prosody
e9147a16059d
plugins/mod_auth_internal_hashed.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_auth_internal_hashed.lua @ 6019:e9147a16059d

mod_auth_interal_hashed: Update salt and iteration count when setting a new password
author Florian Zeitz <florob@babelmonkeys.de>
date Wed, 12 Feb 2014 13:45:16 +0100
parent 5784:02217725454b
child 6707:06cdd4afaaf9
comparison
equal deleted inserted replaced
6017:ac0879a8190a 6019:e9147a16059d
4 -- Copyright (C) 2010 Jeff Mitchell 4 -- Copyright (C) 2010 Jeff Mitchell
5 -- 5 --
6 -- This project is MIT/X11 licensed. Please see the 6 -- This project is MIT/X11 licensed. Please see the
7 -- COPYING file in the source package for more information. 7 -- COPYING file in the source package for more information.
8 -- 8 --
9
10 local max = math.max;
9 11
10 local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1; 12 local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
11 local usermanager = require "core.usermanager"; 13 local usermanager = require "core.usermanager";
12 local generate_uuid = require "util.uuid".generate; 14 local generate_uuid = require "util.uuid".generate;
13 local new_sasl = require "util.sasl".new; 15 local new_sasl = require "util.sasl".new;
37 end 39 end
38 end 40 end
39 41
40 42
41 -- Default; can be set per-user 43 -- Default; can be set per-user
42 local iteration_count = 4096; 44 local default_iteration_count = 4096;
43 45
44 -- define auth provider 46 -- define auth provider
45 local provider = {}; 47 local provider = {};
46 48
47 function provider.test_password(username, password) 49 function provider.test_password(username, password)
78 80
79 function provider.set_password(username, password) 81 function provider.set_password(username, password)
80 log("debug", "set_password for username '%s'", username); 82 log("debug", "set_password for username '%s'", username);
81 local account = accounts:get(username); 83 local account = accounts:get(username);
82 if account then 84 if account then
83 account.salt = account.salt or generate_uuid(); 85 account.salt = generate_uuid();
84 account.iteration_count = account.iteration_count or iteration_count; 86 account.iteration_count = max(account.iteration_count or 0, default_iteration_count);
85 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); 87 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
86 local stored_key_hex = to_hex(stored_key); 88 local stored_key_hex = to_hex(stored_key);
87 local server_key_hex = to_hex(server_key); 89 local server_key_hex = to_hex(server_key);
88 90
89 account.stored_key = stored_key_hex 91 account.stored_key = stored_key_hex
111 function provider.create_user(username, password) 113 function provider.create_user(username, password)
112 if password == nil then 114 if password == nil then
113 return accounts:set(username, {}); 115 return accounts:set(username, {});
114 end 116 end
115 local salt = generate_uuid(); 117 local salt = generate_uuid();
116 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count); 118 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count);
117 local stored_key_hex = to_hex(stored_key); 119 local stored_key_hex = to_hex(stored_key);
118 local server_key_hex = to_hex(server_key); 120 local server_key_hex = to_hex(server_key);
119 return accounts:set(username, {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count}); 121 return accounts:set(username, {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = default_iteration_count});
120 end 122 end
121 123
122 function provider.delete_user(username) 124 function provider.delete_user(username)
123 return accounts:set(username, nil); 125 return accounts:set(username, nil);
124 end 126 end