Software /
code /
prosody
Comparison
util/sasl.lua @ 1159:f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Fri, 15 May 2009 17:24:52 +0200 |
parent | 1158:7d1e4fc1ee6d |
child | 1160:7e48324f946e |
comparison
equal
deleted
inserted
replaced
1158:7d1e4fc1ee6d | 1159:f81c8cec0e71 |
---|---|
201 --TODO maybe realm support | 201 --TODO maybe realm support |
202 self.username = response["username"] | 202 self.username = response["username"] |
203 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder) | 203 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder) |
204 if Y == nil then return "failure", "not-authorized" | 204 if Y == nil then return "failure", "not-authorized" |
205 elseif Y == false then return "failure", "account-disabled" end | 205 elseif Y == false then return "failure", "account-disabled" end |
206 | 206 local A1 = ""; |
207 local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid | 207 if response.authzid then |
208 if response.authzid == self.username.."@"..self.realm then | |
209 log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920"); | |
210 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; | |
211 else | |
212 A1 = "?"; | |
213 end | |
214 else | |
215 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; | |
216 end | |
208 local A2 = "AUTHENTICATE:"..protocol.."/"..domain; | 217 local A2 = "AUTHENTICATE:"..protocol.."/"..domain; |
209 | 218 |
210 local HA1 = md5(A1, true) | 219 local HA1 = md5(A1, true) |
211 local HA2 = md5(A2, true) | 220 local HA2 = md5(A2, true) |
212 | 221 |