deleted
inserted
replaced
| 11543:63fd4c8465fb | 11544:c98aebe601f9 |
|---|---|
| 7 -- | 7 -- |
| 8 | 8 |
| 9 local usermanager = require "core.usermanager"; | 9 local usermanager = require "core.usermanager"; |
| 10 local new_sasl = require "util.sasl".new; | 10 local new_sasl = require "util.sasl".new; |
| 11 local saslprep = require "util.encodings".stringprep.saslprep; | 11 local saslprep = require "util.encodings".stringprep.saslprep; |
| 12 local secure_equals = require "util.hashes".equals; | |
| 12 | 13 |
| 13 local log = module._log; | 14 local log = module._log; |
| 14 local host = module.host; | 15 local host = module.host; |
| 15 | 16 |
| 16 local accounts = module:open_store("accounts"); | 17 local accounts = module:open_store("accounts"); |
| 24 password = saslprep(password); | 25 password = saslprep(password); |
| 25 if not password then | 26 if not password then |
| 26 return nil, "Password fails SASLprep."; | 27 return nil, "Password fails SASLprep."; |
| 27 end | 28 end |
| 28 | 29 |
| 29 if password == saslprep(credentials.password) then | 30 if secure_equals(password, saslprep(credentials.password)) then |
| 30 return true; | 31 return true; |
| 31 else | 32 else |
| 32 return nil, "Auth failed. Invalid username or password."; | 33 return nil, "Auth failed. Invalid username or password."; |
| 33 end | 34 end |
| 34 end | 35 end |
